Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

10 ways you’re failing at IT audits

Bruce Harpham | July 6, 2017
IT audits can feel like a grim nuisance, but great value awaits those who heed these common mistakes that inevitably lead to an IT audit disaster.


You haven’t prepared your staff for audit success

Absent any preparation and guidance; an audit is an unsettling experience for your staff.

“Internal audit plays a role in helping the company achieve success. I explain to our staff that they have a job to do and we need to support them in carrying out that work,” says Davenport.

This approach may be supplemented by asking experienced staff to guide newer staff on audit requirements. This kind of informal support approach is not always enough. Consider establishing an ongoing relationship with the audit function at your company.


You have no audit engagement process in place

If your staff feel uncertain or fearful about how to engage with auditors, audits are unlikely to unfold smoothly. Assigning audit management to a few staff is one way to improve.

“When we prepared to take Hilton public, there was a major increase in audit activity. Many of our technology staff were uncertain how to address audit questions,” says Leidinger. “Eventually, we brought two people on board with the responsibility to manage IT audits with experience in audits and technology. They make a great contribution to facilitating the audit process,” Leidinger adds.


You treat auditors like an enemy

Few people are happy to hear about an upcoming audit of their division. Who wants an outside expert reviewing your operation, documentation and interviewing staff? Viewing auditors as adversaries only leads to further problems.

“I view audit as another business stakeholder. Regular meetings with auditors are a key part of the process,” Leidinger says. “In many cases, auditors review our processes against well-known standards and best practices. That assessment helps to validate our process. As we transition our organization to agile, audit has reviewed our processes and approach. IT has helped us to make a successful transition.”

Preparing your staff to meet these expectations will go a long way toward achieving successful audit results, and you can only do that by viewing auditors as partners in that process — not adversaries. After all, if your organization is carrying out a business transformation, an audit can serve as an objective way to measure performance in support of goals, and can potentially result in more resources if auditors believe additional resources to be necessary to achieve them.


You trap your staff in complex policies and procedures

As soon as a company reaches a certain size, policies and procedures become indispensable to managing growth. However, your staff may struggle to stay compliant with policies.

“A few years ago, our company launched a major effort to simplify our policies. We sought to make our policies easier to understand and reduce them in number,” Leidinger says. By reducing the policy compliance burden, succeeding in audits became easier.


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.