Tag Archives: iia

IIA Analytics Article Dead Wrong

analytics dead wrong iia tombstoneA recent IIA article on building an analytics function in internal audit is dead wrong.

At least on one major point, anyway. And it’s a big one.

As the tombstone reads, this point is D.O.A (dead on arrival, or more specifically, dead on analytics).

The article, Building a data analytics program, requires IIA membership to view, and is located at https://iaonline.theiia.org/2017/Pages/Building-a-Data-Analytics-Program.aspx (that’s actually good, as it means a lot fewer people will ever read it).

Continue reading

4 Comments

Filed under Audit, Data Analytics, Written by Skyyler

New IT Auditor (and WannaBEs) Master List

Here’s a list of all my posts to-date related to becoming or growing as an IT Auditor, all in one place for easy reference.
I’ll add other posts as they are written.

Continue reading

11 Comments

Filed under Audit, Employment, How to..., Security, Technology

Auditors, Do Data Analytics or Die

If you’re an auditor, you need data analytic skills or you will die.

Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.

Pretty bold statement, isn’t it?

Continue reading

10 Comments

Filed under Audit, Data Analytics, Employment, Free, Technology, Written by Skyyler

Hiring Auditors Who Can Think

Nthinkorman Marks, of the Institute of Internal Auditors, likes to hire auditors who can think.

You should too.

How does he do it?

Continue reading

5 Comments

Filed under Audit, Employment, How to...

How to be an Irritating Auditor

If you need to read about how to be an irritating auditor, you obviously haven’t been auditing very long. According to most auditees, that quality comes with the territory, right? I hope not!

Continue reading

2 Comments

Filed under Audit, How to..., Humor/Irony

CISA vs. CIA Certification

cisa study guide, tipsIf you’re an IT auditor (or want to be one) and don’t have any audit certifications, which certification should you get, the CISA or the CIA? If you want to get both, which one do you get first?

Full disclosure: I have the CISA, but not the CIA. Back when the CIA was 4 exams, I studied for all the CIA exams except the financial exam, but ended up not taking any of the exams. I also have the CISSP.

Continue reading

172 Comments

Filed under Audit, Certification, Security, Technology

Audit and IT Audit for Dummies

Here’s some links for Audit and IT Audit for dummies, one from the IIA, the other from ISACA. Most of them do not require being a member or logging in.

While these articles are not extensive, they will point new auditors in the right direction, and provide a refresher for the rest of us. Continue reading

36 Comments

Filed under Audit, How to...

May –> Audit Awareness Month

May is Audit Awareness Month, so if you want to host an event to promote audit at your organization, you’re short on time.

I wrote about this last year, and all the links on that post are still good, so see May = Audit Awareness Month for ideas.

Hey, I’m recycling last year’s post, so this must be a GREEN blog!

Leave a comment

Filed under Audit, Humor/Irony

IIA and ISACA Synergies

Back in September, two audit groups shook hands…

IIA and ISACA signed a formal memorandum of understanding (MOU), which means they’ll scratch each others’ back. The IIA’s president, Richard Chambers, explains what it means for the future in his blog.

Notice that both CEOS are listed at the bottom of the memo and that one of them is void of certifications…

2 Comments

Filed under Audit, Humor/Irony

IIA Basics for Auditors

The  Institute of Internal Auditors (IIA) has back-to-basics articles for new auditors (and like Dummies books, the topics can be a reference for the rest of us). Even security pros might want to read a few of these to better understand their auditors, or how those auditors should be doing their jobs.

The topics are as follows (no special order):

Continue reading

4 Comments

Filed under Audit, How to...

May = Audit Awareness Month

Did you know that it’s Internal Auditing Awareness Month? More importantly, do you care?

If so, check out this IIA website for ideas, tools, and resources for promoting an internal audit group near you.

Continue reading

Leave a comment

Filed under Audit

Tribute to Willy Wonka

Who thinks the IIA is stuffy? No one, if Mike Jacka has anything to say about it…

A song to be sung to auditees…

Continue reading

Leave a comment

Filed under Audit, Humor/Irony

Standard (Snake) Oil

I’m getting discouraged. I’m starting to wonder how many audit departments follow auditing standards, say, from IIA or ISACA. After some of the IT audits and IT SOX audits I’ve seen in the past year, who knows.

Some companies take their control owner words as gold and don’t verify them.

“They wouldn’t give you the information if it wasn’t true! Audit the evidence you’re given and quit questioning everything!” said one audit director. Excuse me, but doesn’t ISACA requires auditors to maintain their professional skepticism. Perhaps ISACA means be skeptical of audit directors?

Continue reading

Leave a comment

Filed under Audit

90’s High 5 for Auditors

Richard Chambers, the president and CEO of the IIA, noted 5 defining events and their impact on internal auditing in the 90’s decade.

  1. Adoption of the Professional Practices Framework (2002)
  2. Financial Fraud and the Ensuing Corporate Failures (2002)
  3. Cynthia Cooper Named a Time Magazine “Person of the Year” (2002) – whistleblower at WorldCom (I had to look it up myself)
  4. Release of The PCAOB’s Auditing Standard Number 2 (2004) – which was then superseded by AS 5
  5. Global Economic Crisis (2008-2009)

Catch all his comments here. I think #2 is going to keep occurring with surprising regularity.

Leave a comment

Filed under Audit