Lilia Liu Chung has more than 20 years of experience in information technology with emphasis on implementing of industry best practices. She has a background as an advisor in computer crime, white-collar crime and corporate fraud, and security of IT; a chief information officer; an information systems auditor; and a legal advisor.
What are your three goals for 2015?
What’s on your desk right now?
How has social media impacted you professionally?
Social networks allow for ease of communication. If used wisely, they can be a strong means of communication and a way to spread awareness.
What’s your number-one piece of advice for other risk professionals?
Be sure to check thoroughly before expressing an opinion in writing to avoid misunderstanding.
What's your favorite benefit of your ISACA membership?
Staying up to date on the latest issues facing audit and security professionals.
What do you do when you’re not at work?
I like gardening and working on feng shui.
How do you think the role of the IS auditor is changing or has changed? What would be your best piece of advice for IS auditors as they plan their career paths and look at the future of IS auditing?
The role of the auditor has evolved as new technologies have emerged and become part of our daily activities. As we integrate new technologies, using them makes organizations vulnerable to new risk, not only technological, but reputational, operational, etc. As auditors, we must be prepared for any kind of associated risk. Mostly, we find organizations that upload data to the cloud or use social networks, big data, or wireless devices, such as cell phones, tablets, USB sticks and others, have fragile security procedures that are capable of being impaired by any internal or external attack. The lack of policies, periodic reviews, adequate supervision or continuous monitoring may cause problems for organizations. My best advice for auditors as they plan their futures is to discuss what they want to be, where they want to go, what scope they want in their career and what contribution they want to provide to society with their work. The advantage of auditors is that they can work in any company regardless of industry or sector. Though as a result, the auditor must document, study and tap into a broad knowledge base.
Your experience ranges from computer crime and corporate fraud consulting to IT security to IS audit. Please describe the adjustments you have made in your career to complete these transitions and how you have used your experiences in each role to better you for the next.
I had to make adjustments throughout my career because I have seen that a technical degree in computer systems engineering, while very comprehensive, falls short. By supplementing that degree with a master’s in business administration with an emphasis in finance, I came to understand that technology goes hand in hand with business objectives, how to determine which way is the north of the organization, possible financial problems, and how the economy is moving regionally and globally.
Today, computer crime is the order of the day. Thus, I’ve drawn my attention to the study of crime and I also participate with a number of associations in the fight against fraud. As a lawyer specializing in technology issues, I have had the opportunity to review contracts on service level agreements, prepare contracts, see and prepare intellectual property issues, and participate as an expert on issues of cybercrime. It is never too late to study and train. We must be continuously learning to keep up with the always evolving technology race.
As an entrepreneur, what unique challenges have you encountered in beginning your own consultancy?
As an entrepreneur, one of the biggest challenges I found was marketing the firm. It is quite simple when you work in a larger organization with a structure, a management body and many employees. The biggest challenge I’ve had has been to start from the ground up; even when you know and have familiarity with clients, there is much work of evangelization. One of my biggest secrets to overcome this has been volunteering and networking through associations such as ISACA and the Association of Certified Fraud Examiners (ACFE).
How has volunteering with a leading industry association, such as ISACA, helped and advanced your career and professional life?
Volunteering has raised my professional experience—increasing my knowledge on many subjects beyond auditing, allowing me to exchange ideas with people from other countries, improving my exposure to the public, sharing with and teaching others what I have learned—and it has provided me with ongoing development.
What has been your biggest workplace or career challenge and how did you face it?
My biggest workplace challenge was when I was appointed chief information officer at a recognized insurance company in my country. With the appointment, I moved from being an auditor to being the executor. With the support of the management body and the board of the company, I was able to successfully transition. The most important thing I learned from that experience is the importance of working together with other people to meet the goals of the organization—one person cannot do it alone.