IT auditors are in high demand these days. Recruiters and competitors are looking to snatch high-quality talent with the right set of skills and background.
That means it's more important than ever to have a robust recruiting and retention program for IT audit to keep star performers from leaving for other jobs. It's also important to hire the right candidates and communicate with them well so that the organization and the IT auditors they hire are both on the same page. Johnathan Ngah, a principle at Synergy EnterPrize LLC, a staffing company that specializes in IT auditor recruitment says that a poor recruiting process can lead to problems later on. "If you miss on the front end of the hiring process, you need a lot of luck to make it up on the back end," he said.
At the IT Audit and Controls conference, last month in New Orleans, Ngah detailed six IT audit errors for companies to avoid.
1. Recruiting, selection, and training strategy is not clearly defined
An effective resource strategy should focus on adapting and using proven methods to screen, interview, hire, and retain talented IT auditors with complementary skills to address your audit needs and with the ability to adapt to your work environment and culture, said Ngah.
He also advises companies to look for IT auditors in non-traditional places. "Diversity is everything," said Ngah. "Having a bunch of people with the same background and skill sets and think the same is the worst thing you could do"
Ngah says it important to communicate with the team what the strategy is and why you make the hiring decisions you make. "You need to communicate your skill needs to the team. And if you go outside for a new hire, they need to know why," he said. "You can prevent turnover if members of the team understand why they were passed over,"
2. Existing strategy is not clearly understood or consistently applied
Without a formal and clearly understood resource strategy consistently applied throughout your organization, luck or exceptional judgment of hiring managers is needed to assure qualified IT auditors are hired, says Ngah. Some questions to consider include: What is your organization's ideal candidate (profile)? Where can you find them and how do you get them to apply? How do you structure and execute interviews to select candidates with desired skills who can quickly adapt to your work environment and culture?
When looking for a good IT auditor, Ngah says he looks for drive and creativity in candidates as well as a willingness to learn. "Are they hungry enough and are they resourceful enough to figure out how to solve problems," he says. "When I come across an IT auditor who thinks they know everything, I say 'good luck' and move on. That person isn't growing or challenging themselves."
3. Procedures not in place to quantify or monitor progress
Quantifying IT audit resources requires that you identify and measure skills, preparedness, potential, and fit, and then assess their impact on specific projects and ability to "create value" for your organization, said Ngah.
Identifying which skills or attributes are beneficial, and in which circumstances; allows you to focus on the following:
• The attributes critical to your organization;
• Which skills are lacking and for which you should be hiring;
• The type and extent of training to provide; and
• Recruiting and selection programs based on inventoried IT audit skills and needs.
"If you don't ever have any process to rate performance, how do you know if are moving from point A to point B," he said.
4. HR recruiting, selection, and retention policies are misguided or dated
Inadequate or poorly applied HR policies, especially those impacting IT auditors, can negatively affect productivity, said Ngah. An outdated, disorganized, and poorly structured recruitment process increases the likelihood of hiring unqualified IT auditors. It also impacts productivity if team collectively lacks skills to execute and deliver, and can lead to high employee turnover, imposing significant costs, he added.
"Costs are not limited to the monetary amounts spent to recruit or train new auditors, but include lost productivity during the recruitment and training window, and the opportunity cost of lost time and effort involved," said Ngah.
5. Head-hunters and recruiting firms are not used effectively
Consider the trade-off between using internal resources during the recruitment process and using an external recruiting firm, said Ngah. While he says outsourcing can be a great resource, it should not substitute or considered a replacement for an IT auditor resource strategy. "You need to understand why you are using them and are you getting the bang for the buck," he said.
He recommends putting some metrics in place to evaluate the performance of an outside firm, such as evaluating retention rates for IT auditors placed through recruiters.
Ngah also says you need to ensure adequate control and oversight of the outsourced process:
• Use external firms with a good understanding and track record in your industry
• Make sure they provide value that complements your internal recruiting efforts
• Can they consistently provide skilled IT auditors who can easily adapt to you culture?
• Relationship Manages assigned to your organization must understand your work environment, operations, team dynamics and culture to place the right candidates
6. Frequent turnover of qualified IT audit when talent is not managed effectively
Frequent turnover is among the biggest problems for IT audit organizations. Since they are in high demand, competitors and other companies will try to poach your most talented individuals. To guard against that companies must take several steps to ensure they are providing a competitive package to potential hires. Ngah said companies need to offer competitive benefits package upon hire and benchmark compensation against competitors. "Remember, you get what you pay for," said Ngah.
Some other steps to guard against turnover include:
• Offer small perks to make for a more conducive work environment
• While exit interviews are great to know why those leaving chose to, "stay" interviews can determine how to ensure the best IT auditors stay
• Promote from within whenever possible (impacts morale & advancements)
• Maintain constant training for IT auditors to acquire new skills
• Provide clear, tangible and attainable goals for which IT auditors are rewarded
"It audit is a very difficult job," said Ngah. "When nothing happens no one even realizes we exist. But when there is an incident, the question is always, 'Where was the IT audit team?" He said companies need to do more to recognize the accomplishments of high performers.
Ngah also said you need to keep them challenged in their jobs to keep quality IT auditors engaged. "The last thing you want is someone that is completely comfortable in their job. They are not growing or challenging themselves."