Blog

Mall, where you’re heading?


[Some think this is hideous but it’s fresh, even if it ruined the neighbourhood.]

This then, on the future of retail. With an attempt to analyse and predict [You know my opinions on that …] what malls, or shopping centres in general, may look like in, say, five years from now.
Let’s first define the inputs for my ‘analysis’:

• Rapid developments of web shops in all retail areas, not just non-food and food ;-] Yes indeed, on the surface, even food already has its web sale / home delivery channels.

• At least temporarily, an increase in one-off / small batch production items as people seek things differing from mass products.

• The previous, along with flexibility in price. Not all one-offs / small batch products will have, or require, premium prices; mass products however may be required to ever further lower their price by expectations from buyers.

• Premium-price indetermination and small volumes work only when product offerings are available to (the increasing slice that cares, of) potential buyers. But we have that Internet, and may improve on the freshness of its content. Maybe through ambient intelligence / hyperlocal (discount/sales) offerings when some model of micro-location- or -time-based ad hoc approval of pitch presentation (on the hand-, wrist-, or headheld device) and trust of micro-time and -location permanence of privacy-sensitive (i.e., all) data fed back, would actually be trusted by sufficent numbers of sufficiently affluent potential buyers to get past the network effect point.

• This implicates the expectance that shoppers will still want to go out in the first place, to socialise (of fact; not by verbal communications or so but by mere presence) with the unknown Others out there.

• Through cost increases, people transport will diminsh or will shift to cheaper means; e.g. bikes – with much smaller load carrying capacity.

• So there will be various markets out there:
Mass markets for convenience products, either at hypermarkets out of town or with home delivery – with the trend probably going towards home delivery as that saves on the nuisance to go out and be among the hoi polloi and people in general being ever more in the devolution mode of less and less exposure to the outside-of-the-house environment. (A note; I’m unsure whether fitness will move ‘back’ to indoor clubs, or will move ever more into the ‘fresh’ outside air, or both as more people (will go to!) do anything at all about their bodies ..?
Mass retail webshops, for the home delivery markets as well as for the Lm-markets as below. Also serving product comparison.
Local markets for locally produced one-off / small-batch items. Note that these may be produced in somewhat larger batches if shipping can be done within the perish timeframe, in particular for non-perishables. But no batch may be so big as to become mass as the freshness and uniqueness (only in retail is that a scale not an absolute) would diminish too much; local shoppers for hipness may not like too-large-scale availability. And note that even if shoppers would like to be surprised by the (next)^x new thing that only they have access to, they will still want to be the first to a. compare with Everything else out there, through their mobile Total Information awareness device(s), b. share their überhipness immediately, thus diminishing the newness value of their latest purchase by snapchatting it, i.e., asking for copies to become available ASAP.
Local outlets for mass-produced goods, when the product selection experience can be made a worthwhile experience in itself as with luxury goods (mass produced in sweat shops as they are, along with the mass-produced rip-offs), or when the delivery/pick-up can sufficiently add to the product experience, to warrant the shop rent. This will hold as long as opulent display of one’s Mammon worship (only; by implication) has positive residual value (net of the ridicule by ever greater masses).

• And where does this leave the Mall, or the Shopping centre (if there would be a difference) ..? The above demonstrates: Uniqueness, experience will be the thing. Locality of shops, and trust of local production and uniqueness, will be key. Hence, chain stores can survive only if they enhance the experience, or have a sufficently fluent web-purchase / local delivery experience (i.e., perfect logistics) and not too much generic stuff in stores to ruin the experience. Or provide in-store, the advantages of web shops (enormous collection, vast browsability) in combination with the premium shopping experience but also in combination with affordability! If not affordable, markets will be too small to attract sufficient clientele to warrant rent and staff; concentration will result in ever smaller enclaves of luxury shops. Shoppers will drop out, and not come from far away (don’t want the hassle and cost anymore) to shop around (among a public they don’t associate with, for products they can’t afford and not want for its lack of quality (opulence only, no content quality).
Shoppers will come for Ll- and Lm-shops, though. Aim for those..! Not big shops, but small ones; many. The low rent these may provide, and the insecurity of continuity (as real estate owner, you have control over that: rent should follow shop income, not the other way around…), are a matter of fact. Big stores will be empty, for much longer, and will cost you much more non-rent, much longer.
But oh, will web shops not vacate the shopping centre ..? No. They’re a fully-alternative channel, but they’ll lose for shopping pleasure and for freshness (newness) of products – web sites, one would need to track too frequently and too extensively (in numbers) to keep up with and people will get bored pretty quickly with that. In particular if Ll-shops do that for them anyway.

You comments, please! (see link below…)

Double shhh


[On a rooftop ..! ‘t Spant, Bussum]

Yeah, it’s a post on double secrets again. Not just because I haven’t seen any conclusive research on what to do with it; how to handle oversight (what is warranted, , etc.), what limits to justifications there would be, how to close the recursive secrecy gap, etc.
Not even because of stuff like this.

But because another issue was pointed out yesterday/today in a post at Bruce Schneier’s blog: Where double secrets may exist, trust is lost, and (theoretically and practically) impossible to regain.

Which is a problem not only for ‘current’ (big) companies relying on the trust of ‘consumers’ (who are in fact drone suppliers of almost completely free raw materials) and other business partners on the receiving end, as their business model will crumble to nothing when (not if) those cheapoo supplier leave in massive numbers.
It also spells trouble for the not-yet-big, almost-not-yet-companies. As defined in this slide deck, those new companies rely on distributed power, which is based on trust. The said (not sad) companies can grow only to the point where the base of trusting counterparts in exchanges (~facilitated) still grows. If at one end, trustors still flow into the system, but trustors on the other end flow out at a faster pace, the base will be ever narrower; the house of cards becomes more fragile and will collapse as some business wind (if only draft) comes along.

So, in order to really ‘disrupt’ as if that would be a lofty goal of any business [I am very much opposed to such thinking! ‘Disruption’ invariably leads to massive job losses and ever so many more family members’ life dreams ruined. No, the new industry will be of (relatively) jobless growth and yes, at some scale one has to take the macro effects into account], one would need to have a pre-emptive way to deal with double secrets, so the trustor trust base may grow in breath and depth.

My feeling is now that this sort of issue may also be the foundation of the inevitable-collapse-of-any-democracy issue. As predicted toungue in cheek, and shown practically throughout history. Are we at the verge of such a (Schumpeterian?) collapse, dinosaur extinction phase, in the way societies manage themselves? Utopian or distopian visions of what’s next for the coming era (remember the ‘Mayan calendar’ prediction of such a ‘new era’ ..?) may both be overblown, or … does reality always play out a bleak version of what could have been?

All in all, it seems rather important than someone [preferably someone more intelligent than me – regarding these issues, that is] would have a look at this all…
Is there really nothing out there in the intersection of sociology-, trust-, legal-, and economics- research that has pointers on how to resolve this issue ..? If the NSA or other TLA(s) are listening in and would have some Confi stuff, that’s good, too …!

Domo tics


[Voorburg, Herenstraat; Mú by Ming Hu Chen]

With the Internet of Things coming at us with lightning speed, why haven’t we seen a surge in easily appliable domotics ..? Sure, there have been small little, often not too well-designed and plasticky appliances out there for a while, but they often were in the bargain bins before a full‑scale deployment could take place. And we see trials here and there in offices (cheesily, in Dutch, and video) with bits and parts of true ambient intelligence style domotics. But still, not the real stuff.

If you now say that within our homes, domotics don’t (doesn’t?) take off because of lack of network effects (What are the benefits? [How to size them up and compare/add them?] Where‘s the tipping point?) within the confines of our houses individually, and the prices still being too high (among others, due to the lack of turnover and initial investment recoup), and installation being too cumbersome (all devices need placement and connection, probably to power supplies other than oft- and quickly failing batteries, and either connect cabled (old-fashioned) needing breaking into walls, or wireless, requiring ugly visibility) – I would reply that these are issues to overcome with smarter solutions.

But then, what is the date of construction of Bill Gates’ Xanadu2.0 home [If you’re listening: I would like a tour yes indeed thank you!] that has all the follow-me temperature, lighting and ambient music ..? Over a decade ago; does M$ deliver a full copy solution to every home yet? Domotics Explorer 2.0 doesn’t give too many Bing search hits…

A thing that may need to be settled first, is the general architecture of it all. Sensors and actuators need to be put in place, but how and where; what secondary elements do we need (control centers; where and how many (networked, carry-on or stationary?), signals-generating actuators; separate devices (hi keycard/pin) or built into other things, or programmed into other things (hi smartphone, à la NFC payments, now not so N)). What human control, using monitoring dashboards and some form of input (fingerclicks and voice work well in sitcoms; phone screen swipes, maybe?), can we have, can we allow? Are any ethics involved (haves/have nots; control over one’s environment vs. experiencing new things, conflicts, the commons) ..?

And there’s the question of business models for device suppliers and servicers. Subscriptions with updates of software, and hardware, or plain purchase? What about interconnectivity and multiple standards?

Just check the wikipedia page; so much more to discuss. E.g., re the integration or not, I definitely prefer not, of domotics with “‘smart’ grid” ideas of outside monitoring of our home internals – but connection to the outside may help your fridge to order short stock/supplies. Or what to do when conflicting demands are made within the same room (try sharing music tastes with your kids; they just don’t seem to get Purple, Floyd, or the Maiden or even Zappa).
But the question remains: How to overcome the not-yet-existing network effects requirement ..?

Stats and news


[Van Gogh’s ear]

The news is still filled these days with all sorts of incidents with (new) media, information leaks, etc. etc.
How long will it take us to realise that this is just the noise to the signal of health? It’s not that traditional media, and new media, are filled, it is that their space is too limited. If they would have sufficient space to cover all that goes well, no-one would notice the mishaps. Risk-based controls, anyone ..? Because, if you would do that seriously, you probably wouldn’t control anything!

Your comments, please.

Predictions 2014 the InfoSec edition


[DUO Groningen (couple of years ago), where a leak led to many a student’s funds were defrauded. Looks original, is just chasing outer effects]

So, some of you have seen my Predictions 2014 including the update or two, and other posts on developments in the Information world at large.
But what you desparately needed, awaited before even starting on the Christmas decorations (for those in the West), and held out any shopping for food or beverage for, I know, I know [Heh, that’s the opposite of Unk Unk’s ;-], is my completely and utterly unpretentious predictions for the Information Security arena of 2014.

Well, here we go then:

Advanced Persistent Threats will blossom like weeds (not wiet!) in 2014. APTs being the ultimate blended threats to confidentiality of information. There may be cases of government-on-government espionage, that highlight the ‘modern’ squared or cubed variant of traditional intrusion & spying (information exfiltration) work. But moreover, there will be incidents much publicised where business-on-business espionage, possibly helped by shady government agencies, is outed as more than a theoretical possibility. Of course, you all know that this is nothing new, but the general public will demand an answer from some Board members and State secretaries here and there (literally) of victims and perpetrators (denial becoming less if at all plausible). These answers will be the definition of lame. The infosec industry will rush to develop (maybe not yet fully utilise) the market; contra but hush-hush, also pro…

Certificate vulnerabilities will be shown to be a factor of import. Yesterday’s unprotected printer WiFi, will be the current certificates being stolen or manipulated. Bot victimisation of clients will be less by trojan planting and more by means of hijacking certificates (‘Certjacking’? You read it here, first! [Update to add: well, in this spelling …]) to do … sort of low-level ID / trust theft. This will not be explained nearly well enough to the general public to get them concerned, but with tech-savvy CIOs and IT managers, this will give a stir. And major sweeps through the own infra. And not much by means of future better cert management.

Crypto-failures. Cryptography, as far as actually implemented at all (some ‘implementations’ may embarassingly be found out to be done on paper only!), will show to have failures in at least two ways: procedural errors will lead to (much publicly visible) non-availability of information, e.g., when asymmetry isn’t implemented well due to lack of understanding of bureaucrat procedures writing committees mumbling and fumbling about; and by public demonstration of bad technical implementation, the coding being so shoddy that the strength of crypto will drop to n-day crackability (with 0 < n < 2 I guess).

Quantum computing, on the plus side, for crypto, will see its first practical proofs of concept. Where the PoCs are used to protect the most secret of some government’s information, but with that information having to be used by the most bumbling-about officials hence the overall end user -to- end user effectiveness being close to zero and helping any and all attackers (rogues, organised or not; state(-sponsored) organisations, etc.) to learn about tentative, among them maybe class-hack, attack vectors.

Methodological innovation in information security. As already discussed earlier, and here, and here, and with OSSTMM, and before that in quite some other posts as well. Now, also Docco joined the fray, advising SMEs from the accountancy side … Which shows this prediction for 2014 is already hatching.
On this item, we will see much improvement. E.g., combining the OSSTMM framework with SABSA. Combining the rebooted CIA with the fresh install of the (alternative to the) ‘15.5 risk’ management approach via the OSSTMM framework. And so on. Interesting! Want to contribute!

I’ll leave these here for you to follow up. When (not if) I’m right on any of the above: Yeah, see? Told you so! And if (not when) not all five are square-on: Hey, they’re only predictions! Don’t shoot the messenger that only conveyed the message of the Great Engineer Behind The Scene.
Though I would like to receive a bottle of good (I mean, really good) red Bourgogne for each prediction that shows to be somewhat right; at the good side of 50-50. Any takers?
The opposite, I can unfortunately not do as it would have way too many takers…

sCrummy development. Standards ..?


[Just a great place]

A peer leader asked around for guidance re assessing scrum development contract bids.
And I browsed around. And found nothing really.
Oh yeah, the usual suspects of IT-contracts / IT-development contracts, but even those are thinnish, insignificant as help. Somehow, it appears to be too fluid a field to be captured in bureaucratic-behemoth totalitarian all-detail governance, management, planning and execution procedures. In which actual deliverables and content requirements are always but with very few exceptions pushed to some annex or ‘later to be detailed’ never-will-exist auxiliary and unassessed documentation with not much concrete information or even anything understandable for the white raven well-informed assessor / professional.

Hey, there is better information out there for this, right ..?

The Ethics of Full-Autos


[EU whale washed up in Strassbourg]

Via Ross Dawson, again, I found a piece on the ethics of self-driving cars which is fascinating in its ethics discussions. Or, pointers to, as the discussions are of course not definitively settled once and for all as is the nature of such discussions. In particular when various ethics backgrounds from around the world collide, as they will! (No autopilot there, heh.)
But the discussion should reach further. ‘We’ now focus on cars, but if we can tackle that issue of autonomous, self-driving cars (wasn’t the term ‘automobile’ not already coined to include that glimpse of a possible future (apart from the engine part) ..? And weren’t horses self-driving to a degree ..?), there are so many more self-operating things out there that would require simpler environmental awareness. If cars can drive full-auto, so many more machines can – how much human operators would we need; how many (how few) managers, etc, when organisations are self-driving ..?How do we train and gain experience necessary for the inevitably required human overrides ..?

But more importantly, how would we settle the ethics arguments like the ones indicated in the above example ..? Because there will be many, of a great variety. And certainly not all (end) stakeholders may be present at/for the discussions, or may not be capable to represent themselves (incurring agency issues, already the downfall of all democracy), or may vary in their quality of discussion process execution, and may not reach a final equitable conclusion shared by all; then what ..? [‘One should not count arguments, but weigh them’ (Cicero); very, very true]

Will we have time to develop a societal framework for ethical discussions, or will we have to take them one by one as they come along, badly reinventing the wheel every time, and getting overwhelmed by the sheer number of must-settle ethical discussions that will come at us ..? Because settle we must; letting it rest and letting marketplace/economy forces run their course, will result in unethical results. Mammon shouldn’t rule.

But anyway, let’s get engaged. Because similar problems are already all around us – healthcare costs mushrooming, global environmental destruction, etc.; all problems at the societal scale or above, all still in much need of ethical discussions and course setting.
And because we must.

The IS Audit Worker of 2019


[Your prospect of Elysean fields]

2019 is only five years away… But predictions require a suitably close horizon to be able to see how today’s trends and Early Indicators might play out, and still be sufficiently distant to allow flexibility and variance off the predictions – otherwise the predictions are dull.

Hence, apart from my predictions for 2014 (and update) below, some more ‘mega’trends, in particular for the management of information risks – I still maintain that anything managed, isn’t a risk ‘anymore’! – professional or more specifically, the ‘information systems auditor’. Note the ‘’ as this post will show how the role and content will change enough to warrant a new job title.

Now then. As a starting point, I took the insightful graph of the always even more insightful Ross Dawson off rossdawson.com, noting the CC-BY-SA 2.5 license:

Which is a depiction of trends that impact the IS auditor as professional, rather than touching (too much) on the content of her/his work… Indeed, but I’ll demonstrate where the content is touched, too, by the trends depicted. Let’s just run them down one by one:

1. Connectivity will mean the necessary re-think of the traditional CIA to be able to guide, control and audit the information security stance of clients. The Information availability explosion, the globalised (i.e., de-geography-bound is de-accidental-physical-location-bound) access hence globalised use, and mobile work to even loose the ties of the Last Mile (in a way), require this. And enable the IS auditor to do the same. Already, this is being piloted, and in my view, we’ll see much more of this kind of work for the IS auditor in the very near future; this enables not only the auditor to not have to come to the clients’ offices too much – albeit that initially, some F2F contact may still be required but the need may diminish quickly when clients gain experience –, it also enables her/him to engage with clients much further afield, remotely. As far as (by today’s standards) superb connections reach, that is. See items 5, 9, 10, 13, and 15 below.

2. Machine capabilities will lead to work being taken from our hands. Through raw processing power explosions (not only due to Moore, but also due to the explosion of the sheer number of devices out there), Spatial recognition giving machines even more data to deal with, and large-scale Artificial Intelligence deployment not the petty trials of today, will enable the off-loading of much manual mental work (human- / person-bound work) to machines ‘out there’. The user will not even need to know where the ‘there’ is. Or should (s)he ..? We’ll see a redesign of philosophy, thought, methodology and tools on privacy surface. Quite some areas where IS auditors might (sic) lead the way, in thinking, acting, controlling and auditing.
And robotics … If that takes off, it’ll be piecemeal on the one hand (I too want my Roomba) but massive on the other (so many disjoint markets blooming). If only Asimov’s Three Laws can be reinstated, and reenforced or we’ll end up either in a mess or dead… It’ll start with Worker replacement anyway … (see below).

3. Demographics are something that we have somewhat less to deal with in the management of information risks. Apart from Migration leading to professionals’ markets impoverishing to markets of lemons, if unprotected (the dams will only hold back only so much inflow for only so shortly), and Country divergence maybe hitting us when our geographic region forces us to move elsewhere, as in item 1 above.

4. Social expectations Not much, either, apart from the Flexibility that will created Theory of Firm 2.0 type organisations, on which the IS auditor and others can no longer impose totalitarian bureaucracy. What then ..!? I don’t know. Your bad, if you can’t adapt… From the true ethics of your trade, you should have already adapted long ago…

5. Modularisation may impact us in ways similar to what we have already seen in the past; just labour specialisation, if any. Not too much to do about not too much. Though the general trend by which broad experience by and large caters for broad, balanced widening of one’s professional content in the stages after specialisation, may turn or have been turned already, the direction is unclear, either repeating constantly all directions, or awaiting a major redirection.

6. Globalisation I already characterised as a possible major impact through the Connectivity angle. In Products, I consider it to will come to completion in the near future. Service… To the degree that any service has no physical-presence component; (medical) care, for one, would be hard to do remotely, and also some other personal services e.g., IT tech support, may not ever work to a satisfactory degree without being able to communicate by nonverbal / sensory signals. So, not all the promises of item 1 above may not be realised all too soon.

7. Productivity will be driven by the Machine capabilities, mostly. Together with Connectivity, theese will determine Factor shifts or rather, define and refine factors of worth. Manual labour will re-flourish! And so will brain work, but only the non-standardised stuff, the work requiring creativity, true intelligence and empathy. Where many IS auditors etal. Think they are, but they aren’t. You know my rants against ‘peers’ just checking boxes. That is not what auditing is about. That is administration. Auditing, and other management of risk roles (sic), is about interpretations, judgement, close calls, gut feeling, and guts. Balls. (F/M), you must have them or be replaced by drones. Do not count on being (just) on the right side of the dividing line! Count on being on the wrong side, the down side, the cast out side. Or join progress.

8. Value polarisation again one where the machine capabilities, Connectivity, and Globalisation will work to quickly create new classes of haves and have-nots. The 1% of today, may be another 1% in other fields tomorrow or the day after. Try to be part of that, or you’re no longer suitable as part of life. Seek out your own 1%. But one thing would clearly be wrong: Remain as you are, meek, sheepish, not daring to be a Man (M/F) … So, most IS auditors et al. will have to change dramatically, if one can change one’s character…

9. Remote work I already described above. Telepresence, (remote!) Collaboration, and (local) Machine operation – 3D rinting, maybe ..? – will work as above (item 1 again). Virtual worlds may provide diversion from the destroyed natural habitat we still have to live in. The tropical island scenario still is somewhat too far away from us.

10. Work marketplaces are the mechanism through which the market for lemons may play out, or not. The barriers to Participation should be watched – some arguments for, some against –, Availability may not be an issue anymore (oh, but availability of suitable, sustainable markets may be), Pay pressure defines the lemons aspect, as does Access to expertise. Don’t sit still, as through Globalisation, access to expertise and availability, and participation will lead to pay pressure. I.e., pressure on your economic sustainability. Do not think you’re protected in your behemoth Organisation; any organisation is not too big to fail ..! So, even Big4 IS auditors should be aware. The bigger, the … no, size doesn’t delay a crash landing into a gentle glide, you’ll not be able to sit it out. The only sliver of new work would be to assess the work marketplaces against some standard but even that may be outsourced to … why assume a certified auditor should do that; why not instead (sic) by a reliable professional …

11. Crowdsourcing will impact IS auditors, too. But it may be a threat, or a blessing. No more dumb production of checked boxes…!? On the one hand, drafting those dull IS adit work programs from PDFs and too lengthy texts, may be outsourced to Labor pools – lucky if you can stay out of them, otherwise, you’re done. Will you be the one overlooking Managed crowds, or in it? By the munbers, and by today’s mentality, the vast majority of IS auditors will in fact be in the masses. Enhanced mechanisms will enable evenmore IS audit work (aspects) to be crowdsourced, changing the value proposition in the audit / advisory projects hence threatening livelihood. Open innovation’s also an In or Out aspect, for IS audit work. Though there may be a splinter of secondary audit work to be done on the deliverables of crowd sourcing and on the crowd markets… Fuzzy why that should be by certified auditors.

12. Worker replacement. Oh yes, if you’re a worker. Which is what a lot of IS auditors are. Not doingthe hard to replace physical work (taken over by Robotics, see 2, for the standard stuff but) since this requiresproximity and flexibility. Plumbers will be OK, IS auditors, not; will suffer from (enormous progress in) Automation, Robots, though Service may be slower to migrate (medical care robots may be proficient in many other areas, too, though), and Judgement may be the last to go over, to AI. So, as above, anything requiring judgement may for the foreseeable future not be taken away from us. But again, so many IS auditors et al. don’t judge, but administer. Where would you want to go, if (not when!) you would be able to (quod non)..?

13. Economy of individuals I consider to regard our profession in particular. Are you one of those few ones above that actively seeks out one’s own future? Then you’re in luck; your Independence and Entrepeneurship may lead to work being available, in Collaboration of the Theory of Firm 2.0 based on your Reputation. All these factors will be currencies of the future, so work on hoarding them! Not ‘the’ currencies, as Bitcoin and the like may kick in on a large scale within five years.

14. Polarisation of work With the Pay and Opportunity being so unevenly distributed, one may not rely on Affiliation with an organisation of old any longer. The dinosaurs are dying. New affiliations will need to be sought out. IS auditors, be aware, be active or be left out.

15. High-performance organisations or as I indicated above, Theory of Firm 2.0 organisations, may rise quite quickly. Google, Facebook and the like have risen to their 1.5 (sic) status and size in (qua order of magnitude) five years. Others may be in their inception phase today, and be the biggies, the most wanted (virtual) workplaces literally tomorrow. Again, be aware. Internal markets, Ad-hoc networks, Social technologies and Distributed value creation may all be part of the landscape of small and middle-sized temporary organisations that will flourish, already from, literally, today and tomorrow on. All these factors point at project-oriented get-togethers of professionals all with their own needs (for fair value to contribution distribution) and wants (work only where, when and for whom you like, do only what you like; if one factor starts to fail, move elsewhere) banding together just for the common interest and then all going their own ways again, maybe meeting again in the future, maybe not. Temporary Affiliation only..? Or looser ties? Double o, though many an IS auditor may have a single o as they haven’t innovated and are left behind as deadwood.

16. Education is key, to many of society’s desirable developments. Available, Open, Continuous is must be, and focused on Peer learning. All things where IS auditors could play a role, as auditors and advisors, and partaking out of necessity to keep abreast of latest developments.

Because the italics weren’t there for nothing. IS auditors, and others, just play a role and not an important one at that! Do not fool yourselves; auditors are only, and no more than, an afterthought of business and other organisations. Be happy that you have some specialised knowledge that you apply in whatever role, one accidentally being audit. When now both the unimportance of the audit role comes to the fore, in particular through Ross Dawson’s megatrends and technology developments, and your knowledge and experience that you apply in the role, are ever quicker to expire, you’ll have to keep abreast of all new knowledge ever more certainly, ever more widely and completely, and ever faster, and you’ll have to constantly seek out new roles to apply your greatness. Dropping audit as an expired old skin…

The central message is clear. IS auditors et al.: Innovate! That takes trial and error, and ‘learning experiences’ also for one’s deeper insights and even character, it takes risk taking and damage to one’s personal quest(s), but with the right virtues (Aristoteles-like), one will prevail. Innovate, along the lines of the work future and towards developments as described elsewhere and more.

[More will follow on this subject…]