To create a successful analytics program in internal audit, you must have a plan. A plan that points to analytic North.
That requires WRITTEN goals.
In an earlier post I outlined 10 Signs Mgmt Doesn’t Really Support Analytics.
One of the signs that indicates management isn’t really serious about analytics is that management does not require every staff member to have measurable analytic goals.
When internal auditors (or those pretending to be such) do poor work and don’t follow the appropriate audit and IT standards, they are unprofessional. However, I put the blame at the feed of audit management.
Recently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).
I couldn’t find much on the Internet on this topic, but there’s a lot of options.
I’ve actually worked in quite a few of the areas mentioned below…
In previous posts, I described how I gained access to the data center area and then the data center proper.
I had bypassed door #1 and door #2.
My new colleagues were not happy.
What’s the biggest problem in computer security, according to valsmith at carnal0wnage.attackresearch.com? Well, it’s…
As the author admits, the post leans toward self-promotion of the company, but it makes many good points and deserves a read and a good pondering.
Filed under Audit, Security
I read a blog post that quoted a security professional saying, ‘culture is defined as the beliefs we accept without question.’ The blogger, also a security professional, went on to say that his goal is to generate a new security culture, a security culture that “everyone accepts and makes a natural part of their activities.”
That definitely got me going, so I left a comment that explained why I disagreed with that statement.
Previously I’ve discussed why auditors are hated and how auditors can be lovable. But when I saw a Q & A in the ISACA journal about hating auditors, I had to dive in again. Here’s the gist of the article, with my comments in italics. Although there’s some similarity to the posts I’ve mentioned above, they take a slightly different tack through the audit seas.
Auditors that do the following are “hated”…