Saturday, August 06, 2005

Fun Stuff - How to handle an IT Auditor

I started working on this one and it became kind of silly. I also ran out of ideas... Please feel free to add to the list

- - -

How to handle an Auditor

YOU are a Business unit�s Manager for a fairly large company (they still owe you a VP title).

It has been two weeks now since the auditors �evacuated� your boardroom, and the rest of the staff on the floor are happy again, since they do not have to search the other floors for an open boardroom for their meetings.

Well, today�s the day a 30-page audit report just landed on your Inbox (did I fail to mention encrypted, of course) accompanied by a meeting invitation with the Audit Manager.

You double-click the attachment document and it takes about 10 seconds to open.

Once it does, you rush to the Summary page and count how many High Risk items they have located and listed. Then, you're thinking of having a heart attack… but then again…

Auditors are a group of people that everyone just loves as much as their dentist. The profession should be listed as one of the top 10 stress-bearing and stress-producing occupations.

Now, you are called to action and must respond to the report. Well, let me help you out by offering you the following tips:

- Ignore them (this doesn�t work all the time). Auditing groups are comprised of an Audit Manager (he thinks he knows his stuff) and a flock of university (at best) graduates. These kids don�t know what they are talking about, right?

- Challenge them. Auditors know only what you have told them. Am I the only one that gives audit a �yes/no� answer to their questions?

- Bargain with them. Tell them that you do not think these are Severity 1 items because of the controls you have in place. Don�t forget: not all controls need to be physical; they can also be logical and function as good as all other controls.

- Lie to them. Tell them that you have been working on the process document and it is still in draft mode. On top of that, let them know that the staff member is on vacation and, when they return, the PC does not boot and it has to be reimaged again, losing all data and documents.

- Buy some time. If you can�t beat them, ask for 2 years to fix. By that time, they might have given you that VP title and it becomes someone else�s problem.

- Hide the servers. Naa, this doesn�t work at all…

- Escalate. Tell them that you will need to escalate to the Head of the BU and ask for more money to fix the problems but (we) are all aware of the profit earnings warning communicated last week.

- (...when dealing with Internal Audit groups) Ask for an external auditor to verify the findings

- Bring in your boss's boss and intimidate the crap out of the Auditor...

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?