I find working as an IT auditor a fulfilling and enjoyable job; however, as with any profession, there are times when it can be hard. There are certainly days when I feel that there are “clowns to the left of me, jokers to the right.”1 The clowns are auditees who are always pushing back on audit recommendations or, if they do accept them, never seem to implement them. The jokers are the audit committee members who seem to have never-ending requirements for more and more assurance without allocating any additional resource.
However, I know it is unfair to categorize auditees as clowns. They, too, are short of resources and are constantly trying to juggle implementing new systems with keeping the lights on. Responding to and dealing with audit takes time. I, therefore, believe that it is vital to agree on defined standards and benchmarks with the auditee that will be used by audit to evaluate the subject matter. In other words, agree on and establish the criteria.
Likewise, the audit committee members are not jokers. They are trying to meet stakeholders’ needs while worrying about the cyber security of the enterprise and a constant stream of new legislation, such as the EU General Data Protection Regulation (GDPR). However, not all services or their supporting applications are equally important to the enterprise; therefore, it makes sense to categorize the applications and provide greater assurance for those deemed more critical.
I discuss both concepts together with the idea of using control self-assessment in my recent ISACA Journal column, “Doing More with Less.” I would be delighted to hear your thoughts. Do you agree? How can it be improved?
Nevertheless, this is just one suggested approach for getting more assurance. I believe that collaboration among ISACA members is key to getting the most from our time and resources. Why reinvent the wheel? I would, therefore, also like to hear how you do more with less. If there are clowns to the left of you and jokers to the right, be assured that ISACA is “stuck in the middle with you.”2
Read Ian Cooke’s recent Journal column:
“Doing More With Less,” ISACA Journal, volume 5, 2017.
1 “Stuck in the Middle with You,” Stealers Wheel, a band from Paisley, Scotland, released this popular song in 1972. https://genius.com/Stealers-wheel-stuck-in-the-middle-with-you-lyrics