Jun 25 2009
10 Things Dave wants you to know about auditors
I really wish I could disagree more with Dave Shackleford and his post, 10 Things Your Auditor Isn’t Telling You, but I think he’s really hit it on the head with this one. And hit it hard. He starts the post by saying he’s not trying to be mean, but as a PCI QSA, there are a couple of times I had cringe, because it really hits close to home. It’s tough, because some of the points he makes are almost unavoidable in an audit process while others are signs of an industry that needs more skilled practitioners than are currently available. And his final point is definitely true: the people at a company I’m assessing may like me as a person, but I have yet to meet someone who actually likes the process of being assessed and doesn’t channel at least a little of the dislike back to the assessor.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
It wouldn’t hurt for most IT auditors to take a look at the federal handbook, Government Auditing Standards, aka “The Yellow Book”.
For one thing, it’s authoritative. Secondly, it includes IT audit guidance. Thirdly, it’s free.
http://www.gao.gov/new.items/d07731g.pdf