The Benefits of IT Auditing

Organisation (Photo credit: Sean MacEntee)

IT auditors regularly end up teaching the business community regarding how their work contributes worth for an organization. Internal audit divisions generally provide an IT audit element which can be implemented with a distinct perspective on its role within an organization. On the other hand, in our practical experience as IT auditors, the broader world of business needs to be aware of the IT audit function s o that they may realize the overall benefits.

Specifically, IT audits will cover a huge variety of IT processing and communication aspects including client-server systems, operating systems, security packages, software applications, management procedures, web services, disaster recovery planning and so much more. The actual sequence of an IT audit will always begin with identifying risks, followed by an assessment of the design of controls and culminating in testing the effectiveness of those controls. The most skilful auditors are able to add value at each stage of the process.

I have listed the five key areas where I feel IT auditors are able to add value to an organization. The quality and depth of the audit itself is important when it comes to adding value, but the planning is also highly important. Without a clear idea of which processes and risks are to be audited, success cannot be assured.

So here are my top five ways that an IT audit adds value:

1. Reduces risk. The planning and execution of an IT audit consists of the identification and assessment of IT risks in an organization.
2. Strengthen controls (and improve security). After assessing risks as described above, controls can then be identified and assessed. Poorly designed or ineffective controls can be redesigned and/or strengthened.
3. Comply with regulations. Wide ranging regulations at the federal and state levels include specific requirements for information security. The IT auditor serves a critical function in ensuring that specific requirements are met, risks are assessed and controls implemented.
4. Facilitate communication between business and technology management. An audit can have the positive effect of opening channels of communication between an organization's business and technology management. Auditors interview, observe and test what is happening in reality and in practice. The final deliverables from an audit are valuable information in written reports and oral presentations. Senior management can get direct feedback on how their organization is functioning.
5. Improve IT Governance. The IT Governance Institute (ITGI) has published the following definition: 'IT Governance is the responsibility of executives and board of directors, and consists of the leadership, organizational structures and processes that ensure that the enterprise's IT sustains and extends the organization's strategies and objectives.'
   

Related articles

• How Technology Affects Auditing
• Implementing Audit Management Software
• Let's Talk Audits
• What Is An Internal Audit?
• Why Auditing Standards Matter