//
you're reading...
Information Security, IT & TECHNOLOGY

Finding the Right External Audit Firm


ISACA-Logo

In the Age of the Customer the pace of business innovation is accelerating, with technology now the primary customer interface for many business processes. Technologies including mobile, web and even smartwatches are now part of many business processes. This, combined with an ever growing, complex supply chain and expectations of immediacy, means technology is more critical than ever to drive and deliver accuracy and speed.

The customer centric evolution mandates skills many organizations may not possess. User experience based design and development, backend systems integration, and specific technical knowledge in conjunction with effective governance skills are required to ensure financial and process accountability. Given that the impact of technology is not simply joining technology stacks, it additionally requires process integration and governance, supplementing internal skills with proven industry experience is critical to B2B success.

All of that points to the importance of partnering with an exceptional external audit firm to provide those critical skills.

Identification and Vetting Potential Firms

Identification of an external audit firm can be as simple as an Internet search or as complex and involved as a large request for proposals (RFP) process. For instance, a quick web search will quickly find several trustworthy household names. There are, however, many lesser known firms that may be a better fit, depending on your organization’s size and industry.

A proven vetting process is key to your success.

  • Develop a short list of qualification questions relevant to your organization’s processes.
  • Does the firm have experience and references in the domain?
  • Can they point to successful initiatives similar to your undertaking?
  • What did the project look like and who were the critical people involved?
  • Demand references from within your industry and talk to those references.

Once you have found an organization, a critical component is the assurance that the correct skills are delivered to the project to assure its success. This will vary by vertical. If you are in manufacturing, for example, you should look for relevant skills within that sector. If the B2B initiative is in a highly regulated domain, such as healthcare, you need a consultant experienced in healthcare, with relevant certifications, in conjunction with certifications such as CISA (Certified Information Systems Auditor) in the IT Audit domain.

ISACA has excellent guidance to assist you.  Its audit guidelines using COBIT are particularly useful in this regard. The networking opportunities ISACA provides members can also offer insights on the audit profession and its players. Institute of Internal Auditors (IIA) certifications are helpful in identifying qualified firms, as well.

Additionally, in an era of disruption, where the technology is more relevant than ever, look for a combination of skills, including financial, technical and even compliance. This may require several external audit firm personnel participate in the process.

Skills Transfer Opportunity

Your external audit partner will give you some external independence; however, this also presents an excellent opportunity for skills transfer into your organization. I highly recommend that you take advantage of your investment. I suggest partnering the external auditor with an internal team member to whom the skills can be transferred. This will require an additional short-term investment in your people, one that will pay dividends in the longer-term as you develop these skills internally to support greater velocity in future initiatives.

The role of external auditor in many organizations is reactionary. In the new world it must become proactive, engaged and involved in the development of products and services that ensure critical audit trails are integrated into design and delivery. It’s simply too difficult to gather data after the fact.

Remember, external audit firms are trusted advisors, so once the choice is made their outcomes will probably be considered binding in the organization. That means a little diligence now will be rewarded later.

(FYI: The Public Company Accounting Oversight Board’s (PCAOB) recent discussion paper “Audit Quality Indicators for External Auditors” includes 28 helpful indicators to track, monitor and evaluate external auditors.)

Robert E Stroud CGEIT CRISC

Principal Analyst Forrester Research & Immediate Past President ISACA

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 123,336 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,484 other followers

Twitter Updates

Archives

December 2015
M T W T F S S
« Nov   Jan »
 123456
78910111213
14151617181920
21222324252627
28293031  
%d bloggers like this: