The typical audit is intended to determine whether or not the area under review is following prudent business and administrative practices consistent with the mission of the organization, official policies and bylaws of the that organization, and the laws or requirements of external authorities, as may be applicable.
One of the most important factors to remember while preparing for an IT audit is to keep your documentation (Policies, Procedures and Standards) clear, precise and up to date. This means you must implement a review process of all documentation on at least an annual basis.
One of these documents that will be asked for is an inventory of all computing assets, including but not limited to, servers, software licenses and work stations. A clear, precise inventory at the onset of the review contributes to the timely and efficient completion of audit steps and testing. The computer inventory should include resource name, IP Address, operating system, purpose of the resource, physical location of asset, and whether this resource is deemed a critical resource. The software license inventory should include application name, license number, and the resource on which the application is installed.
Another aspect in the preparation leading up to the audit is to know who you are dealing with… Here is a “Pre Audit” list that I use once an audit has been announced.
- Who are members of the audit team, and what are their roles and assignments?
- What are the credentials and experience of the assigned audit team
- What orientation or training can you provide them to be comfortable within the environment?
- Communicate with your managers and staff in the areas to be audited
- If an area was audited before, review the prior report to see the issues raised and recommended made. Get an update of corrections or changes made as a result of prior audit work and give your staff and the audit department credit.
This is a good start and enough to digest for one sitting. I will share more of my experience and knowledge in my next blog on this subject. Stay tuned.
