What do you like best about your job? I have been fortunate to not be limited to IT audit but also perform operational and financial audits. I thoroughly enjoy being free and able to see the entire company and all of its operations. This gives me a broader perspective than if I were just limited to IT alone. That's what I like the most.

What do you like least? I do not enjoy delivering bad news, because sometimes people like to shoot the messenger. Fortunately, this has happened very rarely in my career.

What should other IT people know about your role? That I really am on their side and not an antagonist to their work. I view my role as an objective partner who has others' interests at heart. I really do want to see them succeed, and if I can help them succeed in their control responsibilities, then I have done my job and can go home satisfied at the end of the day. It's all about them and not about me.

What should business people know about your role? Pretty much the same as the IT people. In fact, I don't separate IT people from business people. They have differing specialties and tasks but should be trying to achieve the same goals.

What would enable you to do your job better? If auditors don't have the right tools to make their jobs efficient and effective, then it is always an uphill climb to get the job done well. Important tools are those for data mining, electronic working papers, and centralized issue tracking and repositories, to name three. Adequate training is always important and should be a balanced mix of technical and soft-skills education. The IT auditor should also try to get broader exposure to other areas of the business and of the audit process, for example, by learning how to do financial audits. The effect of a broader exposure is a greater understanding of the entire business process, and as a result, it makes them more effective in suggesting improvements at the department level.