[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

We hit half-million: The Cidr Report

Subject: We hit half-million: The Cidr Report
From: owen at delong.com (Owen DeLong)
Date: Thu, 1 May 2014 11:34:03 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <e20085807da04425ac7d2a33a4d7ab42@AMSPR07MB211.eurprd07.prod.outlook.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAD6AjGSzAuMhc3Gn2PUdunU9Uj3iuPma5fRSuuj-XAgPFK4X5Q@mail.gmail.com> <[email protected]> <465966A5F5B867419F604CD3E604C1E55DD5EE51@PRA-DCA-MAIL.pra.ray.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On May 1, 2014, at 11:07 AM, John Souter <john at linx.net> wrote:

> On 01/05/14 17:41, Owen DeLong wrote:
>> The problem with this theory is that if auditors can be so easily put to the
>> street, you run into the risk of auditors altering behavior to increase customer
>> satisfaction in ways that prevent them from providing the controls that are the
>> reason auditors exist in the first place.
> 
> I disagree.  And the power balance is generally tilted way in favour of
> the auditors, as many people on this thread have already commented.  In
> my experience, most companies are afraid/inhibited to raise issues or
> challenge their auditors in any way.  Nobody is asking auditors to roll
> over, but if their behaviour is unprofessional/illogical, then a short
> sharp shock should do the trick.

Iâ??m not saying that auditors shouldnâ??t be accountable or that people shouldnâ??t be able to do something about auditors that are being irrational/stupid. Believe me, I cringe every time I hear â??our auditors require NAT as a security mechanismâ?? since NAT is a minor hindrance to security at best.

I realize youâ??re not asking auditors to roll over, but finding a balance point is tricky.

>> If you donâ??t believe me, examine the history of Arthur Anderson and their
>> relationship with a certain Houston-based company which failed spectacularly.
> 
> Can't really comment, but it was financial auditing, and ISTR that many
> things failed in that situation - not just financial auditing.

Many things failed in that situation. MOST of them should have been caught and stopped by financial auditing.

Yes, it was financial auditing, but I donâ??t really see the difference. When you turn â??pleasing the customerâ?? into a potential   conflict with â??accurate audit resultsâ??, you create a recipe for trouble. As much as I want auditors accountable for unprofessional/illogical conduct (which does not yield â??accurate resultsâ?? anyway), I consider it critical to avoid putting auditors in the â??a happy customer is a good customer with a happy auditâ?? mentality because that leads to very bad places. The right place is somewhere between these extremes, but defining that location is quite difficult.

Owen

Follow-Ups:
- We hit half-million: The Cidr Report
  - From: jfmezei_nanog at vaxination.ca (Jean-Francois Mezei)

References:
- We hit half-million: The Cidr Report
  - From: john at linx.net (John Souter)
- We hit half-million: The Cidr Report
  - From: owen at delong.com (Owen DeLong)
- We hit half-million: The Cidr Report
  - From: john at linx.net (John Souter)

Prev by Date: We hit half-million: The Cidr Report
Next by Date: We hit half-million: The Cidr Report
Previous by thread: We hit half-million: The Cidr Report
Next by thread: We hit half-million: The Cidr Report
Index(es):
- Date
- Thread