Urmilla Persad, CISA, CISM, CRISC, ITIL V3 Foundation, has more than 18 years of experience in the IT field. Her career started (with PricewaterhouseCoopers) in IT administration. From there, she moved to external auditing and IT advisory services. She is now an IT audit manager with First Citizens Bank Ltd., Trinidad and Tobago and has strategic responsibility for the IT audit needs of the bank with a focus on IT systems and IT initiatives, as well as system-related development and implementation activities and oversight of the execution of IT audit programs. Persad has held various roles in the ISACA Trinidad and Tobago Chapter over the past six years and is currently the chapter’s president.
What do you anticipate being the biggest compliance challenge in 2016? How will you face it?
Cybersecurity. The increase in connected devices and how businesses harness the benefits of the Internet of Things to support their digital business strategy will only add to the cybersecurity challenge.
What are your three goals for 2016 as you enter the new year?
What is on your desk right now?
Laptop, water, art calendar, family photo, bamboo plant
How has social media impacted you professionally?
Social networking—staying connected with peers and professional groups
What is your number one piece of advice for other risk professionals?
Understand the business and collaborate with stakeholders across the organisation.
What are your favorite benefits of your ISACA membership?
What do you do when you are not at work?
Read, spend time with my family, watch Netflix.
How do you think the role of the IS auditor is changing or has changed? What would be your best advice for IS auditors as they plan their career path and look at the future of IS auditing?
While the core objectives of the IS auditor have remained the same and auditors continue to be assurance providers and advisors within their organisations, the fast pace of technology, its uptake and the resulting changing business environments have driven the changing role of IS auditors.
In response to the changing environment and the increasing expectations of management and the board, the IS auditor’s role is evolving into a more business-like one, where developing more efficient and effective audit plans aligned with strategic objectives is imperative. This requires IT auditors to be professionally qualified, multiskilled, knowledgeable, and have a high level of understanding of not just technology elements and controls, but the business that the controls are designed to secure.
This all makes for an exciting time for IS auditors as the opportunity exists to contribute to an organization’s overall success more than ever before. My advice for IS auditors as they plan their career in these new times:
- Get certified—ensure that you have the necessary foundation knowledge (e.g., Certified Information Systems Auditor [CISA], Certified Internal Auditor [CIA]).
- Commit to continuous learning, invest in yourself. Once certified, consider enhancements with credentials such as those related to COBIT, ITIL, CAPM/PMP and Cybersecurity Nexus (CSX).
- Pay attention to nontechnical skills development—critical thinking, relationship building, partnering, communication and openness to diverse viewpoints.
- Understand the business/industry you work in as this will support your ability to articulate business insights, better assess existing and new technology, and provide recommendations that can add value to the business.
How do you see the role of governance of enterprise IT (GEIT) changing in the long term?
The role of GEIT has changed with the role of IT within organisations. The days where IT was merely a support function are long gone as the pace of technology advancement and its adoption in enabling strategic initiatives has ingrained IT in almost every part of the business. The banking sector is a good example as it is impossible to think of a bank that runs without IT applications, supporting routine back-end processes to complex e-banking interfaces. As IT is increasingly relied on to enable business strategy, the role of GEIT has to be increasingly focused on keeping business and IT initiatives on track by understanding how much value IT is creating, how its day-to-day operations are performing, and how IT risk and IT resources are managed.
As GEIT continues to improve, the involvement of all the stakeholders within the organisation is imperative in ensuring that IT strategy is linked to business strategy and drives balance between investments and efficient use of IT resources.
What do you see as the biggest risk factors being addressed by IS audit, risk and governance professionals? How can businesses protect themselves?
The biggest risk factors being faced by IS audit, risk and governance professionals are preserving the business (i.e., systems, data, reputation) amidst increasing technology change as digital strategies are rolled out. With the pace of change, it is a challenge ensuring that the controls environment (including internal policies and procedures) can be maintained at an equal pace to mitigate the risk.
Businesses can protect themselves from the risk associated with technology investment and change by ensuring that adequate discussions, collaboration and due diligence in decision making occurs with the right people (across the business and including assurance providers) from inception to execution and implementation.
What has been your biggest workplace or career challenge and how did you face it?
Successful internal auditing today requires a deep understanding of the business and the strategic direction of the organisation. That understanding requires continuous collaboration and partnering with management and key stakeholders across the organisation. Maintaining independence and objectivity has proven challenging as closer collaboration can easily lead to the rationalising of risk factors being assessed. Being self-aware of this has proven useful in addressing it because it requires strong adherence to auditing standards; getting input from other auditing peers and the chief audit executive (CAE) has also helped in safeguarding from any potential compromise of independence and/or objectivity. (Another growing career challenge is balancing a successful career with successful parenting!)