Corporate image of Jescy Xu

Brief career history

I have been working in the Information systems (IS) risk team since I joined QAO in 2023. Clients that I’ve worked with include Queensland Shared Services, Department of Energy and Public Works, WorkCover, and Griffith University.

How did you first learn about QAO?

I’ve always been keen to participate in graduate programs, and I first saw QAO on LinkedIn and applied. 

I wanted to join the QAO graduate program because I was interested in working towards the inputs that help make Queensland public services better.

What do you do on a day-to-day basis in IS audit?

In IS audit, we test our clients’ system securities to determine whether they are secure and safe. Some of our testing includes checking if the client’s policies and system configurations are best practice, and if user access is being regularly reviewed. 

We have regular team meetings where we discuss any problems and opportunities we are facing, as well as our client work and audits. We also organise team lunches to get to know each other outside the office.

What has been the best experience so far?

The best experience is always when I hear from my managers that our engagement is officially finished and we have achieved our aims. The process of an engagement includes, but is not limited to, requesting evidence, auditing it, discussing with clients, and raising findings. Every time I step through one stage, it’s a great feeling, so to complete an engagement is very exciting for the team. 

What’s one piece of advice that you would give to a new grad?

The one piece of advice I’d give to new graduates is never be afraid to ask questions.

It was hard for me to take that step and ask questions when everyone is so experienced. I’d doubt myself and was unsure whether to ask. But questions help you learn, so never be afraid to ask questions! QAO and the IS audit team have always been supportive and helpful.