To increase the amount and depth of the analytics performed, steal some agile methods, and apply them to your audits.
If you’re not familiar with agile methods, check out the first 5 topics listed here (just click Next at the bottom of each page; the topics are quick to the point and full of pictures).
Briefly, agile projects are performed in cycles, or iterations, rather than in a long, linear-waterfall fashion, which is: do all planning, then field work, then reporting. Each iteration of the project creates some value and includes feedback, which is used in the next iteration to increase the value of the project.
The Institute of Internal Auditors (IIA) has back-to-basics articles for new auditors (and like Dummies books, the topics can be a reference for the rest of us). Even security pros might want to read a few of these to better understand their auditors, or how those auditors should be doing their jobs.
The topics are as follows (no special order):
Filed under Audit, How to...
A while back, I noted some reasons why people hate auditors. Well, you can hop those hurdles, and be an auditor that people love or at least respect. Here’s how:
Yesterday was one of those days where the clock just spins, you get a lot done, and nothing out of the ordinary occurs. You have some meetings, dig into the data, and identify a finding, do a little more research, and fire off an email to get an explanation from the control owner.