Auditors are bombarded by certain people attempting to sway us from our straight and narrow course of honesty. Seemingly simple violations can become uncontrollable career killers. Do not allow yourself to participate in any situation that could tarnish your image as an auditor. Just having a false reputation of dishonest activity will quash your career like a black plague. Let's look at a few common examples:
- Copyright violations. The possession, purchase, or distribution of bootleg materials will lead to forfeiting your CISA certification along with any other certifications requiring an ethics statement. You don't have to be convicted of a crime to lose your certification. Make sure that you purchase only genuine software and commercially licensed copies of printed material. Don't use anything except your own copies of materials that were rightfully obtained from the license holder. This includes copies of the ISO standards, software tools, special reports, and even this book or CD. Always be prepared to show the receipt and original product to prove you are honest and ethical. Lack of evidence implies guilt. Vendors' shipping records are an excellent source of proof. Trafficking in bootlegs provides an excellent route to living in jail.
- Guilty people get amnesty for turning you in. It's unfair, but the guiltiest will typically get amnesty for turning someone else in for participation. So the person who says, "don't worry" is not worried. They secretly know that you will become their scapegoat at the first sign of trouble. Beware of any special deal or exception that can be used against you. The truth never stays secret.
- Failing to follow your own rules. Make sure that you uphold the spirit and intent of the audit profession. The worst thing you could do to kill your career is to give the perception that you violate the rules yourself. It's necessary to "walk the talk" by doing everything right, just as you expect from your customer. By doing this religiously, you will become almost bulletproof.
- Review the beginning of this chapter again if you need any examples of executives and auditors being "burned at the stake" for violating the public's trust.
- Avoid violating the law. Being associated with a suspected scam is nearly as damaging as being convicted in the courtroom. The best way to stay out of trouble is to avoid questionable deals. Never accept a free or loaner copy of software from IT workers. It's a trap that usually involves someone bragging about how they helped you out by violating the law, ethics, or company policy.
- Report violations promptly. Remember, the person reporting (in this case, you) will usually get amnesty, unless someone else turns you in first. You need to be prepared to turn over evidence unless you want to join others in their convictions. Honest auditors always report the truth. It's what keeps us in business.
An audit is simply a review of past history. The IS auditor is expected to follow the defined audit process, establish audit criteria, gather meaningful evidence, and render an independent opinion about internal controls. The audit involves applying various techniques for collecting meaningful evidence, and then performing a comparison of the audit evidence against the standard for reference.
If the assertions of management and the auditor's report are in agreement, you can expect the results to be truthful. If management assertions and the auditor's report do not agree, that would signal a concern warranting further attention.
Your key to success in auditing is to accurately report your findings, whether good or bad or indifferent. A good auditor will produce verifiable results. No one should ever come in behind you with a different outcome of findings. Your job is to report what the evidence indicates.