alt Hacker NewsIt's auditing, nobody that is good at doing anything goes to auditing, unfortunately its one of those jobs. I haven't interacted with any auditor that actually understood all they were auditing, some are better than others but the average is worse than almost any other job description I have dealt with.
Replies
The industry is paid to provide a fig leaf for shady practices. Everyone knows what's going on, no one is going to do anything about it unless governments step in and give regulators more resources and more teeth, and "errors" lead to prosecutions and jail time.
None of those are likely.
This is the industry that missed Enron, WorldCom, Wirecard, Lehman, and many others.
You should check out the banking industry sometime if you'd like to interact with a competent auditor.
Compliance gets taken quite seriously in an industry where one of your principal regulatory bodies has the power to unilaterally absorb your business and defenestrate your entire leadership team in the middle of the night.
If you care about this stuff you need to in-house auditing and do your own audits with people who care. Then get certified by an external auditor for the paper.
You can start very lightweight with doing spec driven development with the help of AI if you're at a size where you can't afford that. It's better than nothing.
But the important part is you, as a company, should inherently care.
If you rely on an auditor feedback loop to get compliant you've already lost.