Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
CareerMail
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

Career Watch

By Julia King
March 22, 2004 12:00 PM ET
Recommended
(0)
Digg
Share/Email

Computerworld -

Vince Campitelli
Title: Managing director, enterprise technology audit
Company: Wachovia Corp., Charlotte, N.C.
What he does: Leads a 60-person audit team focused on identifying and managing risks associated with the use of IT at the $2.4 billion bank, the fourth-largest in the country. In banking and financial services, 70% to 80% of all risk is technology-related, because IT is so pervasive in the business. Campitelli believes the need for IT risk auditors is growing in other industries as well, as all companies become subject to new regulations, such as the Sarbanes-Oxley Act and the Patriot Act.
What does an IT risk auditor do exactly? It entails looking at everything in the technology infrastructure—networks, operating systems, program change controls, disaster recovery, information security, LANs, WANs and voice networks. You assess the risks of all of these technologies and the way they are being managed. Then you develop a three-year audit plan under which you'll look at every component in the architecture, looking at the high-risk technologies every year and the medium-risk items every other year or third year. It's like sampling New York City restaurants. You never get finished because by the end of the first year, you have changed the infrastructure so much that you have to sample more things.
What kind of skills do you look for in an IT auditor? These are hard-core technology people. They understand Unix, firewalls, networks and operating systems, and they understand them from a risk and control perspective. They don't need to be Java programmers, but they need to understand how to control Java programs and best practices for developing, inventorying, testing and rolling out changes.

Vince Campitelli of Wachovia Corp.
Vince Campitelli of Wachovia Corp.
What's your career advice for an IT professional looking to move into IT auditing? The No. 1 quality you need is professional skepticism. You believe everybody and trust no one. It's also all about communication. IT auditors are focusing on new products, new services and new projects. They need to make sure the CIO understands the risk and has a good way of managing it. In my opinion, risk and understanding risk is a major black hole. What's needed is a good dialogue between business management, financial management, IT personnel and IT auditors. You have to come up with a common language that all people understand.

How do you do that? Have a good training curriculum for IT people. For new IT hires, we build in an appreciation for risk and risk assessment controls into the core training. The other thing we do is get senior people to fully support it. That then significantly reduces the challenge because brand-new people are all for it.


Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

Xerox
Win a color printer!
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Upgrade to Internet Explorer 8 today.
Save time and mitigate security risk. Deploy it now.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Natural User Interface for Enterprise Applications
Learn how a revolutionary user interface can make a complex enterprise application so intuitive even casual users can jump right in....  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

A Truly Global HCM System
Learn about a system built with advanced object-oriented technology that support multi-national requirements and costs less to implement, maintain and upgrade....  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

Craft a Strategy to Lower Your Total Cost of Ownership
Get the tools to build a business case to assess the total cost of ownership of your HR technology footprint....  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

Navigating the Economic Morass
Need help making your way through today's volatile job market? In this Learn-Fast Guide, you'll learn how and where to look for your...  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs
Since the adoption of SOX, much has been learned about IT compliance. Discover how to make SOX efforts more effective in "Sustaining Sox...  

Agile Enterprise Content Management (ECM) for Rapid ROI
Find out how combining ECM and BPM will help adress issues about content rich business processes....

All White Papers | All Webcasts

Computerworld Reports

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

Computerworld Technology Briefing: Intelligent Users Use Business Intelligence

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.