5 Telltale Signs That Your IT Auditor Isn't Up To The Job

It's a simple equation: If your IT auditor isn't up to snuff, your bank will become a target for federal examiners lickety-split. Here are five common red flags that will tell you your auditor is ineffectual, provided by Cynthia Bonnette, director of Information Security Risk Assessment with NETBankAudit in Arlington, VA. If you detect any of these signs, send your auditor packing pronto:

1. The auditor offers little or no communication with bank staff (e.g., the auditor does not ask questions or confirm that bank staff have received and understand relevant materials).

2. The auditor lacks technical knowledge (e.g., the auditor does not understand technical issues, asks irrelevant questions or does not appear to understand answers provided).

3. The auditor focuses only on checklists and work programs. Warning: Excessive reliance on lists or manuals may indicate a lack of understanding.

4. The auditor is not aware of current "hot topics" (e.g., he or she is not familiar with recent regulatory guidance and industry developments).

5. The auditor cannot provide reasonable recommendations to address findings or criticisms. Keep in mind: Adverse findings should be fully supported and clearly explained.