|“Make no mistake — auditors will find fault with your systems, your processes, and the people who operate them. They’re auditors. It’s their job.”
Kelly Jackson Higgins, Experts share tips on how to avoid the most common pitfalls in an audit
If you missed Kelly’s article when it first came out, take moment and read through it. I bet you’ll learn something.
Key points I want to remember:
- Two of their most common reasons for failing an audit are poor documentation and poor training programs.
- It’s all about proving that data isn’t tampered with — from inside or out.
- Manage change in a consistent manner.
- Clearly define roles and permissions.
- Know who (and where) users are, what role they play and what permissions they have.
- Align physical security with IT security.
- Be ready to demonstrate how you monitor security.
- Be ready to demonstrate how you are able to detect and act on anomalies.
- Map security processes to business processes. A checklist isn’t enough.