How to Learn to Love an IT Audit

An audit! Among IT professionals, audits have a bad reputation. They are believed to be something to be dreaded, lying somewhere in the continuum of suffering between a root canal and being mauled by a bear. Auditors are seen as being either sadists who enjoy inflicting pain on their victims or zombie-like beings devoid of any measure of human compassion or humor.

Let’s take a quick look at audits from an IT perspective and consider whether or not those views are valid. We should start with a review of what audits are, their objectives, and their methods.

Ultimately, the goal of an audit is to verify that an organization’s records (e.g., financial reports) are accurate, that there are adequate controls in place to protect the organization’s assets, and that policies and procedures being followed.

When the auditors come knocking on your door, they want to verify that all of the assets assigned to IT actually exist and can be located. The assets include hardware, software, and all other assets. They will also want to verify that adequate controls exist to protect those assets from misuse or theft.

The processes followed by auditors are actually a compromise. In a perfect world, with an unlimited budget for the audit, the auditors would personally inventory every asset and examine every piece of supporting documentation. Of course, that would be incredibly expensive and no organization could afford such an audit. Instead, auditors examine records (for example, an equipment inventory). Next, they test the accuracy of those records with spot checks in which they actually examine the things on which those records are based.

It is true that an audit is disruptive, whether in IT, accounting, or any other department. There are strangers requesting information. Responding to those requests represents additional work for people whose schedules are already very full. Of course, in these situations, IT can be its own worst enemy or, to quote Pogo, “We have met the enemy and he is us.” While an accounting department’s practices are based upon centuries of experience, IT has only been around for a few decades. Most IT departments are not prepared to respond efficiently to requests from auditors. They often lack the necessary discipline, documentation and records. Their discipline is centered around keeping thisngs running. Therefore, every request from an auditor turns into a labor-intensive task. Furthermore, the longer it takes to respond to a request, the less credible the answer seems.

If IT departments want to make audits less painful, they must be better prepared for the audits. They must automate the recordkeeping and test the accuracy of their records throughout the year—not just when the auditors arrive. By doing so, they can identify and resolve problems before the auditors discover them. Furthermore, this will pay real benefits for the department and the business, such as:

  • Identify missing or misplaced equipment
  • Ensure accurate accounting records (assets and depreciation)
  • Minimize warranty and maintenance costs
  • Minimize software license costs
  • Increase the accuracy of the data used for IT operations

In the end, while you still may not want an auditor as your best friend, it is possible to minimize the pain of an audit and reap other benefits for the business.

Join me and Andrew McGovern, Director of Global Solution Consulting at Kaseya, on October 15th at 2 PM eastern for an indepth one-hour discussion on effective auditing processes and techniques to dramatically reduce the pain of IT audits.

This guest blog post was written by Rick Sturm, founder and CEO of analyst firm, Enterprise Management Associates.

Random technology icons in front of a hand digital

IT Infrastructure Management: Benefits, Challenges and Best Practices

What is meant by IT infrastructure? IT infrastructure may be defined as a combination of software, hardware, network services andRead More

Kaseya Leg Up Conference

Get an Inside Look at the Gradient Leg Up ‘21 Virtual Event

As the “new normal” takes hold, MSPs must prepare to meet the demands and requirements of their clients and captureRead More

Analytics on tablet image

2021 IT Operations Survey Highlights – Trends Impacting Small and Midsize Businesses

Kaseya’s 2021 State of IT Operations survey findings reveal the top priorities, challenges, areas of investment, cloud strategy trends, ITRead More

Server Room with IT Worker

Managed Services: Everything You Need to Know

Managed service providers (MSPs) are in the limelight for helping businesses cope with the challenges of the pandemic over theRead More

Download Your Copy of the 2021 IT OPs Survey Results
2022 Benchmark Survery Results

Archives

Categories