CHAPTER 6: SHADOW-WORK

image

Figure 7: Archetype identification

As auditors, we often find ourselves in circumstances that are different, confounding the very best practices or checklistsat our fingertips.

•   Employees should not be set up as vendors in the system, yet there were no other means of reimbursing expenses.

•   Backups have been configured to run nightly, but the recent slew of notification emails revealed failures over the course of multiple days.

•   A newly implemented intrusion detection tool has been disabled due to an overwhelming number of false negatives.

•   An augmented round of approvals has yet to preclude errors from arising ...

Get Turning Heads and Changing Minds - Transcending IT Auditor Archetypes now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial