The mere mention of an IT management audit is enough to make anyone nervous. But, put in proper perspective, an organized audit of existing operations (and related policies and procedures) is an effective means to evaluate operational viability and determine the value of the IT strategic vision. Read on to learn how to minimize audit resistance and maximize audit benefits.
IT management audits can serve multiple purposes and provide many benefits. First, audits are used to validate compliance with established technology related policies, programs and procedures. Then, audits are also used as an investigative tool, to gather information and analyze current operational conditions for the purposed of recommending specific "policies, programs and procedures". The primary purpose of a given audit will determine the scope and related execution planning. Validation audits are likely performed on a regularly scheduled basis, with a standardized scope and set of executing procedures. Investigative audits are likely triggered in response to a specific need, and planning will be shaped by unique goals and circumstances. Whatever the purpose, the goal is to ensure that audits serve a purpose, are planned for minimal disruption, and that all results are used to maximize IT value.
The first step in planning an IT management audit is to create a clear statement of goals and objectives, defining the purpose of the audit, expected benefits and desired results.
Management audit specifics (based on the questions above) will establish the audit scope, defining the exact "subjects" of the audit process and the overall work effort required to complete auditing tasks and activities. These specifics will vary based on the structure and charter of the specific organizational entity involved, the subject "service portfolio", technology in place, available time, subject matter complexity, and overall audit goals and capabilities.
Once you have defined your audit goals and objectives, you will need to specify the audit process – i.e. how your audit will be conducted. Standardized auditing practices will establish the means by which audits are to be planned and executed, covering scheduling, communication, procedures, roles, responsibilities and required deliverables. Individualized audit procedures will vary based upon the audit "subject matter" and the size and scope of the audit itself. In addition, standardized auditing practices will establish the actual procedures and techniques used to collect required information and determine related conclusions.
Audits should not be surprise attacks ... they should be scheduled events. It is very difficult to fake IT compliance, and very little can be gained from unscheduled audits. If a pending audit causes IT staff to clean up minor errors and omissions, then the goal of the audit has been largely reached ... to ensure compliance.
Before you begin your audit, you should set clear expectations for the use and application of audit results. Since "blame" should not be the goal of any audit, audit results should be clearly and openly communicated. While all results may not be positive, at the end of the process, there should be a clear direction for improvement.
About Us- ITtoolkit.com has been around since 2001. What will you find here? We have articles (covering a wide range of topics relating to our IT service strategy and project fast tracking methodologies). We have templates and whitepapers to download. We have our series of IT management infographics. And, we have our "Toolkit productivity packages", combining "education and execution" - with time-saving concepts, steps and templates packaged in digital downloads. Our current Toolkit offerings include the Fast Track Project Toolkit and IT Service Strategy Toolkit.
If you are, then you need the IT Service Strategy Toolkit from ITtoolkit.com! The Toolkit teaches you how to "add value" to IT projects and services -- using our time-saving "service strategy process". It's ready for instant download, filled with 400+ pages of steps, guidelines, practices and templates. Find Out More
Strategic fast tracking is a streamlined project management process, used to level the playing field when "project problems" get in the way of on-time success. Our informative "fast tracking" article series explains more:
Sign up for the ITtoolkit.com newsletter and be the first to know about our latest blog articles, templates, white papers, infographics, and special offers.
We won't overload your inbox and we don't share or sell subscriber information. Just enter your email address below.