Critical Thinking? How about just Thinking?

It seems to me that auditing as a profession is not full of critical thinkers, much less thinkers.

If you read my last post about auditor judgment, I’m struggling with some of the junior auditors that I’m working with.

But I’m also struggling with quite a few of the senior auditors that I work with, those that are my peers (which means they peer at what I’m doing and how I’m doing it and then continue on their merry paths).

I came to this opinion based on most of the auditors I’ve met through the years across many companies, small and big, and across sectors, including public service. And also by the many articles calling for the profession to do more critical thinking, and yes, it is needed. 

But let’s start with plain old thinking (walk before run).

Continue reading →

Advertisement

Library: Never the Twain Shall Meet

During a recent visit to a library near you, I was trying to find a book via the online card catalog.

[I remember when card catalogs were on actual cards, in drawers, like the one pictured. Yikes!]

I was trying to find a book by someone who runs an analytics blog that I frequent, but I couldn’t remember the guy’s last name.

Continue reading →

If Called, Don’t Answer

No, I’m not suggesting that you don’t answer your phone. Just be careful what you do or say when you are called or contacted.

What am I talking about? A principle I refer to as the CONTACT principle, which will keep your private information private:

Continue reading →

Why People Don't "Do" Security

Lenny Zeltser, of the SANS Internet Storm Center, posted his Three Laws of Behavior Dynamics for Information Security. These laws describe why people follow or don’t follow new security initiatives. Basically, it describes how people react to change overall, but Zeltser focuses on security change specifically.

Continue reading →