Tag Archives: fail

Audit Automation is NOT all Automation

audit automation ACLSome Chief Audit Executives (CAEs) and audit managers tend to think that audit automation is a set-it-and-forget-it process. NOT.

In this post, I want to expand on a problem I mentioned in an earlier post , 10 Signs Mgmt Doesn’t Really Support Analytics.

Audit management too often thinks that once a process or an audit is automated, ALL auditor/staff hours previously spent performing that process can be reassigned elsewhere.

That is not the case at all.

Continue reading

Advertisements

2 Comments

Filed under ACL, Audit, Data Analytics, Scripting (ACL), Security, Technology, Written by Skyyler

How to Review Your ACL Log

Review ACL logWhether you script your projects or use menu commands, you need to review your ACL log carefully.

Good analysts review their results and the log as they work in ACL, after they think they are done, and have others review their log before the ACL project is relied upon.

(You can’t imagine the dumb mistakes my team and I found that saved us a lot of embarrassment later.)

Continue reading

2 Comments

Filed under ACL, Data Analytics, How to..., Scripting (ACL), Written by Skyyler

Poor Testing Leads to Complicated Coffee

coffee makerPoor testing and a seemingly simple process conspired against me when I tried to make 36 delicious cups of coffee.

Since I make coffee every morning in my own unit at home, and the instructions were posted next to the coffee maker, I was confident.

But I had never made that many cups of coffee or used a commercial coffee maker. And this machine had a thermos-like carafe that held the coffee and kept it hot.

The instructions said the first step was to turn the coffee maker on. It went down the drain from there.

Continue reading

Leave a comment

Filed under Audit

Pathethic Password Help Pages

I found some really pathetic password help pages on a company’s intranet while I was there visiting.

This is a large company that most people would recognize, and it is subject to plenty of government regulations. Overall, I’ve heard the security is pretty tight, but since I’ve never worked there, I can’t speak from experience. Except, that is, the experience I mentioned in an earlier post, Randomly Generate Weak Passwords. Perhaps all their security is what Bruce Schneier likes to call “security theater.”

Continue reading

2 Comments

Filed under Audit, Humor/Irony, Security, Security Scout

Shipley on Security Spend

Greg Shipley, founder of Neohapsis, wrote an article in Information Week magazine, this time about how ineffective most of the money spent on security defenses is against the attacks we’re facing.  It’s not a short article, but as I’ve said before, Shipley is always worth reading. Here’s what I found most interesting in the article:

  • “Deficiencies, even in our security technologies, are an unfortunate fact of life,” says Shipley.

Continue reading

Leave a comment

Filed under Security

Quote of the Weak (Pass the control)

A colleague of mine is doing some testing for an audit director that changes her mind frequently on how to deal with audit findings. Occasionally, she is all about nailing control owners who do not have all their ducks groomed and in a row. At other times, she pushes Audit to work as hard as possible to pass all controls.

Continue reading

Leave a comment

Filed under Audit, Humor/Irony, Quote of the Weak