Cross-posted from the ISACA Now Blog:
“This is the song that doesn’t end.
Yes it goes on and on, my friends.”
– Lewis, S., “The Song That Never Ends,” Lamb-chop’s Sing Along, Play Along, Norman Martin Music, 1992.
When I think of technological progress, in a lot of cases we are seeing new views and takes on existing ideas. Ideas keep coming back around, just like “The Song That Doesn’t End.”
Take virtualization and cloud computing. Cloud computing often touts a “pay as you go” model where you run cycles on someone else’s hardware. This is the model many an organization ran with for their mainframes and similarly sized computing devices. A classic example applicable to auditors and IT security folks is found in the Cuckoo’s Egg by Clifford Stoll. Stoll happened onto an international intruder due to a small (less than US$1 dollar) accounting error on just such a platform. That was in 1986.
As auditors, we can use this to our advantage when coming up to speed on new technology, new techniques or new anything in information technology. The first thing to do is see if we have a re-implementation of an older idea. If we do, then chances are we have a good idea of how to begin auditing that new technology.
Approaching new technology with the mindset of looking to see what it is already similar to what we already know accelerates our ability to learn the new technology and provides our organizations with services on said technology. It also reduces a lot of the fear factor for us. After all, the technology implements concepts and ideas we already understand.
Editor’s note: For further insights on this topic, read K. Brian Kelley’s recent Journal article, “Innovation Governance: In Everything New, There Is Plenty of Old,” ISACA® Journal, volume 1, 2020. (ISACA membership required to view the article)