Article | TREND NO. 1
How to build an effective IT audit team during a time of skilled resourcing shortages
Jan. 25, 2023 · Authored by Mike CullenJim KearneyMeghan Senseney
Facing competition for experienced staff in an already tight skilled labor market, organizations across the world are fighting to strengthen their team’s risk management abilities. In this environment, individuals with the right technical certifications, relevant experience or soft skills may be difficult to find, and even harder to retain. In fact, the 2022 (ISC)² Cybersecurity Workforce Study shows that 43% of respondents are unable to find enough qualified talent to meet their goals, and 33% of respondents are struggling to keep up with employee attrition.
What to look for when staffing your IT audit team
Equally important as attracting skilled labor is attracting the proper skilled labor. Employees responsible for an organization’s risk management function should have a balanced mix between technical certifications (e.g., CISSP, CCNP Enterprise) and risk-oriented certifications (e.g., CISA, CISM, CIA, CPA) to provide insight into risks from both cybersecurity depth and enterprise risk perspectives. This technical mix should be balanced with a strong set of soft skills and good cultural fit with the team.
To further supplement these skilled team members, finding existing employees with the right aptitude for risk management may allow for a better connected and more knowledgeable workforce. In forming an IT audit team, for example, some of the best candidates may sit within security operations, IT administration, infrastructure or other teams within the organization’s Three Lines.
Even after building a skilled team, it’s vital to define an effective reporting structure – leadership skills are a must! To ensure that skilled labor is used to its full potential, it’s necessary that all supervisors and managers are made aware of their responsibilities to those who report to them, and that they understand how to communicate information up and down. Hiring a technical employee with no managerial experience into a leadership role may harm team morale and result in increased turnover or dissatisfaction.
