Daniela Gschwend, CISA, CGEIT, CRISC, after studying information management at the University of St. Gall (Switzerland), began in the IT audit department of Credit Suisse (CS), a global leading financial services company with headquarters in Zurich, Switzerland, as part of the infrastructure audit team. Four years later, she had the opportunity to head up the IT audit team of one of the CS companies, based in London, England, UK. Moving back to Switzerland after three years in the UK, Gschwend joined Swiss Re, the second largest reinsurance company in the world, as global head of internal IT audit. After four years in this role, she “switched sides,” becoming an auditee, and moved into various governance of enterprise IT roles over the past 13 years.
What has been, or do you anticipate being, the biggest compliance challenge in 2015?
Balancing the benefits from technological capabilities with the many and changing regulatory and client requirements that are often in contradiction with technological trends
What are your three goals for 2015?
What is on your desk right now?
My big iMac, jelly bellies and still too many documents
Who are you following on Twitter?
The top DJs in the world and a few companies in the financial and consultancy industry
What is your number one piece of advice for other GEIT professionals?
Keep calm and maintain oversight.
What is your favorite benefit of your ISACA membership?
COBIT. But, a close second is the networking, especially that which I gain as a board member with other chapter leaders around the globe.
What do you do when you are not at work?
Eat, sleep, celebrate (there’s always something), repeat.
As a governance of enterprise IT (GEIT) professional, how do you believe your background in IT audit has supported and guided your career to date?
My background as an auditor has helped me to understand what auditors are looking for; identifying gaps and improvement opportunities is one side, but convincing management to implement these before they become issues can be very challenging when one is in the same department. We continue to emphasize that gaps have to be addressed for risk mitigation purposes, not because audit wanted something.
What do you see as the biggest risk factors being addressed by GEIT professionals? How can businesses protect themselves?
Global companies receive (too) many and different requirements from all over the world, coming in via various channels and time lines. A GEIT professional must be able to communicate and work with a variety of experts across the globe, speaking their and management’s language and creating transparency and a consistent approach to addressing the key risk areas. Overall, networking, communicating and “translating” requirements into deliverables are essential.
How do you see the role of GEIT changing in the long term?
Unfortunately, I believe we still need to work on some basic elements to make sure that top-level management and the board assume their GEIT responsibilities. Also, the gap between the business and the IT worlds in companies has not been properly addressed and closed yet. With the technological developments, decision makers tend to misjudge the risk and the efforts behind their decisions and forget the potential implications on today’s IT environment and their past decisions.
Having begun your career as an IS auditor, how do you think the role of the IS auditor is changing or has changed? What would be your best piece of advice for IS auditors as they plan their career path and look at the future of IS auditing?
When I started as an auditor, we had to figure out how IT and the processes worked and what controls we expected to see together in our team and with experts. There were hardly any audit programs available, self-written scripts had to be run or we accessed the systems on the operating system level to get the respective data. The efforts were high, but they allowed us to think carefully about what we really needed, why we needed it and how we could get it at a low price. Therefore, my advice: Do not become a checklist auditor. Always think about the big picture, that which is behind the scenes; challenge programs; and assess what makes sense and what does not. Have an opinion on what you do—the auditee and management will see the benefits.
How has your volunteering with a leading industry association, such as ISACA, especially your work as president of your local ISACA chapter, helped and advanced your career and professional life?
Joining the board of the ISACA Switzerland Chapter immediately provided opportunities within the chapter and then later internationally. People recognized me (sometimes also in interviews when hiring) and members provided feedback and turned to me (and other board members) for support. The companies I have worked for have supported my engagement as it also demonstrates initiative and engagement beyond the organization’s boundaries. Interactions with people outside the company and global networking capabilities have helped me to gain access to experts at all levels and use these resources to solve difficulties. Being the president has also improved my leadership skills. There have been many situations and problems that I have had to address that have, in turn, helped me in my professional life.