The Legislature just approved our request for two more IT auditors to increase our ability to examine the thousands of IT systems in the state. We now have three teams of IT auditors- a 50% increase over the previous two! We make the best of our limited resources by focusing our skilled professionals on the systems most critical to the finances and operations of state government.

We will soon start recruiting for more IT auditors so if you’re interested watch the Secretary of State website in August when applications open.

OurNeal IT Audit Manager, Neal Weatherspoon, was recently featured in the Summer 2015 newsletter of the Willamette Valley chapter of ISACA, an association of IT audit and security professionals.

In this issue, we would like to introduce you to chapter member Neal Weatherspoon. Neal serves in an IT Audit Manager role with the Oregon Secretary of State Audits Division.

Tell us about your job. What do you do on a day-to-day basis?

Manage the best team of IT auditors in the state.

What do you enjoy the most about the profession?

I enjoy the challenges, the people, and the challenging people. Nothing is more satisfying than knowing your work is benefiting the citizens of the state and those who tirelessly serve them. Having popcorn and cookies at break time is an added bonus.

How did you get into the profession?

I was born to be an auditor. My daughter tells me I question everything! I came to the Secretary of State to obtain financial audit experience I needed for my CPA license. I stayed because I was asked to help reestablish the IT audit function for the Division. This immediately led to CISA certification and total immersion into the IT audit world.

How have you develop your skills and stay on top of changes? Do you maintain any professional certifications?

Last things first – I’m a CPA, CISA and CISSP. Keeping current with multiple disciplines is a challenge. What works for me is to remain an integral part of my teams and their audits. Every member of my staff has at least one skill or ability that eclipses mine; I make sure they share. Along the way some of my experience rubs off, we both benefit. Collaborating with IT auditors from other states has also been a positive resource.

What advice do you have to emerging professionals who are considering a career in the profession?

Don’t be afraid of the water! Jump in and you’ll soon learn to swim with the sharks. The challenges associated with IT audit are great – the rewards for making a positive difference are likewise great. Everyone depends on IT which makes good IT auditors indispensible.

Do you have a funny story involving IT security or audit you could share?

There is nothing humorous in a data breach or significant control weaknesses. Lots of sleep has been lost by managers and technicians who found themselves on the wrong side of an error or breach. However, sometimes IT auditors have a hard time bridling their sense of humor. For example, one of our tests revealed that a payment system continued to automatically purchase bus passes for clients who actually died some months earlier. Bus riding members of the audit team were quick to relate their personal experiences of riding next to some of those unfortunate commuters.