Mack-the-Auditor Gets Audited! Part 3

This is the third of 3 posts; this post describes how I audited the auditors and my perspective on the whole thing.

Read the first post (background) and the second post (audit results).

Continue reading →

Advertisement

5 Things We Need from ACL in 2018

Here’s the 5 things I’m hoping will change in 2018 regarding ACL.

They are all related to each other and feed off each other…

Interesting.

Continue reading →

Audit Automation is NOT all Automation

Some Chief Audit Executives (CAEs) and audit managers tend to think that audit automation is a set-it-and-forget-it process. NOT.

In this post, I want to expand on a problem I mentioned in an earlier post , 10 Signs Mgmt Doesn’t Really Support Analytics.

Audit management too often thinks that once a process or an audit is automated, ALL auditor/staff hours previously spent performing that process can be reassigned elsewhere.

That is not the case at all.

Continue reading →

#1 Reason for NOT Doing Data Analytics

Do you know the #1 reason auditors don’t do data analytics (DA) much?

It is so simple, so obvious, I hesitated to blog about it. Let me know if you agree.

Continue reading →

IT Admin vs. IT Auditor

IT admins and IT auditors often don’t see eye-to-eye, and they don’t usually think their goals are similar.

The IT auditor just has to work a little harder to convince the IT admin of that. I’ve worn both hats, so I know it can be done.

Continue reading →

Computer Security Clockwork

CSO Simson Garfinkel notes that incorrect system time on your servers, clients, and devices (what I like to call “computer security clockwork”) can have the following effects:

• System logs are incorrect.
• Forensic investigations become more difficult.
• Scheduled jobs may occur too early, too late, or not at all.
• SSL certificate validity may be affected.
• Emails may be tagged as spam if they appear to have a future date.
• Electronic locks may open or lock inappropriately.

Continue reading →