Opinion: IT auditors can be heroes

If we are to emerge from the nuclear winter of slashed and frozen IT budgets, the industry needs a new kind of hero. Not someone high tech, certainly not high hype, most definitely high trust. Let me put forward a candidate, the heretofore unheralded and underappreciated IT auditor.

But jump-starting this economy’s “trust engine” is going to be very difficult. The cupboard for heroes is pretty bare. WorldCom Inc.’s boss, Bernard Ebbers, turned CEOs into a motley crew of suspects. Andersen shot the public accounting profession through the heart. Brokers and investment bankers have proved themselves to be self-serving weasels. Even sports heroes are as likely to have their faces appear on wanted posters as on cereal boxes.

As a psychographer, I study the mental geography of business leaders and what they’re thinking and why. Let me tell you, their world is as bleak as it’s ever been. These days, executives everywhere are wondering, “Who can I trust? And what do I have to do to be trusted?”

Well, a good place for them to start is with the senior IT executive, especially one who relies on strong IT audits. Combined with a detailed audit strategy, the assurances of an IT auditor will enable the CIO to say with confidence, “We deliver on all our commitments – on time, on budget and at specification.”

In other words, the systems that deliver the information an executive needs to act on are working properly and capable of supporting the changes necessary to meet initiatives to restore corporate trust. The IT auditor can also warn executives when systems fall short of desired goals and possibly lay out a path to reach them.

When the U.S. and what was then the Soviet Union were negotiating a strategic weapons reduction, Ronald Reagan was fond of saying, “Trust, but verify.” The IT auditor serves as the verification mechanism that will let senior management, investors and customers sleep better at night.

Most executives are profoundly ignorant about IT auditors and audit programs. In an increasingly digitized economy, the IT auditor needs to become much more visible. The days of plausible deniability about access to relevant data are behind us.

The first step on the path to building a trust-based IT organization is to inventory the auditing resource. Who are your IT auditors? How many of them are there? How much do they cost? What skills do they possess? What do they do? What value do they add? How should they be measured? How are they perceived? What have been their big wins in the enterprise? What have been their major setbacks?

With this information in hand, you can begin to rebrand the IT audit function in the minds of the corporation, the relevant regulators, the investment community and the customer base. Having a world-class IT audit function is an overlooked source of competitive advantage in a trust-challenged economy.

So drop by your IT auditor’s office and get his advice. You can trust him or her.

May is a long-time industry observer, management consultant and commentator. Contact him at thorntonamay@aol.com.