Given the current economic climate, businesses need to maximize returns from all their assets and investments. It’s common for business managers to focus much of their attention on staffing levels, inventory, energy costs and other means of improving cash flow. In this article, I will give an overview of a simple but effective means of conducting an IT position audit. An audit of your I.T. resources can be informal and conducted in-house depending on the skills available within your organisation. A more formal audit can be outsourced to specialist consultancy firms. This option is preferable in the following situations. navigate here
Recurring IT expenditure represents a significant portion of the business budget.
Significant project is due to be undertaken in the short to medium term.
The business does not have a formal IT strategy or does not employ senior IT professionals.
Suspected deficiencies in the Company’s internal control systems.
The objectives of the IT resource audit need to be clearly identified when the audit is being planned. The efficiency of the audit will be improved if stakeholders are consulted from the outset e.g. senior management, any existing internal audit team and external auditors. The agreed objectives will determine the work required in the following six areas.
Is there evidence of a comprehensive documented company-wide IT strategy? Is IT represented at board and senior management level?
Have major IT expenditure items and recruitment decisions been in accordance with the IT strategy? Do the minutes of meetings record a consistent approach to IT in the decisions reached Board and other members of senior management?
- Policies and Procedures
Are there documents that set out the fundamental policies and procedures in relation to IT? Are these being followed by and enforced by the IT department? Does sufficient induction and education take place within the business? Are there regular tests to ensure compliance with access rights, appropriate usage and security. Is there evidence of corrective action where breaches occur?
Are there appropriate job and people specifications for IT staff at all levels? Is there evidence that these were adopted in the recruitment and selection process? Do regular performance reviews occur? Do IT staff possess adequate skills to support the business into the future? Do IT staff undertake continuing professional development relevant to the needs of the business? Does the business have quality outsource partners to provide ad hoc, specific project or urgent cover?
This area is becoming increasingly important as businesses go beyond their wired environment as fixed and mobile technologies continue to converge. Many employees working outside the office now depend on mobile devices to access and update office applications. A number of IT surveys of business have found that the vast majority do not have a strategy for mobile IT. Similarly, results indicate an absence of skills in this area. A number of prominent companies have had their wireless networks hacked in recent years, resulting in their customers’ credit card details being stolen. Tools posted on the web have made “War driving” affordable and convenient for people who wish to steal company information. It is therefore vital that regular in-house or independent tests of the wireless infrastructure take place to secure one of the business’ most important assets – its data.
The management of the business are responsible for safeguarding the assets of the business. Office equipment is not as easily tracked as it was ten years ago. In the past most IT assets remained stationary apart from older desktops being redeployed to other departments. Today, every business site will have IT equipment that is replaced on a regular basis. Some mobile devices owned by the company may never be on site. The company must have procedures to track where the assets are located and who is responsible for them.
There should be evidence of a competitive procurement process. The items purchased should fit the company’s planned growth and direction.
The business should have a complete list of software currently in use. It should ascertain whether or not it has the right to use this software by cross checking the applications against its licences. An updated list of all licences and support contracts should be maintained. This should be checked by the IT and other department managers that authorise the recurring payments. In my experience, this exercise can lead to substantial cost savings. Savings are principally achieved through identifying software that has been replaced, or individual modules that no longer need to be supported.
Many functional departments are usually too busy to get involved in processes of changing and improving I.T. Although a downturn in activity is certainly unwelcome, it does present an opportunity to take stock, identify inadequacies, take corrective action and possibly make savings in the IT budget. This exercise will almost certainly benefit the company into the future.