As the seventh largest network of independent accounting and consulting firms worldwide, RSM International does it all. The company, which employs more than 30,000 people in over 70 countries, offers services in areas such as audit, business, consulting and risk management to companies in a variety of industries.
As such, RSM employs a veritable army of IT professionals, chiefly in its consulting and risk management practices. These tech professionals can end up working on a broad range of projects, meeting whatever the demands of a particular client may be.
“We break into two groups: risk management services and technical risk management services,” explained Jo Stewart-Rattray, director of information security for the company’s Australia branch, RSM Bird Cameron. “So [we have] technical IT and information security people as well as nontechnical people — people who are more likely to be looking at application reviews or governance.”
RSM Bird Cameron employs roughly 900 people total, with about 10 to 15 in the IT practice. Stewart-Rattray said that number is only growing. Sample IT positions at the firm include those of information security professional, technical risk management professional, systems auditor and governance expert.
Due to the variability of the work, when the company is looking to hire tech professionals, it seeks those with a wide range of skills.
“We’re looking for people oftentimes with a good, solid, broad technical skill base because we’re going to be inserting them into all kinds of different roles,” Stewart-Rattray said. “Sometimes [you find] specialists with an in-depth look at, say, Unix. But generally we’re looking for people with a broader understanding of the IT community.”
Of course, it would be important for the IT pro to be skilled in whatever specialty the client needs — such as networking or security, for example. But industry knowledge is not required.
“We work across a range of industry verticals, so it would be impossible for one person to have all that experience,” Stewart-Rattray explained. “We look for people who are specialists in the particular fields [that] match with our client profiles.”
Because there is so much client interaction involved in the IT consultant’s job at RSM, having stellar soft skills is equally as important as having solid tech skills, Stewart-Rattray said.
“Managing your internal expectations as well as your client expectations is exceptionally important,” she said. “It’s about being personable, I suppose. [The ability to manage] time and priorities in the consulting world is [also] exceptionally important. It’s keeping all the balls in the air: hav[ing] good technical skills, time management, priority management, project management and certainly being able to communicate in writing as well as verbally.”
The last part — exhibiting good written communication skills — is particularly significant, since a large part of the job involves writing reports and dealing with clients via e-mail and memos.
“Oftentimes, I find folks who are really good at sitting across a table and being able to put their point across, but when I ask them to write a report, it’s a dismal failure,” Stewart-Rattray said.
When it comes to academic background, the company pays more attention to the degrees of junior hires than those of more senior candidates because “this is generally all they have,” Stewart-Rattray explained. Coursework in computer science or another relevant field would be ideal.
With higher-level hires, the company is more interested in their experience and relevant qualifications and certifications.
“It’s those people who have good certifications to back up their good experience and [who] have a fairly broad view of the world,” Stewart-Rattray said.
And since RSM Bird Cameron is an independent consultancy, vendor neutrality is very important, so the company values vendor-neutral certs more than vendor-specific ones.
“[We] do not have vendor alliances, which allows us to be objective with our clients,” Stewart-Rattray explained.
So, which credentials are most desirable at RSM?
“In the case of IT auditors, I look for the CISA [Certified Information Systems Auditor]. This tells me that the person in question has not only passed an exam set from a common body of knowledge, but also has the prerequisite experience in the field,” Stewart-Rattray said. “The same is true for the CISM [Certified Information Security Manager] and the CGEIT [Certified in the Governance of Enterprise IT]. I know they’ve got to have a certain skill base to have actually been certified.”
The company also uses certifications as a guide for matching individuals with the roles best suited to them.
“It’s important to match the credential and the person to the role. It is also about ensuring that they fit in with the team and the culture of our firm,” Stewart-Rattray said.
In some cases, certifications actually represent a licensure issue.
“You cannot sign off [on] a review of a client system unless you are a CISA, in the case of IT audits,” Stewart-Rattray explained. “In the case of security reviews, you must have a CISM, and in the case of governance assignments, if you are not a CGEIT, you must have a CGEIT review your work and sign it off before it is released to the client.”
When it comes to junior-level vs. senior-level hires, Stewart-Rattray said the company’s preferences really depend on the particular position in question. Also, since in the current economic climate time and resources are at a premium, the amount of training that would be involved also plays a factor.
“You have to take a lot of time out when you’re recruiting junior or graduate staff, so you have to be in a position to be able to do that,” Stewart-Rattray explained. “You have to look carefully at whether you have enough structure and enough bandwidth to be able to offer those young people the training and the experience-getting that they require. Because you’re not going to do yourself, your company or the individual any favors if you bring them on and you don’t have time to train them.”
Now, this isn’t to say the company doesn’t want bright young talent fresh out of school. Stewart-Rattray said the most important asset for candidates to possess is simply “recognized experience, skills and credentials.” When potential hires have these attributes, Stewart-Rattray said she doesn’t anticipate doing a lot of training after a hire. The training that would occur serves the purpose of keeping the new employee abreast of current trends and imparting any specific skills or industry knowledge he or she will need in the new role.
However, with more junior hires, she said the training process would be more extensive and might consist of a blend of on-the-job training, specialized skills training and centralized training in the main U.S. office.
Once an individual is hired on at RSM Bird Cameron — or at any RSM office — he has several different career paths open to him. First, he would need to choose a specialization, Stewart-Rattray said. For example, he could decide to move up the ranks in risk management services, “which is more advisory in nature,” she said.
Or, a candidate might choose to pursue the internal audit track, which would focus on analyzing a client’s business processes and procedures to highlight problems and recommend solutions.
“More senior members of staff who have already chosen their specialization are free to pursue the path to senior management and then to partnership in the firm, if they wish,” Stewart-Rattray said.