Slide HeadingA Discussion:From Auditor to CIO

Tim Van RyzinW. Edward Young

March 12, 2014

The Dilemma

Utter the word auditor, and many

CIOs cringe. After all, IT auditors are

professional nitpickers who identify

problems and get CIOs to fix them.

(Tim)

Overview

1 How to audit without alienating

2 Building technical skills

3 Building soft skills

4 Our career paths

5 Career options to make the jump

6 How to Jump

(Tim)

Discussion Leader Introductions

>Jennifer Kovacich, IT HR Manager, Regal

>Tim Van Ryzin, Dir. Security & IT Risk, Regal

>Cameron Yazdani, Assoc. Director, Schenck SC

>Ed Young, VP Infrastructure, Regal

(Tim)

Audience Poll

>Who is an internal or external audit role?

>Who is in a IT compliance role?

>Who has been in an IT department?

>Who has an MIS or Computer Science degree?

What do you want to get out of this presentation?

(Ed)

It’s Shocking!What is the Tone?

Certainly, auditors can find shocking shortcomings. Ross Wescott, now

chief auditor for the Oregon utility Portland General Electric Co., has

discovered a few unsavory surprises for CIOs, including a massive

security hole when he was at another company. In that case, the IT

department "didn't bother turning on the security at the core level," says

Wescott, who helps develop the auditor certification test at the

Information Systems Audit and Control Association. "They were rolling

this out to core applications. The apps people thought the core people

were setting security, so they didn't do it. There was no security

anywhere." Fortunately, Wescott discovered the problem before

anyone took advantage.

(Ed)

Who is the Customer?

>You do you see as the Customer?- Audit Committee- CEO- CFO- CIO- Person you are Auditing

(Ed)

Tri-fecta to Anger the Auditee

1. Change scope in Mid-Audit or December

2. Make a huge deal out of something your are just speculating about

3. Raise up an issue without discussing

Communicate & Validate

(Ed)

Audience Question

1) When was a time you drove an auditee nuts?

2) What could you have done differently?

(Ed)

How to Build a Partnership

1. Maintain team consistency

2. Spend time learning

3. Follow an issue through to the root cause

4. Ask how you can help

5. Make recommendations – NOT Requirements- Solution focused and practical- High impact and low effort

(Ed)

Audience Question

What do you do to partner?

(Ed)

How Do You Build on Partnership

> IT is lean

> What skills are you bringing to partnership

> What are you trying to take from partnership

(Ed)

Audience Questions

1) Who has a CISA, CISM, or CISSP?

2) Who is Six Sigma certified?

3) Who is PMP certified?

4) Who is Microsoft, Cisco, etc. certified?

Guess which ones matter to IT?

(Tim)

IT Skill Requirements Changing

> Dead are the days of the generalist

> IT is lean

> Everyone needs to know controls

> Require Business Acumen

> IT requiring more technical skills- Companies can’t afford to develop- Buying experienced staff

(Tim)

Hot Skills in Demand

> Programming / application development

> Networking

> Mobile development

> ERP configuration – Oracle & SAP

> Project management

> Database admin

> Cloud architecture

> IT security

> Analytics(Tim)

Audience Question

1) Who audits an ERP system?

2) Who has attended configuration or technical training?

(Tim)

How to Build your Skills

> Don’t take audit class - instead take:- Configuration- Implementation

> Take advantage of company training- Talk to IT about when they bring trainers in- See if you can use training credits

> Attend IT conferences

(Tim)

Key Certifications

> MBA

> Six Sigma- 40-80 hours of training- Mentor under Black Belt- Complete project- Show real savings

> Project Management Professional (PMP)- 40 hours minimum training- 2+ years project leadership experience- Pass rigorous exam

(Tim)

Audience Question

What does the audience recommend?

(Ed)

Soft Skill Development

The Basics

> Listening and Communicating: Understanding your Audience

> Emotional Intelligence

> Conflict Resolution, Partnership

> Negotiation, Trust Building

Resources

> In-House & External Training: Balance your Resources

> HR Department

> Mentoring & Coaching

*You Are Responsible for Your Career Development*

(Jennifer)

Our Career Paths

>Tim Van Ryzin, Dir. Security & IT Risk, Regal

>Cameron Yazdani, Assoc. Director, Schenck

>Ed Young, VP Infrastructure, Regal

(Ed)

Audience Question

Who has moved from Audit to IT?

Share your story

(Ed)

Roles for Transition

>IT Risk Management

>Information Security

>Business Continuity Planning

>Disaster Recovery Planning

>Information Privacy

>Information Assurance Compliance Auditing

>Business Role

(Tim)

IT Skills / Career Tracks

(Tim)

Proactive Career Management -Step 1: Define Your Brand

>What are your skills?

>What makes you different?

>How can you make a difference?

(Jennifer)

Step 2: Define your Market

>What do you want to do?�>Where do you want to work?

>What industries do you want to work in?

>Who do you want to work for?

(Jennifer)

Step 3: Develop your Marketing Materials

>Prepare now even if not looking�>LinkedIn of course

>Develop 15 second elevator pitch

(Jennifer)

Step 4: Build your Pipeline

>Let people know you are looking

>Meet with hiring managers of companies your are interested in

>Network

>Speak at events

>Breakfast / lunch / drinks

(Jennifer)

Critical Points

>Networking provides the leads

>Like sales, a job search is often a numbers game.

(Jennifer)

Audience Question

What else? Recommendations?

(Jennifer)

Lastly - The Resume

>Use a chronological resume�>Most detail on last two jobs�>Growth trajectory with metrics (staff, budget, savings)�>Formatting is important: crisp font, white space, bullets, display type�> Don’t exaggerate

>Include a one-line description of each company you list

>Emphasize your impact

>Don’t list common technologies – Word/ MS Excel/ Access

>Mention accomplishments in team building and leadership development.

>2 pages is more than enough

(Ed)

That’s it….

Open discussion.

(Tim)