[jval43]

I've found two things to matter:

1. experience, i.e. knowing why and how a rule matters (in general, but also to auditors)

2. willingness to think

If these aren't present, you get overly restrictive compliance that at the same time accomplishes nothing.

[treszkai]

I'd also add a willingness to follow the (perceived) intent of the rules as opposed to gaming the letter of the rule. An experienced folk might say, "yeah it won't matter legally", and continue with "but it will matter to me because this rule is in place for this-and-that reason".

[notarobot123]

scruples are also often a surface of friction that get in the way of business objectives.