My highest goal in this company-IT audit, data analysis, audit management practice plan

Source: Internet
Author: User

The company has been in the company for three years. I also need to know my position and final goal in this company. This problem has been taken into consideration for a long time, mixed with the status quo and trends of the industry, and I have prepared this plan, if you achieve your goals, you will be able to retreat, change your company, and desire something for your family.

1. Currently, no one in the department can take over the IT audit knowledge system. Without the replacement mechanism for this position, this is really bad. Now the industry has entered the big data era, not to mention that big data processing is somewhat unattainable, but the current data expansion only brings data security and business features behind the data, it is also an essential part of risk management. To prevent risks, you need business knowledge and the characteristics specified by the trend evolution of data. to mine accidents that have occurred, the data must also be traced.

There is a classic saying: It's not that your system is unbreakable, but that you are not targeted. Once your value swept across the industry, your systems are always in crisis.

Therefore, what I need to do in IT audit is to check as much risk as possible in the IT process, reminding me that we should do a good job of communication and do not want to participate in IT audit to meet the needs of analysis, at least when the IT department feels tricky or needs help, it can take the initiative to find this position to consult and communicate, and realize that it is the best strategy. It is even better if it can bring a point of attention to industry regulation :)

Details are: specific projects: This year, the Project Development and Change project will be completed, the business sustainability project will be completed next year, and the core system performance evaluation project will be completed.

Non-project communication: the formation of a group, UC group or other data points, regularly released our company or industry security focus, in particular, I would like to remind organizations why they should conduct self-check on IT information security at ordinary times (it is obviously a little impatient to teach them how to do well and pay attention to it in a conscious way. I have already done this, and there is no impact on people withdrawal)

Non-Project penetration testing: conducts daily security tests on the Intranet and Internet of the company at random based on the new risks in the industry or IT security industry, provided that the business cannot be affected.

2. CAAT: computer-aided auditing. Our company mainly uses a specific authorized account to write SQL statements and directly runs data in the database for analysis. In fact, I have always taken this part as a major part of closely related business, and its importance and feasibility are even higher than that of IT auditing itself.

As mentioned above, the industry has entered the big data era. The development and risk avoidance brought by data analysis to businesses are very important. Everyone in this industry must stay in the Audit Department or risk compliance department.

In the early stage, I started to deploy the basic internal strength of the Department, and taught them to learn SQL first to deal with Oracle database queries. Then the business should be comprehensive, accessible, and the more familiar the business, the more accurate and effective the subsequent analysis. This value cannot be reflected in ordinary financial auditors. For example, the customer actually uses the same fund to keep making a revolving loan, empty glove White Wolf. Unless the Operation Department collects such data, no matter whether the operation department or the audit department, manually flip the system, query data, compare the loans from multiple businesses of the same customer, determine whether the business is completed after the first business loan, or after the business loan, and so on, use SQL to write scripts and run them.

At present, in the company, I have only implemented Data Mining for abnormal risks in the daily audit process, and need to be supplemented. It has not yet formed an independent and complete system, but before each audit site, provides targeted help. My goal is to keep up with the business and build a complete set of script libraries based on business risks, from exception class to trend class to the idea that my previous teacher did not implement in the end, the effective off-site audit will be conducted directly (of course, this final idea is in the current company, energy and other aspects of the impact, the probability of implementation is very low, can do a perfect exception prompt, trend prompt is already my ideal state ).

The details are: Specific Risk scripts, some of which are reorganized and categorized; missing or newly added due to new risk monitoring requirements brought by new businesses.

Communicate with the business port and back-up port to provide them with a certain range of consulting services. The core of the audit is to ensure smooth business development, rather than pick a thorn, so that the audit should be integrated into the business process as much as possible, at the same time, it can also be well exposed to learn the latest business details, which is conducive to the exploration and avoidance of new risks.

3. Audit Management.

Audit> = audit. Our industry and company are no exception in the current national economic transformation and various reforms. As a non-direct value-added department, the performance that can be created will inevitably not shine in the old routine. It also has a lot to do with the company's internal control environment, risk acceptance environment, business demand environment, high-level management environment, and regulatory environment.

To do a good job of auditing, you should not only learn to audit accounts, but also have business knowledge and understanding of the company's business objectives. The company's goal is to make profits for its business, so it cannot keep up with the business. We should discuss the audit and provide suggestions. All I need to do is to instill the following points into the auditors I can influence.

[1] What auditors need to do is to master basic business knowledge. The more detailed, the better, the better integrated into the business. There are two advantages. It can not only know yourself and know yourself to complete the audit work, but also provide business personnel with the flexibility to accept the audit, so as to avoid business personnel conflict with the audit work and internal control work.

[2] The second audit concept should be implemented by auditors. If auditors start from the audit perspective, they will lose. The correct angle is from the business perspective, where is the appropriate? Where is the elastic processing required? Where is the rigid regulatory requirement, what is the minimum acceptance of risks, and what kind of risks can be improved.

[3] audit personnel should ensure that the third article is how to publicize the audit and internal control of the Organization's business personnel, so that they can accept the audit and internal control. Too many people go into misunderstanding, and even include high Headquarters auditors. This misunderstanding is that only when there is an audit job can we communicate with the target personnel about the audit and internal control. Communication Based on audit tasks has already been blocked. What is correct is that you usually have more contact and understanding, and provide consulting services as an audit identity to help you achieve your daily business goals. It is indeed difficult to achieve this, because the current society is impetuous, the pace of competition, the pursuit of short-term value is high, are social people, certainly also affect all aspects of the company's internal, therefore, everyone has a large number of daily things to deal with, ignoring the daily attention is inevitable. However, for the ultimate development of the company, the ultimate goal of its own responsibilities, and the overall audit image of the company, personal work cannot be completed temporarily. I think the two are not comparable. On the contrary, the other extreme is that they all start from their own work and simply execute if... then... statement (if it has nothing to do with me then get out), the whole department wants to develop. Only one or two people who are exhausted and responsible can hold up the overall image, or simply fall down collectively, are all mixed .... The Department has no image, and the company's internal control is also half the sky. As for personal development... It does not seem to be very affected. This is not enough.

[4] in addition to guiding the above-mentioned attentions of various institutions, we also need to view the status quo from the perspective of the company's overall business development at all times, and see how information communication between the general branch organizations works, look at what you can do for your organization at the headquarters.

[5] It is also very important to see from what perspective your leadership is currently looking at, what's straightforward, and what kind of achievements your leadership needs, then, your task is to help him or her implement it. No matter where you are, you are a soldier relative to your leadership, understanding and realizing the ideas of your leadership and even bringing surprises to the leadership are the best troops.

Long future ....

In summary, if we can achieve the above three points, we will be able to appreciate the appreciation of the leaders and continue to develop with peace of mind. I am also reminding you that the person in the audit line is not unrelated to the business. It is also a key factor affecting the company's business.


My highest goal in this company-IT audit, data analysis, audit management practice plan

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.