Friend or Foe: The Auditor

In the friend or foe series we have look at other individuals within the company. We determine their role, how it could influence ours and the basics we should know about them. This week we start with the auditor, a common partner to deal with governance and compliance. Friend or Foe?

The importance of governance and compliance increased hugely in the last 10 years. Main reasons are scandals, but also the more internally oriented vision companies have, resulting in more compliancy demands. At the same time leaders want to get back in control and know the company’s risk profile.

An auditor can be considered as our friend. This individual is not here to judge our work, but the work of the company. With an objective look he or she has the power to put a label on the quality of the company, with a special focus on management, financials, proper administration and the correct usage of risk management methods.

The work of an auditor consists of applying similar steps and scan for quality characteristics, like integrity, completeness, applicability and availability. Therefor the best possible relation between you and this individual is to give what is being asked for. There is no need to share everything, only that what is needed or requested. Life gets easier for both though, when your administration is complete and accurate. Examples include having the right policies, procedures and documents and maintain them well. This is especially true when these same documents are being used as a guide for delving into other subjects.

When you are in the possibility of arranging a room, lunch or just an easy conversation, you could influence your relation with auditors. However keep in mind that they are still have sworn an oath to be objective, so “bribing” in any way won’t be appreciated.

This post Friend or Foe: The Auditor was initially published on The Next CISO.

*** This is a Security Bloggers Network syndicated blog from The Next CISO authored by Michael Boelen. Read the original post at: