The mere mention of an "audit" is enough to make anyone nervous. But, put in proper perspective, an audit of IT operational policies and procedures is an effective means of assessing the viability of IT services and functions. An audit will serve its intended purpose if two primary objectives are reached: 1. Audit goals are clearly defined in advance, stating the purpose of the audit and the expected results.
2. Audit results are applied to improve the quality and integrity of technology operations, and related services. Step-by-Step to an IT Audit:
Step One: Set Goals and Objectives
The first step in planning an IT audit is to create a clear statement of goals and objectives, defining the purpose of the audit, expected benefits and desired results. When preparing your audit statement, the following questions should be addressed: • Who is conducting the audit? Within larger corporate environments, IT audits may be conducted by a separate audit department, or in other cases, IT may use a formal audit process as a means of self-evaluation.
• Why is the audit being conducted? In the event that IT policies and procedures are well established, IT audits will most likely serve a validation function, to ensure operational compliance. However, in the event that IT policies and procedures are not well-defined, audits can serve an analytical purpose, to assess IT operations. Furthermore, an audit can be a helpful investigative tool applied after a major systems failure, to uncover problems and develop operational remedies.
• What is the audit scope? A specification of scope will determine the subject of the audit process, typically stating the systems and procedures to be reviewed. Audits can include any or all IT systems and services, including physical equipment, systems management procedures, outsourced functions and support services.
• What are the audit goals and...