Undercover

Audit Agitation

What do you do when your customers want you to do an independent security auditand your CEO doesn't?

February 01, 2005CSO — My CEO is a psychopath. No, really he is. He's a lying, manipulating, amoral, selfish, screaming-like-a-madman, intellectually challenged, dysfunctional excuse for a human being. And those are his good qualities. But, surprisingly, I read recently that I am not alone in enjoying such a CEO. It's actually quite common for psychopaths to become CEOs. So much so that a company in the United Kingdom now specializes in employee testing to try to identify and hopefully retrain those exhibiting psychopathic tendencies before it's too late, and they are taking the express train to the top of the corporate ladder. Too bad this company didn't exist while my piece of work was in his formative corporate years.

I tell you all this not for sympathy, but so that you can imagine my discomfort when I had to approach my CEO and explain what a SAS 70 was and why we needed it.

For those who don't know, a SAS 70, or Statement on Auditing Standards No. 70, is an internationally recognized standard developed by the American Institute of Certified Public Accountants. A SAS 70 audit represents that an IT services provider (for example, a financial services organization) has been through an in-depth audit of its control activities, which generally include information technology, security and related processes. The Sarbanes-Oxley Act of 2002 makes SAS 70 audits even more important to the process of reporting on effective internal controls at IT services organizations. That's because the reports signify that a service organization has had its control objectives and control activities examined by an independent accounting and auditing firm, as Section 404 of Sarbanes-Oxley requires.

And I had to explain all this to a man who has the patience and temper of a 2-year-old with a diaper rash. Right.It Wasn't Exactly a Tea PartyI approached the CEO's office with a queasy feeling of resignation and trepidation.

"Mr. Blowhard is running late," his attractive, blond administrative assistant informed me. "He's very busy these days, you know," she continued, with a slightly irritated frown.

Great, I thought, I can enjoy my misery stew a little while longer. I sat in an overstuffed leather chair in the waiting area outside his office. Inside, I could hear Blowhard screaming at his latest victim, his voice rising steadily in a paroxysm of hysteria. Suddenly the door banged open and out the CEO sprang. His bald head sported beads of sweat.

He thrust out his arm, directing the way out. "And don't f***ing come back here until you get it right!" he shouted. His unfortunate victim slithered past him.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

IS/IT Project Mgt. Credentials From Villanova - 100% Online

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Data Protection: Challenges for the Traveling User

Key strategies for C-level executives and security staff

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

Solving Online Credit Fraud Using Device Reputation

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Configuration Assessment: Choosing the Right Solution

Revolutionizing Endpoint Security with a Single Agent

Envision Identity-Based Access Control for the Datacenter

Rolling the dice with your security? Take the Self-Assessment Test now

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage