Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

10 ways you’re failing at IT audits

Bruce Harpham | July 6, 2017
IT audits can feel like a grim nuisance, but great value awaits those who heed these common mistakes that inevitably lead to an IT audit disaster.

The ability to easily track assets and your environment is especially important when fines and added spending is on the line. That is a key challenge for CIOs when it comes to audits from software vendors.


You have no capacity to challenge software vendor audits

Some technology leaders face greater struggles with software vendor audits, where the stakes are even higher. When a vendor comes in to audit whether you are in compliance with their licensing, it’s best to be prepared for a fight.

“In my experience, software audits are often the most painful practices. I have seen software vendors change the rules. That makes it difficult to know about the changes and keep up with them,” says Gary Davenport, CIO mentor and board member of the CIO Association of Canada. Previously, Davenport served as CIO at the Hudson Bay Company, a national retailer in Canada.

Software vendor audits directly translate into higher expenses in many cases. Take IBM’s change to Passport Advantage for example. As The Register reports: “The message is clear: if you cannot prove during an audit exactly when an overuse took place you pay a full two years' maintenance — that is 40 per cent of license cost.”

Software audits are how high tech plays hardball, and IBM is far from alone in pursuing additional payments. There are specialized consultants and lawyers dedicated to helping clients who face vendor audits from Oracle, Microsoft and other large software firms.


You do not act quickly on audit findings

If the worst-case scenario occurs, you will find yourself with serious audit failures to address. In those cases, a rapid response is the best course.

“You can expect auditors to follow up with you and ask what your response will be,” says Michael Leidinger, CTO of Hilton.

If managers neglect their responsibilities, auditors are not likely to stay quiet about problems they detect. Executives are often copied on audit results so slow responses will be noted up the chain of command.

Don’t let failing an IT audit be the first step toward a long, hard fall.


You haven’t established a relationship with your auditors in advance

Including auditors as project stakeholders is one of the best ways to avoid painful problems later in the process.

“Including IT auditors in your technology projects makes life easier for everyone. If auditors come in after you have implemented a major system, implementing their suggestions will be much more difficult,” Davenport says. “Including audit in major projects saves time and money. It is also one of the best ways to develop a positive working relationship with the audit group.”

If your group has had a transactional or ad hoc connection with an audit in the past, that is not the only way to operate. Developing an ongoing relationship with audit will help you build trust and minimize communication difficulties.


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.