What do you think of IT auditing and what it can achieve for your business? Is it a handicap to business performance, a necessary evil or a valuable service?

Few non-auditors choose the valuable service option. Yet an IT audit can ensure your IT environment is adequately secure and ready to provide a reasonable return on investment.

At a recent North London branch event of the BCS, presenters from Barclays, Ernst & Young, Gotham Digital Science, Isaca, KPMG and PricewaterhouseCoopers provided insights into IT auditing and how firms can benefit.

Increasingly, organisations need assurance about the reliability and security of their IT-dependent work environments.

To provide that assurance, auditors need to understand and validate the design and performance of IT-related processes and controls.

IT audits can help ­ – but to get the most out of the process, you will need to understand and work with your auditors.

Like you, the auditor is a professional who wants to make sure your company is well planned, managed and controlled.

Remember that an audit is not something that is done to you, but with you. It is effectively a business review that can help tighten your organisation.

Treat auditors as critical friends, rather than a hindrance, and consider audits as adding value to your firm.

The more you prepare, the less painful audits will be. Start planning and preparation for audits as early as possible or ­ – even better ­ – on an ongoing basis.

Get as closely involved in planning as possible and aim to get benefits to help you do your job better.

Identify high-risk areas and the controls needed to mitigate exposure, such as IT-related processes and functions with limited controls.

If you have been through a similar audit before, refer to the test results and the people involved. Collate the data so it is ready for easy reference.

Then ensure your follow-up actions address all outstanding issues. Where you know there are limited or inadequate controls, discuss them with your management team and address the issues.

Before the audit, understand who the auditors are ­ – their scope, objectives and deliverables.

Explain your own risks and issues to the auditors and agree on the outstanding areas that you think should be covered.

After working through a schedule, appoint a central point of contact, confirm logistical arrangements and prepare physical storage to hold the audit results.

During the process, you should maintain regular contact with your auditors. Your central contact will have a key role, co-ordinating information flow, arranging catch-up meetings and notifying your company of significant findings.

Review audit findings at the draft report stage and do not take the outcome as personal criticism.

Prepare a plan to address any issues identified, making sure the plan is published and implemented.

Finally, publish lessons from the audit and categorise the results so they are available for future reference.

Dalim Basu is chairman of the BCS North London branch and director of a project management and IT audit consultancy

Further reading:
More stories on these topics: Strategy, Skills
Permalink  Comments  Forward
what do you think?
Click here for more Post your comment
Click here for more Send an email to the Computing editor at feedback@computing.co.uk
Reader comments for this story
Post your comment Post your comment   What is this?
Like this story? Spread the news by clicking a link:   Post this to Delicious del.icio.us     Post this to Digg digg this     Post this to reddit reddit!

related content
latest news
A satellite image
Strategy
BulletEEA and Microsoft to develop online green information portal
Plan is to develop global repository of information for experts  16 May 2008
IBM
Internet
BulletIBM throws a paddy
The World Community Grid will help tackle famine by developing a new form of rice  16 May 2008
NHS staff using IT
Nhs
BulletPatient records cause four-year NHS IT delay
Other parts of the scheme are broadly on track, but software delays mean care records will be four years late, says NAO  16 May 2008
Click here for more More news
latest in depth
Floods
Strategy
BulletManaging risk is about people, process and technology
Computing’s web seminars on managing risk answered your questions to help make sure your company is not headed for disaster  15 May 2008
Picture of an IT technician working on a PC
Strategy
BulletShape up or ship out
In the third of our four-part guide to outsourcing, we look at the in-demand skills  15 May 2008
Alisdair Darling
Innovation
BulletIT startups need more cash
Investors challenge the government over knowledge-based economy plans  15 May 2008
Click here for more More in depth

Advertising Marketplace

Sponsored links

Featured jobs

Secure Service Manager
London,SW1H, United Kingdom | Metropolitan Police Service
Secure Service Manager, London,SW1H, £37,876 - £43,107 Leading a specialist team responsible for the service delivery of business critical systems, you'll ensure the provision of IT support to operational policing at the Metropolitan Police Service. ... more >
Database Administrator
St. Albans, United Kingdom | UK Land Directory Ltd
Database Administrator, St. Albans, £28,000 per annum Database Administrator wanted for an independent company in the heart of St Albans city centre. Our office is close to the Train Station and accessible from all major ... more >
Integration Tester
London, United Kingdom | MI6
Integration Tester, £32,443 - £37,925 We're the Secret Intelligence Service. You may know us as MI6. Information is at the heart of everything we do. We operate around the world to gather intelligence which combats ... more >
Chief Enterprise Architect,
London, United Kingdom | MI6
Chief Enterprise Architect, £56,100 - £79,714 We're the Secret Intelligence Service. You may know us as MI6. Information is at the heart of everything we do. We operate around the world to gather intelligence which ... more >
Click here for more  More job opportunities