The Network: Timo Heikkinen

The Network: Timo Heikkinen
Author: ISACA
Date Published: 1 January 2015

Timo HeikkinenTimo Heikkinen is a senior audit manager for Nordea Bank in Helsinki, Finland. With more than 15 years of IS auditing experience, he is responsible for the execution of Nordea Group’s overall internal audit strategies and planning, managing and leading business-IT and outsourcing-related audits across the Nordea Group. He is also a member of ISACA’s Relations Board.

What’s on your desk right now?

  • A laptop
  • Cell phone
  • Family photos
  • The latest edition of ISACA Journal (currently I’m reading an article about business case management)
  • A bottle of water

How has social media impacted you professionally?

  1. Social media has brought IS audit professionals around the globe closer to each other and allowed for better and increased sharing of information.
  2. As an IS auditor, I must be aware of social-media-related risk, e.g., data privacy, and ensure that such risk is sufficiently managed in my organization.

What are your favorite benefits of your ISACA membership?

  1. The great deal of good and valuable information about various audit-related topics
  2. Networking through volunteering. As a member of different international-level boards and committees, I have been able to meet and connect with some of the finest IT professionals around the world.

What do you do when you are not at work?

  • Spend time with my family.
  • Play football (soccer) and watch my sons playing football (soccer) and ice hockey.
  • Just simply, enjoy life.

The Network: Timo Heikkinen How do you think the role of the IS auditor is changing or has changed? What would be your best piece of advice for IS auditors as they plan their career path and look at the future of IS auditing?

The Network: Timo Heikkinen The IS auditor’s core role has not changed much over the years. The IS auditor is and should be primarily responsible for providing an objective assurance on the risk and control processes of the organization. In that way, the IS auditor is in the best position to improve risk and control practices in the organization. Many things (e.g., emerging technologies, regulatory obligations, outsourcing) have, of course, changed how the IS auditor’s audit universe looks now compared to what it was earlier. Those things have all brought new challenges to the IS auditor’s working environment. My piece of advice for IS auditors is to constantly keep your knowledge updated and build a trusted partnership with key management representatives.

Question What do you see as the biggest risk factors being addressed by IS audit professionals? How can businesses protect themselves?

Answer One of the biggest risk factors that IS auditors should be closely monitoring is risk related to services being provided by third parties. Whenever an organization outsources something, it cannot outsource the management responsibilities related to risk and controls. There is a tendency to trust and expect too much of third parties, but as an IS auditor, trust is not a good control. Business management needs to understand and manage risk related to services being provided by third parties.

Question How do you believe your software engineering background has supported your career and current role as a senior audit manager?

Answer My software engineering background has helped me to understand in practice not only how the applications are being developed and maintained, but also the nature of controls that need to be implemented to applications.

Question How have the certifications you’ve attained advanced or enhanced your career? What certifications do you look for when hiring new members of your team?

Answer Certainly, my certifications have enhanced my career. Having a certification shows a true commitment and dedication to your chosen occupation. At my organization, the Certified Information Systems Auditor (CISA) designation is mandatory for all IS auditors. Therefore, our company strongly encourages and supports all new hires in obtaining the CISA certification.

QuestionWhat will be the biggest compliance challenge in 2015? How will you face it?

Answer I would say that in the banking sector, which I represent, the biggest compliance challenge is coming from the regulatory side. We face new challenges to ensure compliance with both existing and emerging regulations. To face these challenges, auditors need to ensure that management is aware of and has taken appropriate actions to sustain ongoing compliance with these regulations.