Technology Auditing

Making the Pieces Fit

As a Technology Manager I have been associated with IT auditing at various levels or in varying degrees for virtually all of my employers. In general, my responsibility is to read, understand and respond to audit inquiries as they are received into the IT organization. In my consulting background Client-ordered audits in addition to internal corporate audits are a common occurrence and I have acted in various capacities to satisfy the needs of both audit types. My experiences include but are not limited to the following auditing activities:

audit book

My audit responsibilities are often generated by business need. I fulfill the role of acting as the single-point-of-contact when these requests are received by the IT department. Requests range from easily accomplished audits to larger efforts that can include ten or more on-site auditors, the setting up of temporary offices and phones, with an expected three week engagement time.

Success Indicators

Successfully passing an audit is an act of preparation and skill. Primarily the capturing of specific, meaningful data well before the audit request is received tends to eliminate unwanted elements of risk. These risks tend to grow exponentially as the level of preparedness declines. The consequences of being unprepared include audit findings with qualified opinions rendered or worse, an adverse opinion rendering.

The preparation element can’t be overstated. Ignoring this important step tends to invite closer audit scrutiny and may generate another round of more detailed requests for information.


Conclusion

A useful mindset is to work with auditors and ensure that the data they are receiving is accurate, consistent and timely. I also pay particularly close attention when auditors make formal or informal recommendations. In the end, auditors know their business better than I do and odds are they will be checking to make sure recommended changes have been implemented during the next audit.