Manage Learn to apply best practices and optimize your operations.

IT politics: Why IT auditors and Web developers are disconnected

Kevin Beaver explains why IT auditors and Web developers don't understand each other, and why they need to.

What is causing the disconnect between IT auditors and Web development?

Kevin BeaverKevin Beaver

This is an interesting dilemma in the enterprise. There are plenty of disconnects between developers and the rest of the organization -- even those working in IT -- which can be detrimental to the business.

There's often a technical disconnect, whereby IT auditors, especially the less tech-savvy ones, are completely out of the loop on what Web developers do -- and help prevent -- in terms of security. There's often a business disconnect, whereby both parties have different goals. IT auditors' goal might be to have a clean Web security assessment report, while Web development's goal might be to provide the most functional or resilient application environment. Both goals are worthy, but they're often completely separate, which can create a divide between the groups.

There's often a business disconnect, whereby both parties have different goals.

There can also be a political disconnect, which is often the strongest and most divisive kind. It's a situation I've seen, one where everyone is looking after himself, protecting his own job and interests without seeing the bigger picture of what needs to be accomplished for the business.

IT auditors tend to have the ear of management, and Web development is often seen as just another techie function that runs itself with little need for support or resources. As a result, I've seen developers literally beg and plead for better tools (i.e., source code analysis and vulnerability scanners) and more security training, and it continually falls on deaf ears. Auditors, on the other hand, are able to document a problem and present it to management, and the needed support is quickly provided.

I don't think it's a malicious disconnect. No harm is meant. It's just the way auditing and Web development have evolved, likely due to auditing's continuous connection with management and development's isolation. Developers and IT auditors can certainly have either a positive or negative impact on one another. It pays to get to know each other and to learn what's expected of their roles.

Dig Deeper on Topics Archive

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How would you define the disconnect between IT auditors and Web developers?