Case File: Trouble Bites Auditor

As an auditor, I’ve been accused many times of looking for trouble. I have to admit that it’s true, because that’s my job. But too often, trouble comes looking for me. Sure it makes my job easier, but it also makes me scratch my head.

When I was in IT operations, before I got into security and audit, I was always thorough and followed common sense and company policy. However, any projects that I was doing that might draw the eyes of either of those departments, I double-checked prior to delivery. Most bosses don’t like surprises, and I was always a details guy. Besides, why poke the bear?

Continue reading →

Advertisement

More Snake Oil

In Standard (Snake) Oil, I complained about  companies that don’t audit according to standards because some treat control owner statements as pure gold, don’t insist evidence be tied back to actual systems, and don’t ask all the appropriate questions.

Here’s a few more questionable practices that I’ve challenged all too recently.

Continue reading →