Tag Archives: issue

No Metrics, Little Analytics

analytic metrics, numbersIf your department doesn’t track metrics on your analytics, you are probably not doing analytics or you are making little progress in analytics.

In either case, its obvious that analytics isn’t very important to your management.

Which is one of the points I made in my post, 10 Signs Mgmt Doesn’t Really Support Analytics.

So far, I have encountered very few audit departments that track meaningful metrics about their analytics.

Counting the number of projects that include analytics isn’t enough.

Continue reading

Advertisements

1 Comment

Filed under Audit, Data Analytics, How to..., Written by Skyyler

Evaluating Risk in the Dark

risk in the dark2When you evaluate the risk of a vulnerability, do you do it in the dark?

Or do you take into account other factors that might affect the risk?

What if one of the factors is an existing audit issue that has not been remediated?

Continue reading

2 Comments

Filed under Audit

No Bad Audit Reports Allowed?

No Bad Audit ReportsIt’s getting to the point where some audit directors are saying, “No bad audit reports allowed.” In other words, don’t shoot the messenger, just the message. What follows is an experience from one of my audit colleagues…

First, a couple “I know” statements…I know auditors are supposed to be helpful and friendly. I know auditors are supposed to add value. I know auditors need to be careful about giving only bad news; we should also note in our report what the auditee is doing right (if anything). I know that it’s hard for auditees to get hammered again and again by audit reports.

Continue reading

14 Comments

Filed under Audit, Technology