March 9, 2017 at 10:05 pm
Comments posted to this topic are about the item Only as Good as Your Auditor
March 10, 2017 at 8:53 am
Kindest Regards, Rod Connect with me on LinkedIn.
March 10, 2017 at 10:16 am
One of the outcomes of the banking crisis was awareness that the regulator had been a watch dog that didn't bark, let alone bite. There was an all-to-cosy relationship between the regulated and the regulator.
The old watchdog was put down and the new watchdog was very keen to show it had teeth and that they worked. I don't know if the situation has slumped back into the old status quo. What I do know is that security is a topic where you have to be continually ratcheting up your capability. A toothless auditor is no help. Yes, an audit can be a painful process, but if it was easy I'd be worried.
My thoughts are that an organisation shouldn't wait until the end of the year and sit quaking in fear at the sound of the auditors tread. Some form of continuous improvement process needs to be in place which includes a RAID log.
March 15, 2017 at 8:22 am
I tend to think that an audit that raises nothing provides no value at all. It is similar to the test team. I expect that many things will be covered off by the teams leading up to the audit (or testing in the comparison) but I only believe they are being thorough when they raise the first non-superficial issue. No issues (defects) means that it hasn't been evaluated (tested) enough.
...and, basically, David is spot on in his assessment.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply