Give Your Company the Competitive Edge by Means of an IT Audit
-
Upload
ees-africa-pty-ltd -
Category
Business
-
view
39 -
download
0
description
Transcript of Give Your Company the Competitive Edge by Means of an IT Audit
WHITEPAPER
GIVE YOUR COMPANY THE COMPETITIVE EDGE BY MEANS OF AN IT AUDIT By Thembi Lebese, Operations Analyst, EES Africa (Pty) Ltd
With increasing technological developments and competition, companies are looking at ways to enhance and optimise their information technology (IT) systems and technical infrastructure. An information technology audit, also referred to as a technical infrastructure audit, is an invaluable process to undertake to accomplish this.
ABOUT EES:
Established in 2001, EES Africa (Pty) Ltd specialises in the integration of multiple
system infrastructure including ICT, Data Centres, Audio Visual, Life Safety, Security
and Building Automation Systems. As an ISO 9001:2008 certifi ed company, our
vision is to be Africa’s management, engineering and auditing professional service
provider of choice.
The EES Value Proposition focuses on translating technology into tangible delivera-
bles for clients through the experience of a talented team of Engineering and ICT
Consultants and Project Managers. With offi ces in Cape Town, Johannesburg and
Stellenbosch, EES operates predominantly in the Renewable Energy, Oil & Gas, Fi-
nancial Services, Infrastructure, Utilities, Telecoms and Mining sectors.
CONTENTS
Page 2 Introduction
Page 2 The Audit Procedure
Page 2 Planning
Page 2 Organising
Page 2 Fieldwork
Page 2 Reporting
Page 3 Code of Ethics and Standards of Conduct
Page 3 Conclusion
Page 3 References
I MANAGEMENT I ENGINEERING I AUDITING I www.eeslive.com 1
EES Cape Town offi ce:
G11 Silverberg Terrace3 Silverwood CloseSteenberg Offi ce ParkCape Town 7945
PO Box 31322, Tokai 7966Western Cape, South Africa
Email: [email protected]: +27 (0)21 702 8340Fax: +27 (0) 86 532 3532
EES Johannesburg offi ce:
Unit 8, West Block Loft Offi ces, First Floor, The Zone Phase II, 26 Cradock Avenue, Rosebank, 2186
PO Box 31322, Tokai 7966Western Cape, South Africa
Email: [email protected]: +27 (0)10 590 6270Fax: +27 (0) 86 532 3532
EES Stellenbosch offi ce:
18 Tegno RoadTechno ParkStellenbosch 7599
PO Box 31322, Tokai 7966Western Cape, South Africa
Email: [email protected]: +27 (0)21 200 5939Fax: +27 (0) 86 532 3532
Introduction
With increasing technological developments and compe-tition, companies are looking at ways to enhance and optimise their information technology (IT) systems and technical infrastructure. An information technology au-dit, also referred to as a technical infrastructure audit, is an invaluable process to undertake to accomplish this.
It examines IT governance and how a company’s IT en-vironment performs against best practice and emerging, leading edge technology. It does this by scrutinising in-formation systems, their inputs, outputs and processing, capabilities and performance.
The IT or technical infrastructure audit:
• Looks at ways in which a company’s technical infrastructure can be improved and updated in order to optimise productivity and gain a competitive advantage.
• Assesses whether an organisation’s current technical infrastructure is according to standard. Auditors must follow auditing standards which are set be an international body, International Standards of Auditing (ISA). The ISA was revised and redrafted in February 2009. If a company wants to be certifi ed for an undertaking or project, the organisation can then present an objective, accurate report to pro spective clients.
• Mitigates potential technical risks.
• Secures the organisation’s IT environment and safeguards confi dential company information.
• Ensures budgets are adhered to and business is done within the given timeframe. IT projects often overrun budgets or do not run according to schedule. It is benefi cial to know why this occurs and how it can be prevented. For example, does the organisation need to improve processes, or are there certain people that need to be employed? It also identifi es ways in which costs can be reduced.
• Enables planning for the future by, for example, identifying when technology upgrades will be required and scheduling licensing and renewals.
• Sees to it that technology initiatives are in sync with business goals, and assists in compilation of business strategies and support there-of.
Unlike a fi nancial audit, the IT or technical infrastructure audit is not a legal requirement, but is undertaken due to the benefi ts outlined above. It is advisable for the audit to be conducted by an external party to the organisation, as an independent party should have an objective view and therefore conducts the audit in a fair and profes-sional manner. It also ensures there is no possibility of internal parties in the company exerting any infl uence with regards to the outcome of the audit.
GIVE YOUR COMPANY THE COMPETITIVE EDGE BY MEANS OF AN IT AUDIT
April 2014
The Audit Procedure
All auditors follow a specifi c process. The audit procedure is usually draft-ed by the party conducting the audit. Once it has completed the audit, it presents a report explaining its methodology and provides recommenda-tions drawn from the work. An example of a standard audit procedure that needs to be followed is found below:
Planning
The audit team is formed, gains an understanding of the reasons for the audit, and identifi es its objectives. Data that can be used in the planning phase includes information from previously conducted audits, internet sites and other organisational documents. Sources may include, but are not lim-ited to, a risk assessment, internal and external evaluations and manage-ment guidance.
Organising
The audit team prepares a detailed audit plan and develops a preliminary audit program. It prepares any necessary administrative documentation and other requirements needed for the audit. It processes and identifi es the various types of information and documentation required from the client, which will generally include organisational charts, job descriptions and rel-evant reports.
Fieldwork
This stage involves executing the procedures described in the scope docu-ments. The duration of the audit will vary depending on the scope and the requirements, the availability of labour as well as other resources required for the audit. During fi eldwork, the auditor should identify, analyse, evalu-ate and document suffi cient, reliable, relevant and useful information to achieve the audit objectives. The evidence gathered by the auditor will be documented in the working papers and used as the basis for the conclu-sions made and the results of the audit. The auditor must discuss signifi cant fi ndings with the audit team in order to fi nd solutions to resolve any prob-lems related to the fi ndings.
Reporting
The activities conducted during the reporting phase include:
• Preparing a Draft Audit Report; • Discussing proposed changes with the appropriate level of management; • Preparing a Final Audit Report; and • Distributing the Final Audit Report to the audit team and client.
The reports should include the audit objectives, the scope of audit work performed, an overview of the business or activity, conclusions regarding fi ndings and observations, and recommendations to management to ad-dress any issues found.
Recommendations should be included in the fi nal section of the report. They should include information on shortfalls and risks, and suggestions as to ongoing improvement for the client. The reports should also acknowl-edge when satisfactory performance is found.
I MANAGEMENT I ENGINEERING I AUDITING II MANAGEMENT I ENGINEERING I AUDITING I www.eeslive.com 2
GIVE YOUR COMPANY THE COMPETITIVE EDGE BY MEANS OF AN IT AUDIT
April 2014
I MANAGEMENT I ENGINEERING I AUDITING II MANAGEMENT I ENGINEERING I AUDITING I www.eeslive.com 3
Code of Ethics and Standards of Conduct
Integral to an audit of technical infrastructure is a Code of Ethics and Standards of Conduct.
The following Code of Ethics needs to be adhered to at all times:
• Integrity - The integrity of auditors establishes trust and provides the basis for reliance on their judgment.• Objectivity - Auditors exhibit the highest professional objectivity in gathering, evaluating and communicating information. Auditors are not unduly infl uenced by their own interests or others in forming judgments.• Confi dentiality - Auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.• Competency - Auditors apply knowledge, skills and experience needed.
The audit also needs to adhere to the following Stand-ards of Conduct:
• Service - Preserve a commitment to carry out all responsibilities with an attitude of service towards the client while maintaining a sincere and dignifi ed attitude.• Excellence - Uphold a high standard of service and a commitment to quality in performing all projects and assignments.• Leadership - Provide noteworthy examples which emphasise high ethical and moral standards.• Professionalism - Conduct business in a manner that refl ects favourably on the client.
Conclusion
In an increasingly competitive environment organisations are looking to optimise the performance of their IT sys-tems and technical infrastructure. The IT or technical in-frastructure audit is today part of a strategic and cultural shift in IT governance that, when implemented correctly, can help companies better utilise technology assets and enhance a company’s effi ciency and productivity.
Furthermore, these audits are being conducted increas-ingly, as regulatory compliance, risk management and IT security become higher corporate priorities. They ensure that information assets are safeguarded and data integ-rity is maintained.
Written by Thembi LebeseOperations Analyst, EES Africa (Pty) LtdTel +27 (0)10 590 6270, Email [email protected]
Thembi worked as an Analyst Developer in the Telecommunications Industry for 2 years before joining EES as Operations Analyst. She has experience in various organisational functional areas, infrastructure technologies, business processes within IT as well as development tools related to Enterprise Resource Planning.
Qualifi cations: - BCom (Business Information Systems) from the University of Venda
Additional Certifi cates:- PL/SQL Training- OBIEE Training
The evaluation of the audit fi ndings determines if the IT systems are oper-ating in a manner that will assist the organisation in achieving its strategic objectives. It assists the company in carrying out client projects according to budget and on schedule, and provides it with recommendations regard-ing future planning.
It is the responsibility of the company which has undergone the audit to implement the suggested actions in order to indeed improve their techni-cal infrastructure and consistently maintain a high level of performance.
References
Code of Ethics. (2013, June 12). Retrieved from http://www.iia.org.uk/: http://www.iia.org.uk/resources/global-guidance/code-of-ethics/
ISA 230 Audit Documentation
ISA 320 Materiality in planning and performing an audit
PLA
NN
ING
Gain understanding of the Audit
AU
DIT
REP
OR
T
Conduct meetings to
establish Audit team
Gather necessary
information related to the Audit
Prepare necessary
documentation
Organise the Audit
and prepare Audit
program
Identify necessary
information needed from
the client
Make necessary
changes to scope and
fi nalise requirements
Executing the procedures described in the scope
documents
Auditor should identify, analyse, evaluate and document suffi cient, reliable and useful
information to achieve the audit objectives
Prepare fi nal Audit report
Issue fi nal Audit report
START
END