Was invited to talk to the Chartered Institute of Internal Auditors today, at their annual even. This was hosted at the Hilton in Dunblane (lovely setting, by the way - I recommend it!)
The theme of the event was around the auditor being a 'critical friend' which supports a large proportion of the work I do with audit, IT, security, risk, compliance and governance teams, namely:
Leveraging the skill sets of these teams and communicating will help you understand risks in your organisation!
With the rate of change of technological advances, and the associated new risks, your audit team are not in an ideal position to know about the new security risks a particular technology brings. But your security team may well know all about them already. So they should talk to each other.
In the echo chamber that is the security industry we harp on about this a lot - we understand security and often seem puzzled why others don't 'get it' but it is because we have our own peculiar jargon, terms, ratings etc.
The focus of my talk was on communication - being able to translate this jargon into business language. This goes for all specialist teams, to be honest - you all need to be able to get your information across to the FD, the COO, the business unit lead or whoever, in their terms, otherwise you will be ignored!
It was perhaps a challenge, being placed right after lunch, and right before Karl Snowden's political awareness talk, but I enjoyed myself, and I had enough people come to talk to me about the subject that it must have resonated with a few of the attendees.
Many thanks for inviting me, hosting an excellent event, and I must congratulate the venue on the awesome chocolate chip cookies!
(My only problem now is that with KPMG sponsoring this event, I now have an EY umbrella and a KMPG umbrella - and with my OCD I'm going to have to complete the Big-4 set!)