Why do we need third party audit?

Hi frens,

We see third party audit everywhere. Food safety. Blockchain smart contract. ISO 27001 information security certificate.

And, we often see internal companies about being audited. Lots of paperwork, afraid of being investigated, and picky auditors.

Lastly, auditors seem to be highly paid, and in high demand.

As a software developer in mind, I care about information security for myself and the company. Nothing surpasses self-motivation and attention to detail, whether in user experience, information security, or any other aspect.

However, we have blind spots as an individual. That’s why I’m curious about how auditing could help, if there’s any.

A third part audit works as external power to raise the awareness and enforce some works on information security. That’s good.

But why would people be afraid of being audited, or why would the society count on audit to safeguard our world?

In my opinion, that’s because most people don’t care about information security until a disaster happened. It’s a lot like personal health, many people don’t take good care of themselves until be sick. Or lots of profit-making companies.

So third party audit works as a “risk treatment” for our society, if doing a good job. However, I always admire people with craftsmanship, who often care a lot about security as well, and I believe they are the truly unsung heroes for our safety.

Your friends,

Denken