Dickson Sin

Dickson Sin, Director – Auditing Methodologies, Audit at Grant Thornton, and an Institute member, on his path to specializing in IT audit, and how companies in Hong Kong can reduce their exposure to security risks and enhance their resilience to cyberattacks

What are the biggest lessons in your career so far?

One is the importance of communication. Communication is essential for building trust, understanding the needs and expectations of the stakeholders, and delivering high-quality reports. Another is the value of sustainable learning. Technology is continuously evolving, and so are the risks and controls associated with it. To be an effective IT auditor, I need to keep up with the latest trends, standards, and best practices in the field. Finally, I have learned to be adaptable and flexible. IT audit projects can vary in scope, complexity, and duration, and sometimes unexpected challenges or changes may arise. I need to adjust my plan, timeline, and strategy accordingly, and work well with different teams and stakeholders.

How did you get into IT audit?

I developed a strong interest in business process automation when I started my career at Hong Kong Polytechnic University as an accountant. After transitioning to the professional service field in 2007, I was assigned to provide IT audit service for a telecommunications company. I enjoyed the challenge of evaluating the effectiveness and security of IT systems and controls, as well as gaining knowledge about business processes in different industries and IT regulations. I have been an IT auditor for more than 15 years now, and I find it very rewarding and stimulating. IT audit is a dynamic and challenging field that requires continuous adaptation and innovation. It is not only about finding problems, but about providing solutions that add value to the business.

In what ways has your CPA qualification helped you in your career?

It has been invaluable for my career as an IT auditor. It has given me the knowledge and skills to understand the accounting principles, standards and regulations that apply to the IT systems and processes of various organizations. It has also helped me to communicate effectively with the management and stakeholders of the audit clients, as well as to prepare clear and accurate audit reports and recommendations.

What should companies do to keep their business systems and data secure?

There are some key steps that companies can take. One is to conduct regular security audits and risk assessments to evaluate the effectiveness of their existing security policies, procedures, and tools, and to identify any weaknesses. Another is to develop and enforce a clear and consistent security strategy and framework that aligns with their business objectives, regulatory requirements, and industry best practices, and that covers all aspects of their digital operations, from infrastructure and applications to data and users. They should also educate and train their employees and stakeholders on cybersecurity awareness and the best practices for protecting their systems and data, such as using strong passwords and reporting suspicious activities.

What advice do you have for CPAs interested in specializing in IT audit?

IT or cybersecurity audit is a growing and rewarding field for CPAs who want to leverage their accounting skills and knowledge in a technology-driven environment. They should get familiar with the IT or cybersecurity frameworks and standards that are relevant to their industry and clients, such as NIST, ISO, COBIT, etc., as well as pursue certifications that demonstrate their competence and credibility in IT or cybersecurity audit, such as CISA and CISSP. Also, stay updated on the latest developments in IT or cybersecurity.

Add to Bookmark
Text size
Related Articles
April 2024
Paxson Fung, Partner at Citylinkers
January 2024
The President of the Institute on tackling the talent shortage issue, and the significance of the Institute’s role as a statutory sustainability standard setter
January 2024
Joann Chan, Partner, Audit and Assurance at Crowe (HK) CPA Limited
October 2023
Jet Chu, Senior Director at Alvarez and Marsal Asia Limited
August 2023
Dickson Sin, Director – Auditing Methodologies, Audit at Grant Thornton


We use cookies to give you the best experience of our website. By continuing to browse the site, you agree to the use of cookies for analytics and personalized content. To learn more, visit our privacy policy page. View more
Accept All Cookies