Call it a rite of passage. Call it the school of hard knocks. Some may call it hazing. But whatever you call it, every brand new auditor experiences it — Their first interview with a client, asking questions and having no idea what they mean to someone with decades more experience and volumes more knowledge on the topic. I vividly recall some of my first client interviews, thinking to myself “Please don’t ask me to clarify that question!” Though stressful, there were some really valuable lessons in stepping into a tough situation, knowing I didn’t know anything, but asking anyway and learning from the experience.
It’s from those early, sometimes awkward encounters that I learned the importance of getting comfortable getting outside of your comfort zone. I know what you’re thinking. It sounds like something you’d hear from a motivational speaker at the Holiday Inn. I agree. But an auditor never gets comfortable interviewing executives unless he interviews executives. Help desk staff never get comfortable working with end users unless they work with end users. End users never really appreciate a successful day of working on their computer if they never see all of the preparation, maintenance, late nights, and long hours of the IT folks.
So to help you see how the “other side” works, here are a few suggestions and questions to get outside of your comfort zone. You’ll be a little bit more informed the next time management and IT staff come together, ultimately making better business decisions together.
For Those in Technical Positions
- Read your company’s annual financial report. Pay attention to the financial statements. How do the amounts in each category compare to the annual IT budget?
- Look at the significant accounting policies in the notes to the financial statements. Look up the definition of accounting policies and figure out why one policy may be selected over another.
- How much market share does your company have? Who are your biggest competitors?
- Learn about stockholder’s equity, and how it’s impacted by net income.
- Read a book about business, management principles, or finance. Recommendations include How to Win Friends and Influence People by Dale Carnegie, Start with Why by Simon Sanuk, David & Goliath by Malcolm Gladwell, or The Millionaire Next Door by Thomas J. Stanley.
For Those in Management, Accounting and other non-Technical Positions
- Google any of the following words and read about them. Domain controller, active directory, NTFS permissions.
- Run a few commands from the command line on your computer. Click Start – Run – type “cmd” and press enter. In the black box, type “ipconfig” and press enter and find your IP address, and the default gateway. Now type “ping” and the IP address for the default gateway. The results prove the default gateway is up and running and talking to your computer.
- When new hardware or software is being installed, plan to stick around to observe (if the IT folks let you). Ask questions and watch all that goes into installation of a new or updated system.
- Read about technology. Recommendations include The Art of Intrusion by Kevin Mitnick, krebsonsecurity.com.
So over the next few weeks, consider how you can get comfortable getting outside of your comfort zone. Learn about the “other side” by asking questions and doing some easy reading. It gets easier to get uncomfortable the more you do it. And the next time a newly minted auditor sits down in front of you with sweaty palms and a notepad, cut him some slack. He’ll get comfortable eventually.
Bryan is a Manager at YHB and serves on theRisk Advisory Services Team. Bryan focuses on assisting organizations in a variety of industries with internal audits and IT-related audit and consulting services.