A recent IIA article on building an analytics function in internal audit is dead wrong.
At least on one major point, anyway. And it’s a big one.
As the tombstone reads, this point is D.O.A (dead on arrival, or more specifically, dead on analytics).
The article, Building a data analytics program, requires IIA membership to view, and is located at https://iaonline.theiia.org/2017/Pages/Building-a-Data-Analytics-Program.aspx (that’s actually good, as it means a lot fewer people will ever read it).
Here’s a list of all my posts to-date related to becoming or growing as an IT Auditor, all in one place for easy reference.
I’ll add other posts as they are written.
If you’re an auditor, you need data analytic skills or you will die.
Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.
Pretty bold statement, isn’t it?
Norman Marks, of the Institute of Internal Auditors, likes to hire auditors who can think.
You should too.
How does he do it?
If you need to read about how to be an irritating auditor, you obviously haven’t been auditing very long. According to most auditees, that quality comes with the territory, right? I hope not!
If you’re an IT auditor (or want to be one) and don’t have any audit certifications, which certification should you get, the CISA or the CIA? If you want to get both, which one do you get first?
Full disclosure: I have the CISA, but not the CIA. Back when the CIA was 4 exams, I studied for all the CIA exams except the financial exam, but ended up not taking any of the exams. I also have the CISSP.
May is Audit Awareness Month, so if you want to host an event to promote audit at your organization, you’re short on time.
I wrote about this last year, and all the links on that post are still good, so see May = Audit Awareness Month for ideas.
Hey, I’m recycling last year’s post, so this must be a GREEN blog!
Back in September, two audit groups shook hands…
IIA and ISACA signed a formal memorandum of understanding (MOU), which means they’ll scratch each others’ back. The IIA’s president, Richard Chambers, explains what it means for the future in his blog.
Notice that both CEOS are listed at the bottom of the memo and that one of them is void of certifications…
The Institute of Internal Auditors (IIA) has back-to-basics articles for new auditors (and like Dummies books, the topics can be a reference for the rest of us). Even security pros might want to read a few of these to better understand their auditors, or how those auditors should be doing their jobs.
The topics are as follows (no special order):
Filed under Audit, How to...
Did you know that it’s Internal Auditing Awareness Month? More importantly, do you care?
If so, check out this IIA website for ideas, tools, and resources for promoting an internal audit group near you.
Who thinks the IIA is stuffy? No one, if Mike Jacka has anything to say about it…
A song to be sung to auditees…
I’m getting discouraged. I’m starting to wonder how many audit departments follow auditing standards, say, from IIA or ISACA. After some of the IT audits and IT SOX audits I’ve seen in the past year, who knows.
Some companies take their control owner words as gold and don’t verify them.
“They wouldn’t give you the information if it wasn’t true! Audit the evidence you’re given and quit questioning everything!” said one audit director. Excuse me, but doesn’t ISACA requires auditors to maintain their professional skepticism. Perhaps ISACA means be skeptical of audit directors?
Richard Chambers, the president and CEO of the IIA, noted 5 defining events and their impact on internal auditing in the 90’s decade.
- Adoption of the Professional Practices Framework (2002)
- Financial Fraud and the Ensuing Corporate Failures (2002)
- Cynthia Cooper Named a Time Magazine “Person of the Year” (2002) – whistleblower at WorldCom (I had to look it up myself)
- Release of The PCAOB’s Auditing Standard Number 2 (2004) – which was then superseded by AS 5
- Global Economic Crisis (2008-2009)
Catch all his comments here. I think #2 is going to keep occurring with surprising regularity.