If you’re an IT auditor, how do you describe your job to those who don’t understand technology or auditing? Even more interesting, how do others describe your activities?
Here’s what I say, but I’m not satisfied with it:
I review computer systems and networks to determine whether they are secure and that access to those systems is limited to the appropriate people.
I review the policies and procedures that describe how those systems are used and determine whether those documents make sense, are up-t0-date, and are followed.