Audit Automation is NOT all Automation

Some Chief Audit Executives (CAEs) and audit managers tend to think that audit automation is a set-it-and-forget-it process. NOT.

In this post, I want to expand on a problem I mentioned in an earlier post , 10 Signs Mgmt Doesn’t Really Support Analytics.

Audit management too often thinks that once a process or an audit is automated, ALL auditor/staff hours previously spent performing that process can be reassigned elsewhere.

That is not the case at all.

Continue reading →

Advertisements

New IT Auditor Needs Help!

A new IT auditor needs some help dealing with database patching issues and how far you need to dive into technology during an IT audit.

Take a moment to read his comment and add your thoughts. I’ve put in my 2 cents. Let’s get a good discussion going.

I think any auditor can chime in, as audit scope and audit limitations are not unique to IT audit.

Dinesh’s comment appears in What IT Auditors Ought to Know – and Don’t!

Top 10 Reasons to be an IT Auditor

Here’s my list of the top 10 reasons to be an IT auditor:

10. You have access to all systems, data, and people (with a business reason, of course). Employees rarely ignore you.

9. You can uncover fraud, mischief, ignorance, and just plain laziness. Either way, you “add value to the business” (yeah, I hate that term too, but it is what audit is about, and so appropriate).

Continue reading →

IT Security Pioneers

SC Magazine had a good article back in November (I am a bit behind in my reading and my blogging) about industry pioneers in IT security. Listed below are quotes by a select few of the people the mag profiled. If you find their quotes interesting, or you are not familiar with them, I suggest you check out the article and perhaps do some extra reading about some of them.

I thought cryptography was a technique that did not require your trusting other people…” – Whitfield Diffie

Continue reading →

Need More Data Analytics in Audit

Part 1 of an article at AuditNet notes that audit teams need to increase their use of technology, specifically data analytics, to continue adding value to their companies. The author contends that data analytics can provide more assurance at a lower cost than the traditional cyclical approach to auditing (while I noticed the author, John Verver,  is a VP of  ACL Services and has a vested interest in this, I agree with him).

Continue reading →

5 Security Steps for Non-Big Businesses

Lenny Zeltser suggest 5 steps that mid-market organizations can take down the security path:

1. Identify key data flows
2. Understand user interactions
3. Examine the network perimeter
4. Assess the servers and workstations
5. Look at the applications

Continue reading →

Firefox May Already be Dead

Keir Thomas, author of several books on Ubuntu, including the Ubuntu Pocket Guide and Reference, declares that Firefox has lost its way.  He says that the fox is slow and Slashdot users are complaining about it heavily.

Continue reading →