A Pilots Lofty Goal of Building Trust Through Audit

Osama Abbas
Author: ISACA Now
Date Published: 2 November 2022

Editor’s note: The ISACA Now blog is featuring a series this year profiling ISACA professionals who are in pursuit of digital trust. Today, we profile Osama Abbas, CISA, CISM, head of IT audit, Emirates Transport and an ISACA member since 2013. For more digital trust member stories and resources from ISACA, visit q8kp.au99168.com/digital-trust.

A Pilot’s Lofty Goal of Building Trust Through AuditJust as Osama Abbas has to trust the mechanics of his aircraft as he guides his flights at high rates of speed, the modern business world calls for trust-centered solutions in his areas of professional expertise: audit, risk, governance and security.

There is overlap between Abbas’ professional life and his passion of piloting lightweight aircraft in the skies above Jordan and UAE, with the need for strong trust among the common denominators.

Only one of those activities, though, comes with spectacular views.

“Aviation, for me, is my main key of happiness,” Abbas said. “The moment I take off, I feel like I own the sky and definitely enjoy the unbeatable views.”

Abbas, an ISACA member since 2013, dreamed of being a pilot since childhood, eventually joining the Royal Jordanian Gliding Club at age 20 and continuing his cherished hobby in recent years at the same time his career also has taken flight. He currently works as head of IT audit with Emirates Transport, a state-owned enterprise based in the United Arab Emirates. There, he has worked to establish the IT audit function within the internal audit department, and as part of his strategy, cybersecurity coverage, integrated audits and business process reviews from an audit perspective were introduced. Additionally, he helped to implement a “center of excellence” for continuous auditing and monitoring that provides real-time data sets to better equip auditors for success.

A Pilot’s Lofty Goal of Building Trust Through Audit “We utilize state-of-the-art techniques in data profiling and extracting in addition to implementing automated triggers for special audit-related criteria,” Abbas said. “We have built this function with the help of ISACA’s resources from ITAF, all the way to audit programs and publications.”

The journey to creating a successful audit function in his current role started with a bit of turbulence. Abbas said there initially was “huge resistance” that had to be overcome with various stakeholders.

“I remember that we had to explain the benefits of IT audit many times to gain the acceptance of audit concepts from our auditees prior to doing any audit work,” said Abbas, who holds ISACA’s CISA and CISM credentials. “Our main success now is that the digital and IT departments consider IT audit as their trusted advisor when it comes to implementing new technologies, introducing new products, enhancing and shifting cyber resilience, and so on.”

Abbas said that establishing digital trust has become a core imperative that all companies need to integrate into their missions and strategic objectives.

“We need to ensure that the trust factor is present for all parties when it comes to the digital space, and therefore building and maintain all aspects to govern this concept, from the smallest control up the ladder to the tone at the top of the organization and top management adoption,” Abbas said.

Abbas said a significant increase in data volume has made audit more challenging in recent years and calls for the development of new controls and a more analytical approach to the profession.

A Pilot’s Lofty Goal of Building Trust Through AuditWhile Abbas is thriving in his current role, he has long-range plans to build a consulting firm specializing in IT audit, cybersecurity and audit analytics in an effort to help enterprises mitigate technology risk – a field that he has come to fully embrace and in which he is happy to still be ascending.

“I am lucky that life introduced me to technology risk,” Abbas said. “There is nothing better than seeing how, as technology risk professionals, we are able to assist organizations and people to maintain a secure digital environment.”