ISACA Journal - 2016 Volume 3

Q: How do you think the role of the IS auditor is changing or has changed? What would be your best piece of advice for IS auditors as they plan their career path and look at the future of IS auditing?

A: In my opinion, the role of IS auditor has expanded as IS auditors are needed to be more involved in all the areas of the business, especially in project management. They should be involved in the projects to consider all the security aspects right from the start.

However, the core
roles of the IS auditor
have not changed
as such, since the IS
auditor is expected to
provide an objective
insight into the risk and
control processes in
any organization. But
with advancements in
technologies and new,
emerging threats, the
IS auditor’s auditing
methodologies have
to be adjusted, taking
into account regulatory
obligations, outsourcing,
new exploitation
techniques and more,
as these pose serious
challenges for this
critical role. My humble
advice for IS auditors
is to keep abreast of
these developments,
update their knowledge
on a constant basis and
be flexible to adapt to
the new techniques of
auditing.

Q: How did you make the transition from IS auditor to your current role as senior operations manager of a certification body?

What skills have
helped you the most in
this most recent role?

A: Well, in addition to my experience as an IS auditor, I am also an accredited lead auditor and trainer for many other management system standards, including Business Continuity Management System (BCMS), IT Service Management System (ITSMS), Quality Management System (QMS), Cloud Security Alliance (CSA)

STAR, and EuroCloud
Star (ECSA) Audit, with
auditing experience of
more than 20 years.

As a senior manager of operations, my role has transformed from governance and compliance to the accreditation requirements as a technical reviewer/ approver and mentor for other auditors in this field not only locally, but globally within my organization. My IS auditor experience has enabled me to understand and articulate the needs and expectations of an IS auditor, which has helped me assist and guide new IS auditors to increased levels of effectiveness.

Q: How do you see the roles of IS audit, governance and compliance changing in the long term?

A: I, personally, feel this role will have more responsibilities and is going to become more accountable at the same time. Due to the rise of security

Khawaja Faisal Javed, CISA, CRISC, BCMS LA, CBCP, CSA STAR, ECSA, ISMS LA, ITSM LA, ITIL v3, MCP

Is senior manager of operations and information and communications technology products with SGS Pakistan.

With more than 23 years of experience, he has conducted more than 1,000 third-party certification audits/ assessments of large enterprises in 40 countries worldwide against different international standards/ frameworks as a lead auditor/trainer for ISO 27001, ISO 20000, ISO 22301, and other security and business continuity frameworks.

Javed was awarded a Showcase honoree award for Senior Info Security Professional, Asia Pacific in 2012 for his contribution to the field spanning more than two decades. Javed is also a member of the ISACA Journal review team, and a prominent and keynote speaker at international conferences and seminars.