A Day in the Life of a Technological Auditor

As I promised in my first blog post, “Gearing up for my Summer Internship at Key Bank”, I will go into more detail about what being an IT General Controls Sox Audit team member looks like on a day to day basis. Before I get into anything too serious, I need to start with the basics. Some of the most important things that I have learned this summer about being a technological auditor are from my marvelous manager, Brian Drotleff. Ironically, most of those things are witty one-liners. Some of my most coveted one-liners are:

  • Be comfortable being uncomfortable
  • Be curious
  • Trust, but verify
  • If it’s not documented, it didn’t happen

With these handy dandy proverbs in your pocket there is nothing you can’t achieve in the working world.

The first saying is by far my favorite. I think being comfortable being uncomfortable is applicable to all parts of life. If you can be comfortable not understanding or knowing everything, but make inquisitive, intelligent steps towards your task, then you will be worlds better off. Throughout my internship I have learned to be comfortable being uncomfortable really quick. From day one I was staffed onto a project looking into access provisioning. I am by no means a subject matter expert on access provisioning, but by accepting what I do know I am able to then build steps to fill the gaps of what I do not know therefore completing my testing. The more comfortable I get with being uncomfortable the better I fair with each set of new testing!

The second maxim once again applies to almost everything in life and ties in very closely with the first. If I had a nickel for every time I was encouraged to be curious, I would probably already be retired. All jokes aside, being curious is really important to being a technological auditor. If I get an email back from app support and I do not really understand what they mean, it’s imperative to take it a step further to make sure my understanding aligns with the deciphered technological lingo and abbreviations (there are abbreviations for everything – including abbreviations for abbreviations).

The third axiom plays off the second. It is paramount for all Risk Review, or the third line of defense, to ensure that what is being reported is accurate. There is no way to ensure the information sourced from applications and systems, if the application and system can’t be ensured to be working efficiently and accurately. For example, if an individual tells you a password is securely stored – that’s great. You can trust them, but you better verify.

The final one-liner is probably the most important. I can be as comfortable being uncomfortable, as curious, or as verified as I want, but none of it happened unless I document it. Throughout my internship the screen shot has become my best friend. I am constantly logging different conversations and pulled reports as form of documentation. As tedious as it may seem, documenting is very valuable. When coming across a speed bump in testing, it is very nice to be able to look back at all the documented details from last year to give clues to the next steps.

The most challenging part about being a technological auditor is walking the line between being a member of the KeyBank team and being an independent body to the lines of business. Many lines of business don’t reply or comply in a timely fashion because we are seen as the folks that show up once a year and point out all of the mistakes similarly to regulators and external auditors. I spend a measurable time at work trying to track down emails and get answers. At the end of the day, we all play for the same team. Whether the lines of business acknowledge it or not, it is much better off for Risk Review to find something rather than the regulators or the external auditors.

Opinions expressed are those of the speakers and do not necessarily represent those of KeyBank

Screen Shot 2015-07-23 at 5.24.34 PM
Brian Drotleff – SOX IT Audit Extraordinaire

Performance Review

This week in my summer Managerial Accounting class I learned about the benefits of coaching and engaging team members through performance reviews to bring the team into alignment behind department or company goals. We looked at different ways managers can use accounting to aid in these exchanges.

Ironically this week I received my first set of performance reviews from my managers at Key. I have to admit, learning about performance reviews is much easier than preparing for one of your own. I swear I thought I heard the Jaws theme song as I got closer and closer to the conference room; or maybe it’s just a sign I should tone down binge watching Shark Week.

In case you were curious, all of my reviews went smoothly. I thankfully received positive feedback, which is really encouraging as I’m still trying to wrap my head around the projects I am staffed on. One of the pieces of feedback that I received surprised me a little bit. My manager encouraged me to consider ways the company could be more efficient. My first thought was who am I to tell the 19th largest bank in the USA that it isn’t efficient? Then it occurred to me.

As we journey through college, we teeter-totter between the working world and the world of academia. We are at a paramount position to bridge the gap between the latest case studies from school and the processes used in corporate America. I challenge you to look for connections between your studies and your work experience. Challenge what a book says; ask why to your professor. Challenge a century old process; ask your manager if they would consider a different method that may be more effective.

Time and time again the emergence of data has shown that long held beliefs don’t actually pan out across the data and new information. Be respectful, insightful, and always curious. Improving and learning go far beyond the numbers you analyze or projects you complete. Challenge the way others think and ask for the same in return. Before you know it you’ll be onto something you never thought possible!

 

Here are some of the fun things that the interns of RRG did this week:

Screen Shot 2015-07-10 at 11.43.04 AMScreen Shot 2015-07-10 at 11.42.58 AM

Screen Shot 2015-07-10 at 11.42.49 AM

Opinions expressed are those of the speakers and do not necessarily represent those of KeyBank