Let’s see if you have a picture in your head of auditors. Do see you them, sitting there in the darkness, with a maniacal look on their faces. They pour over your documentation and configuration files just hoping to find the red meat. If there is anything juicy they will find it and feed off it at your expense. Is this the image you have of auditors? Perhaps you were burned during an audit, or just didn’t have a very good experience at the auditor’s hands. With a bit of explanation, your next audit doesn’t have to be so stressful and adversarial. Maybe, just maybe, you can walk away with some value to help improve what you do that you hadn’t thought of before. Starting from the beginning, we will walk through why IT auditors exist and what role they play in the organizations risk management process. Since we all can relate to risk, maybe we can find the common ground and start to derive value from what auditors provide. Given the right amount of attention and care, organizations can ultimately benefit from IT and Audit working together. Plus you will sleep better at night knowing the bogeyman is just a myth. Speaker Bio Jeff Kirsch is an IT auditor by day and ghostnomad, an infosec geek alter ego, every chance he can get. Always trying to learn new things drives him to find better ways to help others learn about technology. His passion for technology also drives him to help those in technology understand auditors and the audit process.

1. Whose Afraid of the Big Bad Wolf: Accepting Audit as a Service

3. ghostnomad got into computers: age 9 attempted computer science no passion to code on deadlines

5. Defensive Audit Techniques Use terms to depersonalize & confuse Request more information than you need Hide the fact results will sink the “auditee”

6. Grand Finale – We are here to help Wait, what?

7. Evil Auditors, Really? Understanding is the foundation we lack Everyone uses their own lingo Nobody likes to be corrected

8. Lets Talk Audit

11. Scope What is the purpose of the audit Drives the audit results

12. Controls A process or procedure which manages risk Controls must have a cost benefit Management defines controls

13. Types of Audits Financial Audit/Attestation SAS 70 Regulatory/Compliance

17. Drive Out Value

19. Where is the Value Audit as a Hammer (yeah, I went there) Audit has direct line to upper management Shows the forest when you only see trees

20. Types of Audits Redux Financial Audit/Attestation SAS 70 Regulatory/Compliance

24. Hidden Message Whose Afraid of the Big Bad Wolf: Accepting Audit as a Service

25. Questions?