Week 1:

My first week of employment with my firm consisted of training. We had local training in Virginia and then additional training in Atlanta. This company is very hands-on and requires interns to book their travel arrangements and keep track of their expenses. While in at Atlanta, we reviewed company policies and then broke into groups within our service line.

My service line is Risk Advisory/IT Audit. We assist staff, seniors and senior managers identify risk by testing and completing reperformance. tasks This helps the company understand where a IT products work and where it doesn’t. My firm encourages teamwork and culture so many of our training tasks dealt with team-building. There was never an activity initiated that didn’t involve teamwork.

Week 2 & 3:

I was assigned on an GDPR Privacy Assessment. This type of project does not staff interns interns normally, but due to staffing restraints I was provided an incredible opportunity. The first step with any project is on-boarding. We learn about the client and also look 10-K reports. After that, it’s my responsibility to ask any additional background questions.

The project consists of looking for gaps, which is call gap analysis. Basically,
we see which GDPR requirements the company is fulfilling and then find the requirements that need to be implemented. The new GDPR requirements are coming into effect in May of 2018. The European Union has data protection requirements when transferring personal data from the European Union to the United States. The new requirements are far more strict than Safe Harbor and Privacy Shield and covers all countries with regards to data transfer to and from the EU.

Due to the difficulty of this project, there are many high level members of the firm on the team. For two weeks I started out researching in order to order to assess the current state of the client and recommendations. Attention to detail is paramount as our findings and advice can affect the client legally. My initial task besides research on the requirements included re-branding our presentation. I was assigned other critical tasks, but due to the nature of the work, I am not allowed to go into much detail.

However I can say that I would love to see regulation like the GDPR come to the U.S because from an IT perspective, we have to think about what data we are sending/receiving. Who is monitoring that data and how long are they keeping it? What information is given to third-party vendors and why? Do they absolutely need that information? If I want data-portability or erasure, what are my rights? Does the company even have a way to honor my request?

As a double major, the privacy field is very intriguing. Having the IT and accounting background helps when GAPP requirement knowledge is needed when we try to see overlaps of separate standards. This project piqued my interest in the regulatory and compliance side of IT.

Week 4:

This week I started with a new project that is closer to the IT Audit side. This work is awesome because it builds on what I did previously. For instance, there is GDPR requirement dealing with security. It reminds me of a math problem where the GDPR was the “answer” and the IT audit side is showing the work. If a company has password requirements that after 10 login attempts, the account is locked out, we test to make sure that is true. If only certain people have access, we check to make sure is true. This involves checking JavaScript code, making accounts and checking aged accounts.

 

I rate myself a 10 for the first week and a nine for the second week. I deduct a point because I had issues with a power point presentation that I should have been more familiar with at this point in my education. I tend to distance myself from technologies that are more design related. As for the last 2 weeks of this blog, I give myself a 10. I asked many follow up questions and began understanding the processes better.