Audits – How to Select a Topnotch IT Security Auditor

There is nothing more perilous – in emotion and in practicality – than an audit. It evokes cold sweats in some employees, hair pulling frustration in others. It is also, arguably, the number one mechanism firms need to routinely gauge the protection they’re offering their employees, intellectual property, privileged information and personally identifying information.

The problem often lies in selecting the right auditor for your company. As The New York Times writes in this Economix blog post the worst offenders are often right under our noses:

“One unfortunate fact about the auditing business is that those who depend on the audit — investors, lenders and customers — are not the ones who choose the audit firm. At the places where an audit is most needed, the people choosing the auditor may be the ones who have the most to fear from a good audit.”

So, when you, an honest person with nothing to hide, are granted the luxury of being a part of the audit selecting team, there are some things you need to know.

Make a list… check it twice. The folks at TechTarget are chock full of informative and easy to digest information on security auditing. One of their top tips is to develop a before-, during-, and after audit checklist. Here’s the questions you should be asking before you give anyone the ‘go ahead.’

  1. Who are members of the audit team, and what are their roles and assignments?
  2. What are the credentials and experience of the assigned audit team?
  3. What orientation or training can you provide them to be comfortable within the environment?
  4. Communicate with your managers and staff in the areas to be audited.
  5. If an area was audited before, review the prior report to see the issues raised and recommended made. Get an update of corrections or changes made as a result of prior audit work and give your staff and the audit department credit.

Many of these questions must be answered internally before you even begin the process of interviewing and selecting an auditor. For more ActiveCare tips on identifying best in class auditors, click here.

Location, Location, Communication. You’re going to want to allow your auditor full access to your Information Systems (IS) security and help foster a friendly working relationship with your Information Technology (IT) team. In most cases, face time is crucial in both of these. For that reason, you may want to consider auditors who are local or who have local experts so you’re not burdened with travel expenses on top of auditing fees. If you can find a local auditing firm who understands the importance of solid communication, then it’s a potential win-win. Auditors should be easy to talk with, answer questions or requests in a timely manner, avoid using too much technical jargon, allow employees to continue their work, and be open to working through discrepancies in a solution-oriented format. A my-way-or-the-highway auditor or IT Department head isn’t going to do anyone any good.

Find a specialist and verify their credentials. Once you’ve determined what your specific IT security auditing needs are, you’ll want to find an expert that meets those particular needs. But don’t always take their word for it. Your auditor will have access to, and be handling heaps of, sensitive information, so you’ll want to verify that the information they provide you is true and accurate. That means references, certifications, and examples of their work. Having this information in hand will help you to better compare the list of auditors you’re considering.

Determine your budget. Money shouldn’t be the driving factor in selecting an auditor – after all, one of the reasons you’re hiring them is to protect yourself from fleecing, lawsuits, and theft – but it will probably always be a factor in your decision.

What’s worked for you in the past? We’d love to hear how you found your auditor so shoot us a comment below.

This entry was posted in General, Human Resources, Identity & Credit, Industry Solutions, News, References & Credentialing and tagged , , , , , , , , by Patricia Carlson. Bookmark the permalink.

Patricia Carlson is a content writer who specializes in B2C and B2B inbound marketing. She blogs regularly for clients about the background screening and finance industries, and generates newsletters, white papers and email campaigns for a variety of businesses. Patricia also produces a heavy rotation of editorial material for home design, law enforcement, and family magazines. She’s been writing professionally for more than a dozen years, and for Active Screening for more than two of those. Check out LinkedIn for a roster of Patricia’s clients and links to published works. When she’s not interviewing sources or researching trends, she’s living a fast-paced Florida life questioning the antics of her two young children, partner and mischievous cat. Patricia loves to talk tennis and TV on Twitter – give her a shout @pattycfreelance.

 
        
Active ScreeningBarbara S.
Healthcare Industry

"Here at Holland Hospital, we have been extremely pleased with Active Screening. The report results come back quickly, usually within 24 hours or less.  The staff at Active Screening is easy accessible, knowledgeable and responds to our questions promptly."

Active ScreeningLynn C. Staffing Industry

"Benton Mobley has been and remains my Main point of contact at Active Screening from the beginning; so aside from the comfort of dealing with the same person all these years, there is the most important fact of all;  customer satisfaction. Benton knows the business like the back of his hand; and that is what we need in our fast paced industry of staffing. He is the all-time BEST!  MY employer, Leslie, believes in the notion that great service deserves to be rewarded, so we are here for the duration.We get immediate and personalized attention for any and all concerns we need addressed, and in the staffing industry, this is vital."

Active ScreeningCayce R. Education Industry

"My experience working with Active Screening for our background check process has been very positive.  The reports are almost always completed in a very timely fashion. The information reported appears to be very thorough and accurate.  On the rare occasions that we have questions or problems, the customer service team is always very quick to respond and resolve the issue.  Overall, I am very pleased with the service I receive from Active Screening."

Active ScreeningCraig H. Staffing Industry

"Your customer service is excellent.  The turn around time on background checks is quite fast.  Excellent work.  I haven't had a single problem."

Active ScreeningJackie C. Education Industry

"I wanted to thank you and your staff for being so patient and working so diligently with the Human Resources staff during our recent endeavor to process all of our work study students through background screenings.  We have never had to process so many requests within such a short period of time before, but thanks to you and your staff we made it. Again thank you, we made a good choice in selecting Active Screening."

Active ScreeningLindsey W.  Financial Industry

"I wanted to share my appreciation for your wonderful service...switching background screening companies could have been a stressful task, but your company made the transition seamless. Your website was extremely easy to navigate and the turn around time has been great. I appreciate when information is missing or entered incorrectly during ordering, your company notifies me right away to ensure that my error does not hold the reports results, causing us a delay in hiring an individual...Active Screening has been great to us and I would definitely refer them to others."

Active ScreeningTerry S. Property Management

"Working with Active Screening over the last year and half has been a wonderful experience. They deliver fast and informative results at the best price. Their level of professionalism and the speed they respond to our issues is a benefit that any company can value from. I would highly recommend using Active Screening and their amazing team."

Active ScreeningYulesis D.  Staffing Industry

“Interactive Response Technologies (IRT) has more than 2,000 employees at multiple locations across the United States. IRT has been using Active Screening to conduct criminal background checks since 2006. During this time, Active Screening has consistently returned accurate reports, usually with less than 48 hours turnaround. If there are any problems or inconsistencies with the reports, their staff has called to notify us so that we can attempt to rectify the situation. The staff at Active Screening is always courteous and congenial over the phone. In our opinion, Active Screening is outstanding.”

Active ScreeningAndy N. Software Provider

 "Active Screening has helped us screen our applicants in record time for more than two years.... we are very impressed with the professionalism and speed with which their service team responds to our questions. They understand our needs and are a pleasure to work with. I highly recommend them."

Active ScreeningCassie J. Staffing Industry

"The Active Screening team is very informative; they provided a complete consultation on all the services, so I understood what I needed, and saved me hours and hours of my time learning the various services. Their reputation, as being on the cutting edge of employment screening best practices, certainly held true in this instance. The expertise they brought to the table was invaluable to our understanding of our applicants backgrounds. I highly recommend Active Screening to anyone with the task of screening large numbers of applicants and needing reliable customer support."

Active Screening

With over 20 years of law enforcement experience I can attest to the fact that the strongest predictor of future criminal behavior is a person’s criminal history. As the manager of campus safety at my church, I depend on Active Screening to provide a thorough assessment of every criminal history background check we request. For more than 3 years, Active Screening has been faithful to this task with timely, accurate and reliable service.

Active Screening

We have benefited from knowing that we are not exposing the communities we work with or ourselves to unnecessary risk. We continue to have a perfect record in that we have never had a serious incident with a trip participant causing harm or acting inappropriately with any community member or fellow team member- thank goodness!

Active Screening

I would highly recommend any association or organization who conducts background checks to use Active Screening. In addition to my involvement with WAHA, I am an officer in a corporation with over 500 employees who provide treatment, mental health, and correctional services for children and adolescents. Our company is mandated by law to do comprehensive background searches and I can say with the utmost sincerity that Active Screening product rivals that of any government or other private sector process.

Active Screening

We have used Active Screening and their solution VERITY to screen all our coaches and volunteers working with youth. The online system gives us an easy and cost-effective solution to collecting forms and payments from our applicants...and we simply login to view the results of who passed or failed. It's so easy....thank you Active Screening.