Trish@Landerint’s Blog

ERM is a growing concern.

Or is it? Maybe I should say that growing concern fuels the evolution of ERM.
And concern – or fear – is not a powerful motivator for spending. Like insurance, ERM and Security can be tough sells. Businesses, like people, are naturally optimistic and want to get on with things, not take the time to examine everything that could go wrong.

At the Fall ISACA conference in SF, a panel of IT audit leaders  agreed that communication skills – verbal and written, along with strong technical knowledge – are the most marketable skills an IT Auditor can have. The individual who displays both is like gold (Marta O’Shea, IT Audit Director with VISA).

This applies in the day-to-day job of interfacing with the financial and IT people in business, as well a within your team, but it also applies, in an amplified way, to the leadership of the function. Unless the owners of IT Audit, Security, and ERM can enlist the buy-in from the holders of the purse strings, lip service is all they’ll get.

In the deluge of talented people from the workforce there are many strong players from this space. One former Director who found himself on the market told me that his ideal job would be Worldwide Director of ERM for a global company. Unfortunately, there just aren’t enough jobs like this to go around, or to suggest that businesses are thinking enough about risk.

At the same time, while the opportunities have shrunk, there is certainly a growing trend towards security emphasis in IT audit. Employers now want a CISSP above a CISA. They want solid evidence of technical risk-based audits, and too much SOX now looks like an outbreak of blemishes on a resume. One hiring manager told me he’d  rather see candidates with no SOX because, as he put it, “SOX  makes your stupid.”

So what we’re seeing now is a SOX backlash. The people who have been on the SOX gravy train are coasting to a stop. “I think I might have retired without knowing it”, says one idle SOX consultant. The gravy train’s engine is headed off in a different direction – IFRS could be Son of SOX. But this may attract less attention than Son of HIPPA: the HITECH Act, which might be better called JAWS, since it gives HIPPA teeth – or dentures.

Randy Spratt’s opening address was a fabulous launch pad for proceedings at the Fall ISACA conference in San Francisco. Randy is the CIO at McKesson (15 on the Fortune 500 and a major player in the world of health care) and he spelled out how huge health is, and how it’s going to get even bigger for IT Security, Audit and ERM.

Randy spelled out the key points: Health is the fastest growing expense for individuals, families, and businesses. People are more concerned about the security of their health information than about their credit histories. 60% of health information is on paper. The information that is stored by the vast aray of participants in the health industry is siloed, and this is where the big change is coming. The HITECH Act will elicit large-scale information sharing, and therefore, an ocean of potential security breaches.

Drug syndicates – and I’m referring to the illicit kind – have been ramping up their IT skills via money laundering, and have discovered that hacking is a startlingly lucrative byproduct of their endeavours. The image of the geeky hacker at home is a flashback to the gold old days, and big business no longer knows who the bad guys are. It’s a scary cyber-world out there.

So, health is a booming industry and opportunities there for  talented IT, ERM, and IS professionals will be booming, too – we hope! IFRS is coming – unless you believe the sceptics – and this will shift the focus for professionals on the financial side of the house. But IT will be drawn in and auditors of all disciplines will need to become savvy. Just where the talent pool or IFRS is coming from is an intertesting question. Global companies and Big 4 firms whose people are becoming IFRS experts, must anticipating poaching!

Recruiters are called on when positions are hard to fill – because of location, the extent of the travel or the specific skill set required, or because of the sheer scarcity of talent. A good recruiter is an excellent conduit – for information as well as for relationships.

It’s true, the market has been sluggish this year. Searches have been put on hold or shifted over to the slow lane. But this week, I had one candidate hurtling through the process. The day after his phone interview with HR, he was called back to see if he could meet with the VP in one hour. The VP was leaving the country that afternoon and would be away for one month, which would stall the process. My candidate couldn’t make it to the meeting, and was then called back again to set up a conversation with the Director. One hour after that conversation, the Director called again to schedule a video-conference with the VP. Within two days, this candidate had been rushed through the process in a search which has been on for 6 months! Even in this candidate-rich market, the right candidate can be hard to find, and some needs are becoming urgent!

The need for risk management, for security, regulations, and controls is escalating. The world has changed since the crash, in a plethora of ways. Purse strings are tighter, risk of fraud is greater, loyalty to employers is less, and the Big 4 are not quite so big. The iceberg which sunk the Titanic was never given a name. We all remember Enron. It’s up to the players in ERM to identify the icebergs and make the captain’s of business pay attention.

Black Diamond is a very cool name for a consulting firm in this line of work.

Check this out – it is a great resource for the audit community.

People often get frustrated when they don’t hear back quickly on a submission or an interview. It’s especially tough these days when there are so many candidates. Getting back to everybody in a timely way can be like juggling spaghetti! And getting back to everybody is something I really strive to do.

It’s probably even tougher for HR people. One HR contact I spoke with recently said she had 200 on-line submissions in one weekend for an opportunity, and most of these people did not have the requirements for the job.

Casting a broad net in your search is one thing but creating white noise and applying for things which are way off target, is another!

But getting back to the timing issue – This week a candidate I have placed starts a new job for which the hiring process took 9 months! Yes! Just like a pregnancy. This process took a lot of monitoring and kneading – just like making great bread.

I love metaphors, and they are so plentiful when you’re talking about recruiting – or auditing!

Anothercandidate I am working with told me that he was promoted on a Monday and laid off on the Friday. He was then assigned a “transition coach” which was helpful, until that person was also laid off.

Another candidate I am placing is relocating, and I work with HR at his new employer to ensure that the on-boarding process is smooth. But then the HR contact was “off-boarded” and nobody was assigned to follow through with on-boarding my candidate. This might not normally be a problem, but in this case it was, since there were “complications”.

HR has been so trimmed recently that they are over-loaded. (They are like the canaries in the coal mine.) This is often why HR can really use recruiters in a climate like this. They need help juggling the spaghetti and cutting through the white noise to find their target candidate. This is especially true when the search is for a very specific skill set.

Some of the searches I am working on right now have been going on for months. This seems paradoxical in this candidate-rich market. It demonstrates that the search is still a quest to find that needle in a haystack – and these days the haystack is even bigger.

Right now my job is more about career counselling and assisting good people to startegize their searches. I do this even when the opportunities I am steering them towards are not searches which I am engaged on. I figure we are all in this together and what goes around comes around. Community and information-sharing are vital right now!

Why did the auditor cross the road?

OR

Don’t Let a Good Crisis Go to Waste!

May you live in interesting times is the old Chinese blessing/curse, and we are certainly in them. When the going gets tough, two things become really vital – one is community and another is humor. These are the notions which inspired this Blog.

Audit is center stage, and as a recruiter of auditors, I get a unique perspective on the current situation.

First, I spend all day talking to auditors about the nature of their business, about trends in audit, and about what we can expect. In a tough economy, efficiency becomes paramount, the risks increase, and audit becomes more valuable.

Second, I get a privileged perspective on each person’s situation with regard to their career – and also numerous other aspects of their lives. Auditors can often feel isolated. They may be working in a silo, on a solo project, or they may be braving the job market – alone.

Networking is valuable – in recruiting, in a job search, and for audit professionals. This blog will share some of the information I gather in my work.

Conferences and seminars are fantastic forums for information sharing and networking, and with tight budgets abounding, attendance at these is generally down. One good way to deal with this is to delegate a representative of the team to bring back the knowledge and the news. For auditors who are “between gigs”, there are often discounts and opportunities to volunteer.

Now, while I don’t intend on doing coverage of the conferences I’ve been to so far this year, I can share some of what I’ve seen, and paint a broad picture of the general mood.

At the Spring ISACA conference in L.A., the San Francisco/San Jose IIA Joint Conference in Santa Clara, and the ISACA event in Silicon Valley there was plenty of genuine buzz. Other members of the Lander team have attended the Super Strategies conference in Las Vegas and the GAM conference in DC, and they reported the same –numbers may be down but energy is up. There is plenty to talk about these days!

Some of the presentations I’ve seen this year were so inspired that I thought the speakers had missed their calling. They should be doing stand-up comedy! And this reminds me of a joke:

Q: How do you know when you’re talking to an extroverted auditor?

A: He looks at your shoes when he’s talking to you.

I know. It is so outdated! We all know that communication skills are as vital as any technical accounting or IT skills in the audit profession. Audit isn’t easy – for the auditors or the auditees – and smooth completion of effective work requires terrific people skills.

But this is an audit joke! Now, when John Hicks – IT Audit Director with the Walt Disney Company – began his address at the L.A. Spring ISACA Conference, he lamented that he had been surfing the web looking for audit humor and couldn’t find any. He asked the audience if anybody knew anything funny about audit. The fact that nobody had anything at all to offer was pretty funny in itself. I shared this joke with John at the end of the session – too chicken to pipe up that I was the only person with an audit joke – especially given the nature of the joke!

OK – maybe the joke’s not that good. And so the challenge is on: Audit humor required! Please send me any good jokes you know about audit and/or auditors. There is such a thing as audit humor. And a good time to find it is now!

Julia Wyckoff – a fantastically informative and dry-witted speaker who is, incidentally, the Chief Internal Auditor at The Gap – noted at the IIA Seminar in Santa Clara last week, that “we have all been given opportunities to be lemonade makers”.

Phil Roush – VP of Internal Control services with Cisco – speaking at the same conference, said “Don’t let a good crisis go to waste.”

This economic crisis is a great opportunity for audit to demonstrate its worth.

In her keynote address, Patty Miller, the International Chairwoman of the IIA and a Partner with Deloitte & Touche, had this mantra: audit is not about testing controls; it is about helping business to run better. “Let me say that again” – she said more than once.

It is a recurring theme.

Audit is not about repetition!

It’s not just about testing controls.

Good audit adds value.

Business needs audit to make it strong.

Now is the time to do more with less, to be creative, to look for explanations and to find new approaches and solutions.

Auditors have SOX fatigue and in some ways SOX has done the image of auditors a great disservice.

And this brings me to another joke.

Yes, there is more than one audit joke in the universe!

Q: Why did the auditor cross the road?

A: Because he looked in the file and that’s what it said that they did last year.

Another comedic gem, riffing on obsolete stereotypes!

There is a lot more to say… about the job market and careers, about the impact of the economy on the hiring process, about strategies for success and team building, dealing with stresses and tough situations, about forecasts and plans, and about distinguishing yourself from the competition, and demonstrating that you really can add value.

As a recruiter, I am privy to some amazing/interesting/ironic/sad stories. Discretion is crucial in my line of work, as it will be in this blog. My conversations are always confidential, and I will not be sharing any information here which will compromise or embarrass anybody. This is information sharing for the greater good!

Good recruiters are like bees – cross-pollinating teams, acting as conduits for information and ideas as well as people – and jokes. Julia Wyckoff, VP at The Gap, noted that she encourages her team to network with auditors from other teams. Information sharing is hugely valuable. Audit is not for introverts, and the audit community thrives on networking.

So, welcome to my blog.

It’s about audit and careers.

It’s business, and it’s personal.

If we don’t find ways to be positive and to laugh, we just might go crazy.

I think it was Chris Cimino  – Partner with KPMG and President of the San Francisco IIA  Chapter – who said, “There is light at the end of the tunnel – and we don’t think it’s a train.”

To be continued…

Trish Mulholland

Lander International

(800) 548-5318 Ext.15

(510) 541 6872 (cell)

http://www.landerint.com