What is the biggest security challenge that is being faced in 2016?Identity and access management. We struggle with managing our own identities on a personal level with usernames, passwords and security questions to dozens of web sites. Organizations feel the same struggle when users have access to dozens of applications.
| |
How has social media impacted you professionally?It allows me to stay in touch with people I have met all over the world. I have been able to meet up with people who I have not seen in years because we connect and share our future travel plans via social media.
| |
How do you think the role of the IS auditor is changing or has changed? What would be your best piece of advice for IS auditors as they plan their career path and look at the future of IS auditing?
The fundamental role of the IS auditor has not changed for many years with regard to the type of risk we try to address. IS auditors will be challenged in the future to address new areas of risk and move away from general computer controls that have long been effective in organizations. As risk is transferred to third-party vendors, IS auditors will be challenged to show how controls are effective when they are no longer being performed in-house.
How do you see the roles of IS audit, governance and compliance changing in the long term?
In the next few years, IS audit, governance and compliance will move toward continuous auditing through the use of data analytics. Once a transaction hits an enterprise resource planning (ERP) system, users will be informed if it hits a certain threshold and causes suspicion. Instead of waiting until the next year when the population is reviewed by an auditor, key flags will already notify the system owners with potential areas of concern.
How have the certifications you have attained advanced or enhanced your career? What certifications do you look for when recruiting new members of your team?
I obtained the Certified Information Systems Auditor (CISA) certification within my first year of working in public accounting. After obtaining the certification, I was able to show internal and external stakeholders that I knew the industry standard for IS audit.
I do not have certifications that I look for specifically when recruiting new members to my team; however, a technical certification shows me that an individual has taken the time to learn the industry’s guidelines for best practices. It shows me they are dedicated to the profession outside of their normal business activities.
What would be your best piece of advice for IS auditors planning their career paths and looking at the future of IS auditing?
Take lots of notes! I am constantly referring back to notes I wrote months and years ago. Sometimes they are technical items and other times it is a piece of advice from a colleague. You never know when you are going to need to refer to something from the past.
What has been your biggest workplace or career challenge and how did you face it?
Learning to “work where your feet are.” Audit professionals are constantly challenged by new work environments. I had to learn very quickly how to block out any outside distractions when working on trains, planes and in various conference rooms. Often, the places where we do our jobs may not be the most comfortable or conducive for being productive. I have found the best way to overcome the challenge of working in multiple locations is to set tasks based on where you will be working next. Sometimes, administrative tasks such as reporting travel expenses are best performed on a train, whereas documenting audit procedures is best performed on my couch.