Being in a financial organization, makes audits, integrated in the DNA of every IT professional. The audits varies from internal, external, regulatory, statutory, to what not. So, are these of any value?
Personally, I have a lot of respect for the audit function. Especially the IT Security audit. However, I prefer working with auditors who know their jobs, and try and look for real risk, and are not just mechanical bots trained to match documents to their check-lists.
Here is one article that is in-sync to my thoughts.
No comments:
Post a Comment