Introduction
Information
technology audit is the systematic evaluation of management controls in an
Information Technology framework.
The objective of
the audit is to prepare a report of truth and fairness of the various
statements as well as to detect and prevent frauds.It also aims to improve the efficiency
of governance processes, risk management and controls.
In order to perform
a successful audit, it is very important to understand the process of an audit.
Audit Process:Audit process consists of the following steps:
- Notification: It starts with receiving notification from auditors regarding the audit schedule consisting of preliminary checklist and list of documents required to plan the audit.
- Planning: Post review of the documents, auditors draft an audit plan and schedule the meeting.
- Meeting: In the meeting the scope of the audit, timeframe of the audit etc. is discussed.
- Fieldwork:After this, auditors finalize the plan and start meeting with staffs, reviewing the manuals regarding the business processes, testing for the compliance with the policies, laws and regulation, controls etc.
- Communication:After this fieldwork, there is an opportunity to discuss the issues and its solutions with the auditors through meetings, emails, etc.
- Reports: Report forms an important part of the audit. The report generally consists of several sections like an overview of the organization, the follow-up date, scope of the audit, any major audit concerns, the overall conclusion, and detailed description of the findings and proposed recommendations, distribution list mentioning the people to receive the report etc.
- Response from Management: Once the report is finalized, next step is response from management consisting of: Acceptance/ refusal with the issues mentioned in report, action plan to correct the issues and the expected date for the completion.
- Closing Meeting: A closing meeting is held to discuss the report and the responses providing an opportunity to discuss the audit and any issues related to it.
- Distribution of list: The report is then distributed to the people listed in distribution list like managers, senior managers, internal auditors, externalauditors of the organization etc.
- Follow-Up:Follow up is performed after expected completion date to ensure that the corrective actions are taken as per agreed terms. A communication is received from the auditors conveying whether the organization has satisfactorily rectified the issues or further actions are required.
To reduce the Gap
between organization and Successful Audit:
As audit involves
efforts and money, least we expect the failure. So, to achieve the success in the
audit there are three keys:
- Preparation: It is the most important and longest phase for an audit.It involves various departments of the organization to work together. An audit committee along with Finance committee finalizes auditors, considering factors like budget, timing, industry knowledge, accessibility etc.Organization should follow appropriate processes to ensure the success of the audit. Proper documents required by auditors should be maintained.
- Communication: Communication needs to be maintained between various departments of an organization throughout the audit process. A convenient date could be established for post fieldwork update in order to discuss initial findings. Coordination between departments is required so as to provide timely evidences whenever asked to furnish by the auditors.
- Review: Management should review all the reports provided by the auditors for errors, typos, incorrect names of committee members, incorrect dates etc.
Conclusion: An Audit is
challenging but a necessity for an organization. Successful Audit can be
achieved with right preparation, communication and review.
Madhumita Mishra is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at:
Good content network switches suppliers in dubai
ReplyDelete