1. Do not copy the overseas IT audit process and ideas.
Foreign speaking system, domestic speaking of human feelings and practices. This is especially true for the entire company-IT department. If there is a small problem, you can prompt it. If there is a big problem, it will not only communicate with the specific auditee in a timely manner, more suggestions should be provided to the IT team in a timely manner. This is not only an attitude to promptly confirm the problem, but also a kind of respect, but also an idea to establish a unique Chinese human sentiment. However, the report is not reported if the communication is completed in a timely manner. It is best to set up your prestige as an IT auditor on urgent and important issues, communicate the affairs, and send a formal high-risk letter to the other party as soon as possible, of course, you have to review it for your leadership. In addition, IT executives should communicate with each other in a timely manner, instead of directly sending the report to the IT executives later. This is also a kind of favor for selling the Report to the other party. Sometimes it is critical to inform the incident in advance, so be cautious. We need to maintain the professional independence of IT audit, as well as provide it with a buffer of time and opportunities. Otherwise, your IT audit will be hard to implement in the future.
2. At the beginning of the IT audit project, we recommend that you use special items. Do not be greedy.
A small and refined project is conducive to building prestige and pragmatism, and providing real help to it. This is a big but superficial process, and is generally controlled. Sometimes it knows that its practice does not comply with company regulations, but it cannot improve because of resources, time, and other factors, therefore, do not focus on superficial issues such as "not following the development process. Let's talk more about the risks shared by local networks, analyze the size of unauthorized vulnerabilities, be more pragmatic than anything else, and be more helpful to it, it truly realizes the role of "open-source business and support for throttling.