topologe :: innovative business intelligence  



Is It Time For an IT Audit?
January 17, 2005 CPA Review Online
By Alejandro Sarmiento, Principal - Topologe, LLC

Computers have become an integral part of everyday life, may it be individuals, businesses, government and educational institutions, or any type of organization for that matter. Organizations have become increasingly dependent on technology to support virtually all aspects of business operations and manage critical information assets. What used to be a luxury has now become a norm and one of the most basic necessities that one would need in order to perform daily functions and responsibilities.

Such a simple and uncomplicated operation can only result to increasing dependency from various levels of function and purpose – from individual workers whose jobs are made easier to business owners and governing officials who begin to demand an increase in production and desire better results. Key concerns at present times now include accuracy of the information gathered and produced, efficiency of the processes involved in the data manipulation, and protecting the information that holds the key to the institutional stability of any organization.

Continuous changes in technology and legislation create new exposures and requirements on organizations. These circumstances accentuate the need for competency and experience in the proper evaluation of risks related to information technology and the adequacy of organization's technology control posture.

As computer technology advances, the greater the pressure for people to comply with its own set of demands. As much as computers make life seem a lot easier, they, like everything else, are not perfect. It only performs its job as dictated to it by human beings. Computer performance relies heavily on how well it is maintained and developed. It too, in its own way, possesses energy and stamina in order to perform the kind of work it is expected to perform, and at the same time may be vulnerable to the lack of it depending on the degree of use.

Nowadays it is imperative to perform various types of information technology audit. Not just to ensure top performance and to evaluate the financial investment poured into the technology, but also to assess the system’s compliance and controls to the standards of the field to which the technology is being used and whether it is able to meet the demands and requirements of its users.

Security has also become an important aspect of any system evaluation. Having the means to protect information and the ability to troubleshoot at an event of a flaw or disruption has become an even bigger concern in today’s world of virus attacks, hackers, and internal intrusion. It is never a disadvantage to take the extra step to do one’s part to make sure that there is business continuity. In today’s technology and its rapid growth and development, it is always good to play it safe.

As stakeholders and regulatory agencies expect and require organizations to be more accountable for solid internal controls and the proper and accurate disclosure of financial information, Board of Directors and senior management are now faced with the challenge of having the right resources that can properly interpret the organization\'s technologies and its related control implications.

Information technology audits are designed to methodically evaluate IT leadership, organizational structure, policies, procedures and practices to identify, evaluate and address potential weaknesses in certain IT environment that could prevent an organization from realizing the business objectives and complying with legal requirements.

In addition, information technology audits embrace both technical and organizational considerations with its findings. They are designed to meet the diverse requirements of organizations in a variety of industries with respect to IT Governance and risk mitigation.

The primary objective of an IT audit is to determine the following:

  • IT Governance
  • Risk management
  • Internal control
  • Value delivery
  • Assurance and Compliance
  • Measure performance.

In addition, IT audits are performed to ensure the following:

  • Necessary skills are in place,
  • Responsibilities in respect of internal controls are adequately allocated, and
  • Benefits that result from using technology to improve business results, reporting and transparency are being embraced.

At the end of the day, it is a risk management strategy for the decision makers to want to ensure that IT goals are aligned with their business processes and to verify that it delivers value, its performance is measured and its resources properly allocated.

 

homethe firmservicescontract vehiclehardware solutionscareerscontact us
topologe, Boston