nanog mailing list archives
Re: We hit half-million: The Cidr Report
From: Owen DeLong <owen () delong com>
Date: Thu, 1 May 2014 11:34:03 -0700
On May 1, 2014, at 11:07 AM, John Souter <john () linx net> wrote:
On 01/05/14 17:41, Owen DeLong wrote:The problem with this theory is that if auditors can be so easily put to the street, you run into the risk of auditors altering behavior to increase customer satisfaction in ways that prevent them from providing the controls that are the reason auditors exist in the first place.I disagree. And the power balance is generally tilted way in favour of the auditors, as many people on this thread have already commented. In my experience, most companies are afraid/inhibited to raise issues or challenge their auditors in any way. Nobody is asking auditors to roll over, but if their behaviour is unprofessional/illogical, then a short sharp shock should do the trick.
I’m not saying that auditors shouldn’t be accountable or that people shouldn’t be able to do something about auditors that are being irrational/stupid. Believe me, I cringe every time I hear “our auditors require NAT as a security mechanism” since NAT is a minor hindrance to security at best. I realize you’re not asking auditors to roll over, but finding a balance point is tricky.
If you don’t believe me, examine the history of Arthur Anderson and their relationship with a certain Houston-based company which failed spectacularly.Can't really comment, but it was financial auditing, and ISTR that many things failed in that situation - not just financial auditing.
Many things failed in that situation. MOST of them should have been caught and stopped by financial auditing. Yes, it was financial auditing, but I don’t really see the difference. When you turn “pleasing the customer” into a potential conflict with “accurate audit results”, you create a recipe for trouble. As much as I want auditors accountable for unprofessional/illogical conduct (which does not yield “accurate results” anyway), I consider it critical to avoid putting auditors in the “a happy customer is a good customer with a happy audit” mentality because that leads to very bad places. The right place is somewhere between these extremes, but defining that location is quite difficult. Owen
Current thread:
- Re: We hit half-million: The Cidr Report John Souter (May 01)
- Re: We hit half-million: The Cidr Report Owen DeLong (May 01)
- Re: We hit half-million: The Cidr Report John Souter (May 01)
- Re: We hit half-million: The Cidr Report Owen DeLong (May 01)
- Re: We hit half-million: The Cidr Report Jean-Francois Mezei (May 01)
- Re: We hit half-million: The Cidr Report Robert Drake (May 01)
- Re: We hit half-million: The Cidr Report Fred Baker (fred) (May 01)
- Re: We hit half-million: The Cidr Report Mark Foster (May 01)
- Re: We hit half-million: The Cidr Report Owen DeLong (May 01)
- Re: We hit half-million: The Cidr Report John Souter (May 01)
- Re: We hit half-million: The Cidr Report Owen DeLong (May 01)
- Re: We hit half-million: The Cidr Report Alain Hebert (May 01)
- Re: We hit half-million: The Cidr Report Owen DeLong (May 01)
- Re: We hit half-million: The Cidr Report Alain Hebert (May 02)
- <Possible follow-ups>
- Re: We hit half-million: The Cidr Report Robert Drake (May 01)