Jun 25 2009

10 Things Dave wants you to know about auditors

Published by at 4:47 am under PCI,Simple Security

I really wish I could disagree more with Dave Shackleford and his post, 10 Things Your Auditor Isn’t Telling You, but I think he’s really hit it on the head with this one.  And hit it hard.  He starts the post by saying he’s not trying to be mean, but as a PCI QSA, there are a couple of times I had cringe, because it really hits close to home.  It’s tough, because some of the points he makes are almost unavoidable in an audit process while others are signs of an industry that needs more skilled practitioners than are currently available.  And his final point is definitely true: the people at a company I’m assessing may like me as a person, but I have yet to meet someone who actually likes the process of being assessed and doesn’t channel at least a little of the dislike back to the assessor.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

One Response to “10 Things Dave wants you to know about auditors”

  1. Garryon 26 Jun 2009 at 7:33 am

    It wouldn’t hurt for most IT auditors to take a look at the federal handbook, Government Auditing Standards, aka “The Yellow Book”.

    For one thing, it’s authoritative. Secondly, it includes IT audit guidance. Thirdly, it’s free.

    http://www.gao.gov/new.items/d07731g.pdf

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: