Given the current economic climate, businesses need to maximize returns from all their assets and investments. It’s common for business managers to focus much of their attention on staffing levels, inventory, energy costs and other means of improving cash flow. In this article, I will give an overview of a simple but effective means of conducting an IT position audit.
An audit of your I.T. resources can be informal and conducted in-house depending on the skills available within your organisation. A more formal audit can be outsourced to specialist consultancy firms. This option is preferable in the following situations.
- Recurring IT expenditure represents a significant portion of the business budget.
- Significant project is due to be undertaken in the short to medium term.
- The business does not have a formal IT strategy or does not employ senior IT professionals.
- Suspected deficiencies in the Company’s internal control systems.
The objectives of the IT resource audit need to be clearly identified when the audit is being planned. The efficiency of the audit will be improved if stakeholders are consulted from the outset e.g. senior management, any existing internal audit team and external auditors. The agreed objectives will determine the work required in the following six areas.
Is there evidence of a comprehensive documented company-wide IT strategy? Is IT represented at board and senior management level?
Have major IT expenditure items and recruitment decisions been in accordance with the IT strategy? Do the minutes of meetings record a consistent approach to IT in the decisions reached Board and other members of senior management?
2. Policies and Procedures
Are there documents that set out the fundamental policies and procedures in relation to IT? Are these being followed by and enforced by the IT department? Does sufficient induction and education take place within the business? Are there regular tests to ensure compliance with access rights, appropriate usage and security. Is there evidence of corrective action where breaches occur?
Are there appropriate job and people specifications for IT staff at all levels? Is there evidence that these were adopted in the recruitment and selection process? Do regular performance reviews occur? Do IT staff possess adequate skills to support the business into the future? Do IT staff undertake continuing professional development relevant to the needs of the business? Does the business have quality outsource partners to provide ad hoc, specific project or urgent cover? Continue Reading