technologyauditbymagdyelmessiry-130410144619-phpapp01

8/12/2019 technologyauditbymagdyelmessiry-130410144619-phpapp01

1/126

Technology Audit

1 Dr Magdy El Messiry

TechnologyAudit

Training CoursePART IBy

Dr. MAGDY ELMESSIRY

KNOWLEDGE TRANSFER CENTER

ALEXANDRIA UNIVERSITY

2011


2/126

Technology Audit


Technology Audits Will Help IdentifyPotential Issues That May Become SeriousProblems for Your Business If Left UnattendedWhile each organization should insurean effective continuous auditing forincrease the generated income

Dr. M.El Messiry


3/126

Technology Audit


"A trip of a thousand miles begins with a single step"

PREFACE

The main objectives of this booklet are to give the reader a survey of the different elements ofthe Technology Auditing (TA), hence the TA is the only way for the organization to improvetheir situation on the market. Technology audits will help identify potential issues that maybecome serious problems for your business if left unattended. Technology auditing will berecognized as the reliable and trusted source for the best application of relevant technology in theindustry. The continuous technology auditing will lead to the following;

Establishing proven methodologies for technology assessments

Establishing proven methodologies for quality control

Establishing a network of reliable and brief information sources Establishing a periodic review and assessment of technology news and information

Establishing a standard technology assessment model

Establishing a secured database of reports and assessments

Establishing and maintain business models for measuring return on investment and totalcost of ownership

To enhance the effectiveness of organization by providing the tools will be achieved throughinformation concerning the latest technology and innovation relevant to the particularindustrial fields that is the specific mission and goals of the organization.

The role of the Universities in implementing the Technology Auditing in the differentorganizations can be accomplished through the specialists in the technology and other areas of aglobally competitive economy. Their function will be the assistance in:

Promoting competitiveness and job creation.

Enhancing the quality of life.

Developing human resources.

Working towards environmental sustainability.

Promoting an information society.

Producing more knowledge-embedded products and services.

Developing innovation technologies that lead to increasing the number of patents.

The objective of this course is to give the specialists in the technology transfercenters at the universities and the industrial organizations the basic concepts on

TECHNOLOGY AUDITING and to help them in building TA departments.


4/126

Technology Audit


TABLE OF CONTENTS

PREFACE

CHAPTER ONE

TECHNOLOGY AUDTING

1.1 Introduction

1.2 Technology Audit Composition

CHAPTER TWO

INTERNAL AUDIT, EXTERNAL AUDIT, AND CONTINUOUS AUDITING

1. InternalAudit

1.1 Mission of the Internal Audit Function

1.2 Internal Audit Practice in Organization

1.3 Steps for Building the Internal Audit Team

1.4. Suggestion for Successful Internal Audit

1.5 Code of Ethics for Audit Staff

1.6 International Standards for the Professional Practice of Internal

Auditing (Standards)

2. External Audit

2.1 Implementation Procedure

2.2. Continuous Auditing

2.3.Key Steps to Implementing Continuous Auditing

2.3.1. Additional Considerations

2.3.2. Organizational Infrastructure


5/126

Technology Audit


2.3.3. Impact on Personnel

CHAPTER 3

THE AUDITORS PERFORMANCE IN TECHNOLOGY AUDIT

3.1. Introduction

3.2. Role of Auditor

Phase One: Pre-Audit

Phase Two: On-Site Visit

3.3. Road Map for the External Audit Team Audit Leader

3.4. Notes to the Auditor

3.4. Control objectives

CHAPTER 4

SWOT ANALYSIS

4.1 Introduction

4.2. The Need for SWOT Analysis

4.3. Limitations of SWOT Analysis

4.4. SWOT Analysis Framework

CHAPTER 5

PRACTICAL EXAMPLES OF SWOT ANALYSIS

5.1. Health centers

5.2. University SWOT Analysis

5.3. Retail Industry SWOT Analysis

4.4. Web Business SWOT Analysis


6/126

Technology Audit


CHAPTER 6

GLOSSARY

APPENDIX I

SWOT Analysis Template

APPENDIX II

Audit Checklist

APPENDIX III

Audit Checklist ISO/IEC 19770-1

APPENDIX IV

Template to use when writing an audit report

APPENDIX V

Information Technology Audit Report

REFERENCES


7/126


8/126

Technology Audit


As shown in Figure (1), an organization can perform an audit in order to:

Generate income (or more income) for the technology driven organizations (e.g.

technology based enterprises, research centers, institutes) from their available technology. Improve the productivity of the technological factors. Improve business competitiveness and public administration's performance. Assess your current capabilities before making expensive changes. Learn how to optimize the use of current technology. Learn about your technology options. Get an independent assessment that can help convince your organizational partners of

changes needed.

An audit is merely a checkup. As we gather more and more techno -devicesaround us, we recognize the need to ensure that they are all accounted for, are

working properly, and are being employed for proper purposes, purposes thatadvance the cause for our organizations. Consequently, a technology audit exists atits very core as an activity that focuses our full attention upon improvement,sustainable improvement and continuous innovation. Organizational survey andtechnology audit will help in understanding the level of attention paid totechnology in the organization and facilitate the involvement of employees fromdifferent departments of the organization in the technology management process.The organizational survey and technology audit provides an instrument forauditing the organizations technological capabilities and its awareness of

technology as means of improving competition. The organizational survey andtechnology audit are used to assess whether the organizations management has theappropriate level of understanding of technology and technology management, andwhether the required climate to use technology is in place.

Formulation of technology strategy addresses the issue of how to recognize thecritical technological needs and identifies the basic dimensions of a technologystrategy. It consists of three steps: technology assessment, technology selection,and definition of the portfolio of technological projects, and strategic priorities andactions

3. The technology audit is equally applicable to manufacturing and service

firms. The firms should wish to create new products, incorporate new processes,

diversify their activities and be with growth potential. They should have capacityto survive and innovate and competence for international cooperation. Technologyauditing should consider as means of ensuring business continuity in amanufacturing organization.


9/126

Technology Audit


Figure (1) Objectives of Audit Cycle


10/126

Technology Audit


1.2 Technology Audit Composition

The implementation of the technology auditing starts with the answering to;

What is the relationship between technology, business strategy andinnovation in ensuring continuity of the organization?

What does a technology audit consist of and what tools are available to helpconduct the technology audit?

What is the process flow of a technology audit?

The main steps of a technology audit process are4:

Step 1: Company Decision for Technology Audit

The starting point of the technology audit process is the desire or wish of a firm to

carry out a technology audit.

Step 2: Initial phase

The initial phase is important to ensure that the audit proceeds smoothly and

effectively. It includes discussion at the management level to explain and agreeupon the purpose of the audit, to design the questionnaire and the framework forthe report to suit the organization and to select those to be interviewed. Initialinformation about the organization (published and unpublished reports) is gatheredat this stage. Analysis of questionnaires should be done prior to the interviews andmight be done at an earlier stage, so that selection of those to be interviewed is

partly based on questionnaires.

Step 3: Interview and report phase

The company is being interviewed with a questionnaire, normally with

participation of the General Manager, aiming at:

Collecting general company data Shaping company technology profile Performing SWOT Analysis Identifying technological areas for further analysis.


11/126

Technology Audit


Technology Audit Tool consists of two parts, the questionnaires and the reports.The results derived from the questionnaires generate the reports that can be easilyaccessed by the General Manager of the company, but for a more accurate and less

biased diagnosis, an external specialized consultant is proposed.

Step 4: Technology Audit Report Framework

The final report of the technology audit should include:

Subjects analyzed Methodology used Problem areas identified

Solutions proposed for the problems Steps to be taken for implementing the solutions (action plan)

The expected results from a carefully conducted technology audit mainly concern4:

Complete and comprehensive analysis and evaluation of the requirements ofthe organization for its sustainable growth

Thoroughly objective SWOT Analysis

Opportunity spotting for new products / new services / new technologies / newmarkets

Networking with technology suppliers, technological sources, other companies

Possible assessment of technology portfolio, intellectual property rights

There are five tasks within the audit process area:

1. Develop and implement a risk-based international audit standards (IS) auditstrategy for the organization in compliance with international audit standards,

guidelines and best practices.

2. Plan specific audits to ensure that IT and business systems are protected andcontrolled.

3. Conduct audits in accordance with IS audit standards, guidelines and best practices


12/126

Technology Audit


to meet planned audit objectives.

4. Communicate emerging issues, potential risks and audit results to key stakeholders.

5. Advise on the implementation of risk management and control practices within theorganization while maintaining independence.


13/126

Technology Audit


CHAPTER TWO

INTERNAL AUDIT, EXTERNAL AUDIT, AND CONTINUOUS AUDITING

The auditing process can be divided into three categories; Internal Audit, ExternalAudit, and Continuous Audit that might integrate for the fulfillment of the

organization objectives as illustrated in Figure (2).

2.1. Internal Audit

Internal auditing, as defined by the Institute of Internal Auditors (IIA), is anindependent, objective assurance and consulting activity designed to add value andimprove an organization's operations. It helps an organization accomplish itsobjectives by bringing a systematic, disciplined approach to evaluate and improvethe effectiveness of risk management, control, and governance processes.

2.1.1 Mission of the Internal Audit Function

The mission of the internal audit function is to provide organization management

with systematic assurance, analyses, appraisals, recommendations, advice andinformation with a view to assisting it, and other stakeholders, in the effectivedischarge of their responsibilities and the achievement of organizations mission

and goals5. The role of the internal audit function includes providing reasonable

assurance on the effectiveness, efficiency and economy of the processes in variousareas of operations within the organization, as well as compliance withorganization financial and staff rules and regulations, general assembly decisions,applicable accounting standards and existing best practice.

2.1.2 Internal Audit Practice in Organization

Each organization should establish Internal Audit. Its original mandate included

both internal audit and evaluation functions. The Internal Audit Department alsoinformally acted as a focal point for investigation and inspection. The organizationInternal Audit Charter follows Standards for the Professional Practice of InternalAuditing issued by the Institute of Internal Auditors

5(IIA) in assignments


14/126

Technology Audit


performing audit.Audits are conducted in accordance with a detailed annual auditplan that is developed based on an annual risk-based assessment of internal auditneeds for the whole of organization.

Figure (2) Types of Auditing Models

Figure (3) Steps of Performing Internal Audit


15/126

Technology Audit


Risk-based annual audit plans are subject to regular revision, at least annually, inorder to be aligned with the strategic objectives of the organization. Audit needsare estimated based on a thorough review of organizations business and other

systems and processes which make up the audit environment for the InternalOrganization Audit Department. The audit needs assessment is reviewed annuallyat the same time as the detailed annual audit plan is set out.

For annual audit planning purposes in line with the new set of strategic goals setfor the Organization, the Internal Organization Audit Department strategy and

annual plans are re-aligned regularly to ensure:

Due emphasis is put on the operational efficiency and effectiveness aspect

in the detailed work plans to the extent possible. Main organization business processes are reviewed to identify strengths and

good practices, as well as gaps and deficiencies. Value adding

recommendations are made to assist management in addressing these issues.

Audit support is provided to key management and governance initiatives

recognizing that the responsibility for such initiatives rests with the

management in the case of a strong indication of any fraudulent activity

found during an audit.

Sufficient audit work is performed to gather factual evidence and the

supporting documentation is handed over to the Investigation Section for

further examination if need be.

2.1.3 Steps for Building the Internal Audit Team

Figure (3) represents the steps for building the Internal Audit Team.

1- Group FormationLocal audit team leaders are chosen. They may appoint an individual to serve as

overall coordinator, as well. The key here is to get the best leadership in placeand functioning quickly.2-Audit teamsAudit teams are formed and necessary documents needed to support the audit

are gathered (Technology plan, facilities plan, personnel reports, etc.).


16/126

Technology Audit


3- MeetingsMeetings are held at each organization department to explain this process toemployees. The purpose is to ensure that all employees know what to expect as

their auditors begin gathering data from a large number of locations to explainthe process, to seek community support and patience, and to forecast somefindings. This serves to get the community on board.4- Teams WorkDepartment-by-Department teams are working within the organization. At the

same time, another team works on the organization as a whole.5- Individual Team ReportsReports are written, and then combined into an organization wide document.

6- Team Leader Report

Team leadershares the internal audit report with the organization board.7- Report ApprovalOrganization board approves the internal technology audit final report.8- Report PublicationTeam leader authorizes the report publication.

2.1.4. Suggestion for Successful Internal Audit

In order to insure the success of the internal audit processes the following

recommendations6 should be considered by the organization manager forimplementing the Internal Audit;

Recommendation 1:

Invite the Director General to submit Internal Audit Charter to the organizationgeneral assembly. The charter could then cover the activities of the EvaluationSection and could give a general description of the tasks of the department and amore detailed description of the tasks of each Section (Director, Internal Audit,Investigation, and Evaluation & Inspection). After this recommendation has beenaccepted,Internal Organization Audit Department supports this recommendation asit will help clarify the distinct roles of the three main functions, i.e. internal audit,investigation and evaluation and promote the role of oversight in organization. Arevision of the Internal Audit Charter will be proposed for review by the Programand Budget Committee which will create an Internal Audit.


17/126


18/126

Technology Audit


Recommendation 7:

Invite Internal Organization Audit Department to review its strategy on planningfor audits involving medium to low risks in order to concentrate more on

engagements involving higher risks.

Recommendation 8:

The Internal Audit Section should:a. clarify the work program by linking it with the risk analysis,

b. ensure that the work program includes the priorities and the resource allocationfor each subject to be audited,c. ensure that the work program allows a connection to be made between theworking papers and the recommendations,

d. ensure that comments concerning the involvement and assignment of externalexperts are highlighted in the audit plan, ande. ensures that the signature of the Director of Internal Organization AuditDepartment and the date of approval are systematically placed on the audit

program before the audit begins.

Recommendation 9:

Invite Internal Organization Audit Department:

a. to improve the formalization of working documentation so that a third partyaudit professional is always able to compare the objectives of the engagement, the

content of the examinations carried out, the results, the auditors opinion and therecommendations. The standardization and organization of working papers couldgo some way to achieving this,

b. to integrate into the Internal Audit Manual regulations relating to auditdocuments, information to be archived and the period for which files must be kept;rules on access by third parties to working papers should also be included,c. to create audit notes that include a summary of the work carried out and allowconnections to be made between the work program, interviews, analyzeddocuments and the notes and recommendations contained in the report,

d. to establish a system for reviewing working papers and dating and signing them,and

e. to provide for the establishment of standards relating to documentation in theaudit manual.


19/126

Technology Audit


Recommendation 10:

In order to increase the visibility of the internal audit function within organization,

invite the Director of Internal Organization Audit Department to increase hiscontact with the Organization General manger.

2.1.5 Code of Ethics for Audit Staff

The internal audit staff is expected to follow the internal audit function in conducting

audits as set out in the Audit Charter8.

The Internal Auditor enjoys operational independence in the conduct of

his/her duties. He/she has the authority to initiate, carry out and report on

any action, which he/she considers necessary to fulfill his/her mandate.

The Internal Auditor shall be independent of the programs, operations and

activities he/she audits to ensure the impartiality and credibility of the audit

work undertaken.


20/126

Technology Audit


Internal audit work shall be carried out in a professional, unbiased and

impartial manner.

The conclusions of the audits shall be shared with the managers concerned,

who shall be given the opportunity to respond.

Any situation of conflict of interest shall be avoided.

The Internal Auditor shall have unrestricted, direct and prompt access to all

organization records, officials or personnel holding any organization

contractual status and to all the premises of the Organization.

The Internal Auditor shall respect the confidential nature of information and

shall use such information with discretion and only in so far as it is relevant

to reach an audit opinion.

2.1.6 International Standards for the Professional Practice of Internal Auditing

(Standards)

The Institute of Internal Audit published the professional practice that includes

Introduction to the Standards, Attribute Standards, and Performance Standards*.

Internal auditing is conducted in diverse legal and cultural environments; withinorganizations that vary in purpose, size, complexity, and structure; and by personswithin or outside the organization. While differences may affect the practice ofinternal auditing in each environment, conformance with the IIAs InternationalStandards for the Professional Practice of Internal Auditing (Standards) is essentialin meeting the responsibilities of internal auditors and the internal audit activity.

The purpose of the Standards is to:

1. Define basic principles that represent the practice of internal auditing.2. Provide a framework for performing and promoting a broad range of value-

added internal auditing.3. Establish the basis for the evaluation of internal audit performance.4. Foster improved organizational processes and operations.

The Standardsare principles-focused, mandatory requirements consisting of:


21/126

Technology Audit


Statements of basic requirements for the professional practice of internalauditing and for evaluating the effectiveness of performance, which areinternationally applicable at organizational and individual levels.

Interpretations, which clarify terms or concepts within the Statements.

The structure of the Standardsis divided between Attribute and PerformanceStandards. Attribute Standards address the attributes of organizations andindividuals performing internal auditing. The Performance Standards describe thenature of internal auditing and provide quality criteria against which the

performance of these services can be measured. The Attribute and PerformanceStandards are also provided to apply to all internal audits.

Implementation Standards are also provided to expand upon the Attribute and

Performance standards, by providing the requirements applicable to assurance orconsulting activities. Assurance services involve the internal auditors objective

assessment of evidence to provide an independent opinion or conclusionsregarding an entity, operation, function, process, system, or other subject matter.The nature and scope of the assurance engagement are determined by the internalauditor. There are generally three parties involved in assurance services:

1. the person or group directly involved with the entity, operation, function,process, system, or other subject matterthe process owner,

2. the person or group making the assessmentthe internal auditor,

3. the person or group using the assessment the user.

Consulting services are advisory in nature, and are generally performed at thespecific request of an engagement client. The nature and scope of the consultingengagement are subject to agreement with the engagement client. Consultingservices generally involve two parties:

1. the person or group offering the advice the internal auditor,

2. the person or group seeking and receiving the advicethe engagement client.

When performing consulting services the internal auditor should maintainobjectivity and not assume management responsibility.


22/126

Technology Audit


2. External Audit

External assessments must be conducted at least once every five years by aqualified, independent reviewer or review team from outside the organization. Thechief audit executive must discuss with the organization board the need for morefrequent external assessments and the qualifications and independence of theexternal reviewer or review team, including any potential conflict of interest. Aqualified auditor or auditing team demonstrates competence in two areas: the

professional practice of internal auditing and the external assessment process.Competence can be demonstrated through a mixture of experience and theoreticallearning. Experience gained in organizations of similar size, complexity, sector or

industry, and technical issues is more valuable than less relevant experience. In thecase of an auditing team, not all members of the team need to have all the

competencies; it is the team as a whole that is qualified. The chief audit executiveuses professional judgment when assessing whether an auditor or auditing teamdemonstrates sufficient competence to be qualified. An independent auditor orauditing team means not having either a real or an apparent conflict of interest andnot being a part of, or under the control of, the organization to which the internalaudit activity belongs.

2.1 Implementation Procedure

A schematic of the steps that are normally followed while carrying out atechnology audit is shown and described below. Partial techniques per step are thetools used for the proper implementation of the technique.

STEP 1: Desire/Wish to Carry Out Technology Audit

Desire / wish of the organization to carry out technology audit, if the company

initiates the audit, no particular communication tool is used. However, if thecompany is approached by the service provider, it should explain: Scope ofinitiative, brief description of technique, potential benefits to the organization, andmain characteristics of the consultant / service provider.

STEP 2: Expert to Carry Out Technology Audit

Once common ground has been established between the organization and external

consultant/expert, the next step can follow.


23/126


24/126


25/126


26/126

Technology Audit


- Potential suggestions (especially if the audit stops at this point) for resolvingproblems and exploiting strengths & opportunities, mainly by indicating routes forsolutions with an action plan, isolation of specific areas / departments for further

diagnosis, proposal with justification.

STEP 7: PRESENTATION OF FIRST DIAGNOSIS REPORT TO GENERAL MANAGER AND

COMPANY MANAGEMENT

Presentation of first diagnosis report to General Manager and company management is

done with the handing out some time earlier of a hard copy of the report, themain findings, and the finalization on whether to continue for further diagnosis and

the agreement on the subject(s) to analyze is also performed here.

STEP 8: ADDITIONAL VISITS/INTERVIEWS TO DEPARTMENT HEADS

Entail an in-depth investigation of key areas of the organization being assessed. Afull due diligence audit of an external company can take up to a week at a smallsingle-site company with a technical staff of 50 or less, several weeks at larger

companies with a localized development team, and even longer examining a largercompany with geographically distributed development teams.


27/126

Technology Audit


Obviously, the relationship between company size and inspection effort is non-linear. This is because a certain set of core elements, such as policies and

procedures, business plans, and infrastructure standards are centrally located.

Typical areas and themes that could be covered with either specific subject tools orin a less structured way (if done by a specialist) could be:

(a) Quality

Policygoalspersonnel involvementtraining;

Process qualitymonitoring and control systemshandlingstoragepackaging;

Keeping of records/use of results;

Product qualityraw materials quality controlproduct quality control;

ISO issuespresentationbenefits.


28/126

Technology Audit


Figure (5) Quality Control Cycle

(b) Human resources

Skillsavailability;

Satisfactionrewards;

Meetingsawareness of company activities/products;

Team working/project management;

Continuing education/training;

Promotionevolutionrecord.

(c) Research and development Product development

Research and development strategy/partners;

QUALTY


29/126

Technology Audit


Product mix/product lifecycle analysis;

Analysis of procedures for new product development;

Analysis of research and development activities;

Participation in research and development projects;

Focus on specific research and development area identification of potential technologysuppliers.

Figure (4) Steps of Product Development throughout R&D


30/126

Technology Audit


(d) Production operation

Walk through production facilitiesbottlenecksproblem areas;

Material flowflow diagram;

Overview of system automation/needsopportunities;

Floor and product safety;

Maintenanceproceduresplanningproblems;

Analysis of productivity.

(e) Marketing/sales

Existence/analysis of marketing plan;

Strategymarket share/localexports;

Competitors analysis/sector analysis/opportunitiesthreats;

Distribution networksproblems;

Use of information technologies for sales/e-commerceInternetwww.urenio.org.

STEP 9: FINAL REPORT OF THE TECHNOLOGY AUDIT COMPILED BY THE EXPERTS

Final report of the technology audit, as given in Figure (6), compiled by the expertsshould contain the following*:

Executive summary

Summary of results from first part diagnosis

Subject(s) analyzed in second part

Methodology used for analysis

Problems identified
http://www.urenio.org/http://www.urenio.org/


31/126

Technology Audit


Solutions proposed

Actions to be taken (action plan)

Figure (6) Technology Audit Final Report Contents


32/126

Technology Audit


The action plan

Should be:

a) Specific to the subjectb) With a time framec) With determined milestonesd) With an estimated budgete) With the listing of expected resultsf) With identification of potential problem solvers (technology or service providers)g) With indications about provisional funding for implementing the solutions(e.g. national and / or international R&D programs)h) An implementation monitoring schedule, possibly to be done by the service provider.The action plan should be specific to the subject, with a timeframe, with determined

milestones and with an estimated budget. The action plan must list the expectedresults, identify potential problem solvers (technology or service providers) andindicate provisional funding for implementing the solutions. An implementation,monitoring-schedule must be done by the technology auditor in conjunction with a

project manager.

STEP 10: PRESENTATION OF REPORT BY EXPERT TO COMPANY MANAGEMENT

At step 10 the report by the technology auditor to the organization must discussissues identified, solutions proposed, the proposed action plan and the monitoringsystem that will be used.The systematic audit program includes initiating the audit, preparing for on-siteaudit, conducting on site audit, report preparation and follow-up activities. Thefollow-up activities in this context are the improvements activities result from theaudit finding. Figure (7) shows the stages of audit program management.


33/126


34/126


35/126


36/126

Technology Audit


2.3.1. KEY STEPS TO IMPLEMENTING CONTINUOUS AUDITING

Once the issues above are understood by managers and auditors alike, theorganization will be in a better position to begin using continuous auditing.Generally, the implementation of continuous auditing consists of six proceduralsteps, demonstrated in Figure (8), which are usually administered by a continuousaudit manager. Knowing about these steps will enable auditors to better monitor

the continuous audit process and provide recommendations for its improvement, ifneeded. These steps include:

1. Establishing priority areas.

2. Identifying monitoring and continuous audit rules.3. Determining the process' frequency.4. Configuring continuous audit parameters.5. Following up.6. Communicating results.

Below is a description of each.

1. Establishing Priority Areas

The activity of choosing which organizational areas to audit should be integratedas part of the internal audit annual plan and the company's risk managementprogram. Many Internal Audit Departments also integrate and coordinate withother compliance plans and activities, if applicable. (Steps 2-6 below are applicableto all of the priority areas and processes being monitoring as part of the continuousaudit program.)

Typically, when deciding priority areas to continuously audit, internal auditors andmanagers should:

Identify the critical business processes that need to be audited by breakingdown and rating risk areas.

Understand the availability of continuous audit data for those risk areas. Evaluate the costs and benefits of implementing a continuous audit process

for a particular risk area. Consider the corporate ramifications of continuously auditing the particular

area or function.


37/126


38/126

Technology Audit


Furthermore, other tools used by the manager of the continuous audit functioninclude an audit control panel in which frequency and parameter variations can beactivated. Hence, the nature of other continuous audit objectives, such as

deterrence or prevention, may determine their frequency and variation.

4. Configuring Continuous Audit Parameters

Rules used in each audit area need to be configured before the continuous auditprocedure (CAP) is implemented. In addition, the frequency of each parametermight need to be changed after its initial setup based on changes stemming fromthe activity being audited. Hence, rules, initial parameters, and the activity'sfrequency also a special type of parameter should be defined before the

continuous audit process begins and reconfigured based on the activity's

monitoring results.When defining a CAP, auditors should consider the cost benefits of error detectionand audit and management follow-up activities. For instance, in the example of the

bank described earlier, the excess threshold of US $1,000 could lead to a numberof false negatives (e.g., values that were ignored when the balance was smallerthan US $1,000 but were identified as representing a problem) and a number offalse positives (e.g., values with balances above US $1,000 that were flagged butwere accurate). If the threshold is increased to US $2,000, there will be an increasein false negatives and a decrease in false positives. Because follow up costs wouldgo up as the number of false positives increases and the presence of false negatives

may lead to high operational costs for the organization, internal auditors shouldregularly reevaluate if error detection and follow-up activities need to becontinued, reconfigured, temporarily halted, or used on an ad hoc basis.

Furthermore, the stratification of audited data into sub-groups allows organizationsto better monitor the activity and reconfigure any parameters (e.g., auditors will benotified when balances larger than 20 percent of the debt remain that are alsolarger than US $5,000). However, the more complex the rule and its conditionalcomponents, the more parameters that must be examined, monitored, andsometimes reconfigured.

5. Following UpAnother type of parameter relates to the treatment of alarms and detected errors.Questions such as who will receive the alarm (e.g., line managers, internalauditors, or both usually the alarm is sent to the process manager, the manager's

immediate supervisor, or the auditor in charge of that CAP) and when the follow-


39/126

Technology Audit


up activity must be completed, need to be addressed when establishing thecontinuous audit process.Additional follow-up procedures that should be performed as part of the

continuous audit activity include reconciling the alarm prior to following up bylooking at alternate sources of data and waiting for similar alarms to occur beforefollowing up or performing established escalation guidelines. For instance, the

person receiving the alarm might wait to follow up on the issue if the alarm ispurely educational (i.e., the alarm verifies compliance but has no adverse economicimplications), there are no resources available for evaluation, or the area identifiedis a low benefit area that is mainly targeted for deterrence.

6. Communicating Results

A final item to be considered is how to communicate with auditors. Wheninforming auditors of continuous audit activity results, it is important for theexchange to be independent and consistent. For instance, if multiple system alarmsare issued and distributed to several auditors, it is crucial that steps 1-5 take place

prior to the communication exchange and that detailed guidelines for individualfactor considerations exist. In addition, the development and implementation ofcommunication guidelines and follow-up procedures must consider the risk ofcollusion. Much of the work on fraud indicates that the majority of fraud iscollusive and can be performed by an internal or external party. For example, inthe case of dormant accounts, both the clerk that moves money and the manager

that receives the follow-up money may be in collusion since the manager's keymay have to be used for certain transactions.

ADDITIONAL CONSIDERATIONS

Besides the six steps described in the previous section, two additional issues thatemerge when implementing continuous auditing are the infrastructure needed forthe process to work and its impact on the workplace.

Organizational Infrastructure

Because continuous auditing is a part of the company's audit function, it must bekept independent of management. Therefore, during the planning stages, auditorsneed to keep in mind the process' independence when designing its structure. Forinstance, a typical Internal Audit Departments structured so that areas of thedepartment focus on different cycles or business activities. In addition, thedepartment may be divided into financial and IT audit functions.


40/126

Technology Audit


Sometimes, however, IT audit activities are incorporated as part of existing IToperations. In organizations such as these, the development of continuous auditingis usually delayed because the activity may not get the necessary development

priority. Regardless of whether IT audit activities are part of the organization's ITor Internal Audit Department, the organization must maintain the process'independence as well as allocate resources in support of continuous audit activities.

Impact on Personnel

In addition, the audit manager in charge of the continuous audit process shouldhave a more technical understanding of IT as well as extensive experience on theactivities being audited. However, hiring, training, and retaining auditors who canimplement and monitor continuous audit activities might be challenging due to the

scarcity of internal auditors with knowledge in the area. Furthermore, thecontinuous audit process might create a daily stream of issues that need to beresolved, which might prove stressful given current personnel resources, and mightrequire the continuous audit manager to exert adequate authority in moments ofexceptions.


41/126

Technology Audit


CHAPTER 3

PERFORMANCE IN TECHNOLOGY AUDIT

3.1. Introduction

Appointment of Auditor auditors are usually appointed by the organizationmangers at the administration council meeting.

Terms of Engagement an engagement letter provides written recognition of theauditors acceptance of appointment, sets out the scope of the audit plus auditors

and management responsibilities.

Audit Programsets out the extent and type of audit procedures. Auditors work tointernationally agreed auditing standards. Auditors start by gaining anunderstanding of the organizations activities. For each major activity listed in the

financial statements, auditors identify and assess risks that could have a significantimpact on the financial position or performance.


42/126

Technology Audit


Detailed Examinationauditors perform testing and obtain evidence to satisfy therequirements of the audit program. Testing may include compliance with theorganizations accounting policies, examining accounting records and verifying the

existence of tangible items such as plant and equipment.

Audit Reportcontains the audit opinion on the financial report and basis of thatopinion. The scope of the audit plus auditors and management responsibilities arealso restated. The external auditor should maintain independence frommanagement and directors so that the tests and judgments are made objectively.

Auditors discuss the scope of the audit work with the organization. Auditorsdetermine the type and extent of the audit procedures they will perform dependingon the risks and controls they have identified. Auditors form an opinion on theinformation in the final report. However, the external auditor should not look atevery transaction carried out by the organization, test the adequacy of all of theorganizations internal controls, identify all possible irregularities, audit other

information provided to the members of the organization e.g. the directorsreport. Figure (9) gives the flowchart of the external audit.


43/126

Technology Audit


Figure (9) Flowchart of the external auditSource: www.urenio.org


44/126


45/126

Technology Audit


Figure (10) Duties of Leader of Auditor Team

Auditors

The role of an auditor, as shown in Figure (11), is to: Participate inthe opening meeting

Identify and gather information Analyses information Evaluate information Report findings Participate in the feedback session

Undertake other duties as requested by the lead auditor.


46/126

Technology Audit


Figure (11) Role of Auditor

To understand better how a comprehensive, effective technology audit works, theprocess can be broken down into its various phases in order to draw a comparison

between the audit process and the activities associated with organizationaccreditation. Accreditation visit to occur can be segmented into three phases:

1) Getting ready;

2) On-site visit;

3) Results & follow up.

The greatest quantity of work occurs during the first phase. Therefore, the threephases will be examined accordingly.


47/126

Technology Audit


Phase One: Pre-Audit

Whether the technology audit has been triggered by the organization internal desireto assess its accountability or whether the impetus has come from outside theorganization, the initial phase is the same. The organization must get ready for theaudit. Thus, this phase is sometimes called the pre-audit stage. At a macro level,the organization might want to establish a set of systems that can be put in place to

make auditors time more valuable, more efficient. Auditor may want to form agroup of teams to perform specific functions; a physical location may be specifiedas a gathering point for evidentiary documents; a series of focus group meetings

should be scheduled so organization leaders can encourage employees and

community members to voice their opinions and give their perspectives regardingthe organizations status; to create a system where all the hard work of engagedpeople, the data and reports auditor collect, and the supporting systems can beperpetuated.

Enrolling team members - To make your technology audit a success, it is essential

to have high-quality teams. The teams will be made up of the specialized members.The team leaders will ensure a strong and fluid cooperation among teams, allworking on a common end goal. Team building is a significant activity. Allorganization leaders realize this fully. Best leaders who build and grow the best

teams so they will accomplish the best results.

The auditor team leader may clarify with organization employees by explaining tothem that a technology audit is coming and he wants to obtain their very bestthinking about some strategies that will assure success for the organization. During

this meeting, the auditor might want to engage in a simple brain storming activity,asking everyone to call out, as fast as they can, all the areas where is the use oftechnologies in the organization. Team leader might ask them to be frank andcandid in their comments, and then ask them to pinpoint areas where they perceivethat improvements could be made. If/when they mention some examples, the

auditor asks for substantiating evidence that may give the clues to other thingsneeding. The team leader tries to imagine how the auditors will see things/look atthings through their eyes. What would the auditors do? What would they say?What would they seek? How would they interpret what you give them? Whatwould they recommend? As the leader and the team of advisors go through theseconsiderations, they will have prepared themselves well for what lies ahead, and


48/126

Technology Audit


will no longer fear the technology audit, or consider it as a negative event. Rather,they will see this as a profoundly important opportunity to engage in systemicimprovement, as well as great improvement at the individual level.

Phase Two: On-Site Visit

The time has come finally when auditors arrive at the organization and are

examining both the reports (data, information, and evidence) and the actual realityof technology integration. This guideline is intended to help auditors conduct morefocused reviews of technology acquisitions by enabling them to quickly identifysignificant areas of risk. Using these guidelines will help auditors identify criticalfactors not addressed by management, make a general evaluation of any

procurement risks, and provide rapid feedback to agency officials so they can takecorrective action in a timely and efficient manner. Use of the guidelines should beselectively tailored to the requirements of particular reviews and adapted to thestatus of the acquisition. Auditors will need to exercise professional judgment inassessing the significance of audit results or findings. Professional judgment is

necessary to evaluate this information and determine if the agency conducted anadequate requirements analysis.

There are five tasks within the audit process area:

1. Develop and implement a risk-based audit strategy for the organization incompliance with audit standards, guidelines and best practices.

2. Plan specific audits to ensure that IT and business systems are protectedand controlled.

3. Conduct audits in accordance with audit standards, guidelines and best

practices to meet planned audit objectives.

4. Communicate emerging issues, potential risks and audit results to key

stakeholders.

5. Advise on the implementation of risk management and control practiceswithin the organization while maintaining independence.


49/126

Technology Audit


3.3. Audit planning

Audit planning consists of both short- and long-term planning, demonstrated in

Figure (12). Short-term planning takes into account audit issues that will becovered during the year, whereas long-term planning relates to audit plans that willtake into account risk-related issues regarding changes in the organizationstechnology strategic direction that will affect the organizations technologyenvironment. Analysis of short- and long-term issues should occur at leastannually.

Figure (12) Types of Audit Planning


50/126

Technology Audit


Figure (13) Perform Audit Planning Steps

This is necessary to take into account new control issues, changing technologies,changing business processes and enhanced evaluation techniques. The results ofthis analysis for planning future audit activities should be reviewed by seniormanagement, approved by the audit committee, if available, or alternatively by theBoard of Directors, and communicated to relevant levels of management. Inaddition to overall annual planning, each individual audit assignment must beadequately planned. The auditor should understand that other considerations, suchas risk assessment by management, privacy issues and regulatory requirements,

may impact the overall approach to the audit. The auditor should also take intoconsideration system implementation/upgrade deadlines, current and future

technologies, requirements of business process owners, and resource limitations.

When planning an audit, the auditor must have an understanding of the overallenvironment under review. This should include a general understanding of thevarious business practices and functions relating to the audit subject, as well as thetypes of information systems and technology supporting the activity.

To perform audit planning which is shown in Figure (13), the auditor should

perform the following steps in this order:

Gain an understanding of the businesss mission, objectives, purpose andprocesses, which include information and processing requirements, such asavailability, integrity, security and business technology.


51/126

Technology Audit


Identify stated contents, such as policies, standards and required guidelines,

procedures, and organization structure.

Evaluate risk assessment and any privacy impact analysis carried out bymanagement.

Perform a risk analysis.

Conduct an internal control review.

Set the audit scope and audit objectives.

Develop the audit approach or audit strategy.

Assign personnel resources to the audit and address engagement logistics.

Audit planning Short-term planning Long-term planning Things to consider

New control issues Changing technologies Changing business processes

Enhanced evaluation techniques Individual audit planning

Understanding of overall environment Business practices and functions Information systems and technology

3.4. Road Map for the External AuditTeam Audit Leader

The following are steps that the Team audit leader would perform to determine anorganizations level of compliance with external requirements:

Identify those government or other relevant external requirements dealing with:

Electronic data, copyrights, e-commerce, e-signatures, etc.


52/126

Technology Audit


Computer system practices and controls

The manner in which computers, programs and data are stored

The organization or the activities of the information services

Document applicable laws and regulations

Assess whether the management of the organization and the information systems

function have considered the relevant external requirements in making plans and insetting policies, standards and procedures

Review internal information systems department/function/activity documents that

address adherence to laws applicable to the industry

Determine adherence to establishing procedures that address these requirements.

3.5. Notes to the Auditor

Auditor will not ask about any specific laws or regulations, but may questionabout how one would audit for compliance with laws and regulations.

Auditorshould be aware that it is important that the auditor understands the

relationships of control objectives and controls; control objectives and auditobjectives; criteria and sufficiency and competency of evidence; and auditobjective, criteria and audit procedures. Strong understanding of these elements is

a key for the auditors performance.

Auditor is the importance of setting legal advice. There are two key aspects thatcontrol needs to address, what the auditor should to achieve and what to avoid.

Auditor addresses not only to internal controls business/operational objectives,

but need to address undesired events through preventing, detecting, and correcting

undesired events. Types of control;

Internal accounting controls -Primarily directed at accounting operations, such as

the safeguarding of assets and the reliability of financial records


53/126

Technology Audit


Operational controls - Directed at the day-to-day operations, functions and

activities to ensure that the operation is meeting the business objectives

Administrative controls -Concerned with operational efficiency in a functionalarea and adherence to management policies including operational controls. Thesecan be described as supporting the operational controls specifically concerned withoperating efficiency and adherence to organizational policy.

Figure (14) Elements to Development of Internal Control Manual

3.6. Control objectives

Every organization needs to have a sound internal control in place to keep theorganization on course toward profitability goals and achievement of its mission,to minimize surprises along the way and to be able to realize its opportunities.Elements to Development of Internal Control Manual are illustrated in Figure (14).


54/126


55/126

Technology Audit


remain unchanged from those of a manual environment. However, control featuresmay be different. Thus, internal control objectives need to be addressed in amanner specific to related processes.

Figure (15) Internal Control Pyramid http://www-audits.admin.uillinois.edu/ICT/ICT-summary.html

Internal Control is a process within an organization designed to provide

reasonable assurance:

That information is reliable, accurate, and timely.

Of compliance with policies, plans, procedures, laws, regulations, andcontracts.

That assets (including people) are safeguarded. Of the most economical and efficient use of resources.

That overall established objectives and goals are met.

Internal controls are intended to prevent errors or irregularities, identify problems,

and ensure that corrective action is taken.

Figure (15) illustrates the internal control pyramid and the information andcommunication path.


56/126


57/126

Technology Audit


Figure (16) SWOT Analysis Framework14

4.3. Limitations of SWOT Analysis

SWOT Analysis is not free from its limitations*. It may cause organizations toview circumstances as very simple because of which the organizations mightoverlook certain key strategic contact which may occur. Moreover, categorizing

aspects as strengths, weaknesses, opportunities and threats might be verysubjective as there is great degree of uncertainty in market. SWOT Analysis doesstress upon the significance of these four aspects, but it does not tell how anorganization can identify these aspects for itself.There are certain limitations of SWOT Analysis which are not in control of

management. These include:

a. Price increase;b. Inputs/raw materials;c. Government legislation;d. Economic environment;e. Searching a new market for the product which is not having overseas


58/126

Technology Audit


market due to import restrictions; etc.

Internal limitations may include:

a. Insufficient research and development facilities;b. Faulty products due to poor quality control;c. Poor industrial relations;d. Lack of skilled and efficient labor; etc

The SWOT Analysis is an extremely useful tool for understanding anddecision-making for all sorts of situations in business and organizations. Acompany can use the SWOT Analysis while developing a strategic plan or

planning a solution to a problem that takes into consideration many differentinternal and external factors, and maximizes the potential of the strengths andopportunities while minimizing the impact of the weaknesses and threats

4.4. SWOT Analysis Framework

Action checklist

1. Establishing the objectivesThe first key step in any project is to be clear about what you are doing and why.The purpose of conducting SWOT Analysis may be wide or narrow, general orspecific.

2. Allocate research and information-gathering tasks. Background preparation is avital stage for the subsequent analysis to be effective, and should be dividedamong the SWOT participants. This preparation can be carried out in two stages:

Exploratory, followed by data collection.

Detailed, followed by a focused analysis. Gathering information on


59/126

Technology Audit


Strengths and Weaknesses should focus on the internal factors of skills,resources and assets, or lack of them. Gathering information onOpportunities and Threats should focus on the external factors.

3. Create a workshop environmentIf compiling and recording the SWOT lists takes place in meetings, then do

exploit the benefits of workshop sessions. Encourage an atmosphere conducive tothe free flow of information and to participants saying what they feel to beappropriate, free from blame. The leader/facilitator has a key role and shouldallow time for free flow of thought, but not too much. Half an hour is oftenenough to spend on Strengths, for example, before moving on. It is important to

be specific, evaluative and analytical at the stage of compiling and recording theSWOT lists.

4. List Strengths, Weaknesses, Opportunities, Threats in theSWOT Matrix

5. Evaluate listed ideas against objectives.

With the lists compiled, sort and group facts and ideas in relation to the

objectives. It may be necessary for the SWOT participants to select from the listin order to gain a wider view.

The SWOT Analysis template is normally presented as a grid, comprising four

sections, one for each of the SWOT headings: Strengths, Weaknesses,Opportunities, and Threats. The SWOT template given in Chapter 5 includessample questions, whose answers are inserted into the relevant section of theSWOT grid. The questions are examples, or discussion points, and obviously can

be altered depending on the subject of the SWOT Analysis.


60/126

Technology Audit


Figure (17 ) SWOT Analysis Framework


61/126

Technology Audit


CHAPTER 5

EXAMPLE OF FORMATION OF SWOT MATRIX PARAMETERS

Figure (18) SWOT Matrix Environment Analysis

5.1 Introduction

The analysis of the company situation starts by defining the strength, weakness,opportunities and threats. Table below shows some common parameters whichmay be considered.


62/126

Technology Audit


Strengths

Advantages of proposition?

Capabilities?

Competitive advantages? USP's (unique selling points)?

Resources, Assets, People?

Experience, knowledge, data?

Financial reserves, likely returns?

Marketing - reach, distribution,awareness?

Innovative aspects? Location and geographical?

Price, value, quality?

Accreditations, qualifications,certifications?

Processes, systems, IT,communications?

Cultural, attitudinal, behavioral?

Management cover, succession?

Weaknesses

Disadvantages of proposition?

Gaps in capabilities?

Lack of competitive strength? Reputation, presence and reach?

Financials?

Own known vulnerabilities?

Timescales deadlines andpressures?

Cash flow, start-up cash-drain?

Continuity, supply chainrobustness?

Effects on core activities,distraction?

Reliability of data, planpredictability?

Moral, commitment, leadership?

Accreditations, etc?

Processes and systems, etc?

Management cover, succession?


63/126


64/126

Technology Audit


5.2. Tips for Design Your SWOT Analysis

For the successes of the SWOT Analysis some constrictions depending on theenvironment of the origination should be taken into consideration.Following are some tips

15for the auditors;

Top Tips But remember

1 Never copy an existing SWOT Analysis; it willinfluence your thinking. Start with a fresh

piece of paper every time

You could use a standard

template to help the ideas flow

2 Set aside enough time to complete it You may need to come back toit several times before you are

happy

3 The SWOT Analysis itself is NOT the result.Itsonly a tool to help you analyze your

business

Before you begin any analysis,

you should know what you

intend to do with the results

4 A SWOT Analysis is not a business school fad.It is a proven technique used throughout the

business community

You need to be comfortable

working with it in your

business

5 Keep your SWOT Analysis simple, readable,short and sharp

It needs to make sense to

outsiders (e.g. bank managers

or investors) so dont use

phrases or acronyms that only

you understand

6 Make sure you create an action plan based onyour SWOT Analysis

You need to communicate this

clearly to everyone involved

7 A SWOT Analysis only gives you insight at asingle point in time

You need to review it

probably quarterlyto see

how the situation has changed

8 Dont over-analyze. Try not to worry if it isntperfect, just get the analysis done

If you are going to act on the

results, it needs to be accurate


65/126

Technology Audit


The role of SWOT Analysis is to take the information from the environmental

analysis and separate it into internal issues (strengths and weaknesses) and externalissues (opportunities and threats). Once this is completed, SWOT Analysisdetermines if the information indicates something that will assist the firm inaccomplishing its objectives (a strength or opportunity), or if it indicates anobstacle that must be overcome or minimized to achieve desired results (weaknessor threat). When doing SWOT Analysis, remember that the S and W areINTERNAL and the O and T are external.

Figure(19) http://www.taygro.co.za/aboutus.html

in all the important areas
http://www.taygro.co.za/aboutus.htmlhttp://www.taygro.co.za/aboutus.html


66/126

Technology Audit


CHAPTER 5

PRACTICAL EXAMPLES OF SWOT ANALYSIS

5.1. Health centers

Subject of SWOT Analysis example: the achievement of a health centers mission.The scenario is based on the SWOT Analysis

17, which has been performed by a

health centre in order to determine the forces that promoted or hindered theachievement of its mission.Starting position of the health centre:

The staff lack of motivation

The building was really small

The facility was old

There was a lot of paper work and bureaucracy

Those characteristics resulted in this health centre facing up to a lot of problemswith the accommodation of the patients. Moreover, the establishing of a newadvanced hospital in the city made the situation even worse. Therefore, theydecided to perform a SWOT Analysis in order to execute the best decision-makingfor all the problems that they faced.

Step 1: Purpose of conducting SWOT Analysis - the achievement of a health

centers mission.

Step 2: The gathering of information on Strengths and Weaknesses focused on theinternal factors of skills, resources and assets, or lack of them. The gatheringinformation on Opportunities and Threats should focus on the external factors.


67/126

Technology Audit


Step 3: The manager of the health centre encouraged all the staff members tofreely express their opinions about what they felt to be appropriate.

Step 4: SWOT matrix

Step 5: After completing the SWOT matrix the SWOT participants had a widerview of the situation at the centre so they were able to propose the alternatives thathelped considerably in the operation of the health centre.

The alternatives where:

training of the staff in interactive techniques of quality improvement

coordination with other providers to cover all user needs remodeling of the facility with local government funds and international

help

cost recovery of drugs and lab supplies with user fees

payment of incentives to staff based on performance

review of procedures for decreasing costs and waiting times and increasingperceived quality.

Strengths:

Willingness of staff to change

Good location of the health centre

Perception of quality services

Weaknesses:

Staff lack of motivation

Building was really small

Paper work and bureaucracy

Cultural differences with users

Opportunities:

Support of local government

Threats:

Low income of users


68/126

Technology Audit


High felt need of users

Internationally funded projects

Bad roads

Low salaries

Lack of budget

Paradigms of providers

High competition

This strategic analysis and planningof the health centre had the below results:

27% increase of patients

reduction of waiting times to

15minutes

20% increase of staff performance

remodeling of the facility


69/126

Technology Audit


5.2. University SWOT Analysis

University strengths, weaknesses, opportunities and threats (SWOT Analysis) were

identified by members of University Strategic Goals and Priorities Committeeduring a brain storming session. Administrators, faculties, and students reviewedthe analysis and provided input. Background information on the Organization isopportunities and threats it faces can be useful in considering strategic issues.The SWOT Analysis was used to develop the attached strategic questions. Thesequestions and others raised by participants at the workshop will help definestrategic directions important to the university in the next five year.


70/126

Technology Audit


SWOT ANALYSIS

Strengths:

Positive reputation in the externalcommunity- Positive experience with those whointeract with the campus- Proactive Partnerships with otheruniversities, community colleges, andcorporations- Past performance- Many Accredited Programs- Successful 6 year graduation rates

- Faculty and staff support the campusmission- Proactive student support- Access to services- Faculty involvement with students- Student leadership programs- Learning communities developing toenhance learning and student-facultyinteraction- Campus Characteristics- Medium size campus with small class size

-Facilities include new and well-maintained,attractive buildings and grounds withgrowth potential- Potential for growth in Turlock andStockton- Friendly and safe- Diverse student body, Hispanic ServingInstitution- Dedicated and Expert faculty- Campus wide involvement in planning- Healthy shared governance

- Strong, active external boards- Residential Campus Development- Artistic and Cultural Performances

Weaknesses:

Distinguishing qualities and identity not wellknown- Operational structure/bureaucracy- Sluggish responsiveness to student andcommunity needs- Fiscal uncertainty- Lack of pride of internal community- Match between research expectation &support- High and unequal workloads faculty &

staff- Ability to hire & retain faculty- Student preparedness at entrance- Adjusting to pressures of growth- Varying perceptions of appropriateproportions of major employee categories(faculty, staff, and administrators)- Lack of strong, pervasive presence in theexternal community- Limited resources for faculty and staffdevelopment

- Highly competitive market for diversefaculty and staff- Promulgating egalitarianism- Reporting perceived as a ritual andmeaningless- Reporting requirements absorb a largepercentage of resources


71/126

Technology Audit


Opportunities:

Partnerships in support of university

initiatives- Expanded possibilities for the workforce- Diversity of region (students industry)- External Community and Universityrelationships- Interest in academic program expansion- Interest in expansion of cultural activities- Interest in University services (PolicyCenter, Bridge,- Growth potential- New construction

- Societal trends- Increased value of higher educationcompletion- Growing demand for graduates- Match between curricular & societalinterests- Increase demand for mid-careerredirection and lifelong learning- Increased interest in global initiatives- Technological advances- Partnership opportunities

- Increased focus on higher education- development of university park- large student pool- increased interest in universityconnections

Threats:

State budget crisis

- Private, for-profit, and on-line universitiesresponsiveness to program and studentscheduling demands- Increase in reporting expected bygovernment and society- Shift in focus on numerical achievementvs. qualitative achievement- Negative public perception- Development of another university in thearea- Societal and student perception of

education as solely a means to a job- Reporting perceived as a ritual andmeaningless- Reporting requirements absorb a largepercentage of resources.- Historical public perceptions/lack ofknowledge about higher Education.- Historical lack of knowledge.


72/126

Technology Audit


SWOT ANALYSIS OF AUC37

I-Introduction:SWOT analysis: a method of analyzing an organizations competitive situation

that involves assessing organizational strengths (S), weaknesses (W),environmental opportunities (O), and threats (T).

Both strengths and weaknesses are internal factors, that are subject to changefrom within the organization itself. Opportunities and threats are the conditionswithin the external environment that affects the organization, such as:technological, economic, legal-political, sociocultural, and the internationalelement.

II-SWOT ANALYSIS of AUC:

1-Strengths:

a - Highly qualified full time, and part time faculty.b - Highly skilled students due to the highly competitive selection in admissions.c - Advanced technology in the University facilities; optic fiber network, ACS

server, well-equipped engineering, natural sciences, and computer labs (relative tothe Egyptian universities) , and research centers (Desert research center).

d - Distinctive rank in the private universities market in Egypt, in comparison toother universities,

e - Continuous renovations either in facilities (New campuses in Falaki and NewCairo), technology, and staff.

f - Well defined managerial policy; well-defined hierarchy.g - Monopolizing the employment market of some majors, such as: construction

management and industrial engineering, business administration, political science,and computer science.

h - Private university, accredited by several authorities, such as: the Egyptian

ministry of education, Egyptian Syndicates, ABET (Accreditation Board ofEngineering and Technology), the higher council of universities in Egypt, MSA

(Commission on Higher education of the Middle States Association of colleges andschools) and AACU (American Association for Colleges and Universities).

i - An integrated modern library, containing books, microfilms, periodicals, andother documents, arranged on the same model of the Congress library. Moreover,


73/126

Technology Audit


the university has a special collection library, which is actually a fortune.j - Paying great care to social sciences research due to the presence in a good

field for research in the Middle East, and Egypt in specific.

k - The university has a hostel, which serves all the international students.l - Absence of unemployment among AUC graduates due to the presence of

Career Advising and Placement Service (CAPS office).m - The university appreciates the extra-curricular activities and encourages them,

and that is what makes AUC graduates different.

2-Weaknesses:

a - High tuition fee, relative to the other private universities in Egypt, and even to

the American state-universities.b - Unbalanced budget, where about 60% of the budget is composed of money

from tuition, while the rest comes through donations from companies, like Esso,Shlumberger, Ford foundation, General Electric, USAID, etc.

c - Absence of adequate facilities in the field of graduate research, incomparison to other American Universities.

d - The absence of an undergraduate research program.

e - Weak image in the Egyptian society (market), because of the claim that AUCwesternizes the Egyptian students.f - Weak marketing techniques, limited to advertisement in the newspapers.g - The absence of financing source, other than tuition and donations, like

research centers.h - Currently before the new campuses end, the university suffers from an un-

limited problem of space, in addition to the parking area around the existingcampuses and the traffic from and to them.

3-Opportunities:

a - Dominating the market of the private universities in Egypt with othercompeting universities, like 6th of October Univ., and perhaps the Middle East,


74/126

Technology Audit


like AUB and AUD, after the construction of the new campuses.b - The ability to serve more customers of students in the Under-grad, and Grad.

Levels after building the news campuses (Currently AUC serves 3,584 Under-grad,

and 592 Grad. )c - Attraction of more foreign students.d - The chance of finding more financial resources through fundraising, by the

newly appointed President.e - Establishment of well-equipped campus in Falaki that will serve as an

Engineering faculty that will include electronics engineering.f - The use of optic fibers network in the new Cairo campus to link all the

university through a powerful link.g - By strengthening the existence of AUC, the AUCians might get better image

and they might be accepted by the all the categories of the society.

4-Threats:

a - Any expected political conflictsin the Middle East, either between Egypt andIsrael, or Egypt and USA itself, or even like Gulf War. This may drop admissionsto a destructive level. Moreover, the university might have to do without the

American faculty and employees, and most of the university supports mightwithdraw their support. Thus the budget might be seriously harmedb - Any expected security or political problems in Egypt, either like terrorism or

any serious changes in the current regime. The admissions of international studentsmight drop to a serious level.

c - Competition with other low cost competitors, like 6th October Univ., Misr

International Univ.d - Increase in the Egyptian cultural persistence, and their refusal of the

AUCians. Thus, AUC image continues to deteriorate.e - Increase in the number of offered AUC graduates to what the market demands.

Thus unemployment appears among the AUC graduates like any Egyptianuniversity

f - Failure in the process of fundraising for the construction of the new campuses.


75/126

Technology Audit


5.3. Retail Industry SWOT Analysis*

This is an example of a SWOT Analysis for a Retail Business, whilst every efforthas been made to ensure our examples are accurate, their accuracy depends onwhere you live in the world and what has changed since they were developed.

You may use our SWOT examples as a guide to indicate what your SWOT mightlook like but please do not build a plan based on these examples without validatingtheir accuracy for your business in your region of the world.

The first of our SWOT Analysis examples is for a retail business, the business was

established by an entrepreneur stocks brand name clothing imported frommanufacturers around the world. The business currently only stocks 3 brands ofmens clothing, pitched at the 18 to 28 single young adult.

SWOT Analysis Examples StrengthsPossible Strengths Response Is it strength?Tangible Strengths

Consider your assets includingplant and equipment

Assets are reallyonly shop fittingsand stock with twocomputers andsoftware.

No

Do you have long-term rentalcontracts for your businesslocations?

3 + 3 + 3 year leasein major shoppingcenter, locationwithin the shop is atthe will of thecenter, poor sales

No, same as ourcompetitors


76/126

Technology Audit


will result in a shiftto a low foot traffic

location.

Are your products unique ormarket leading?

No, stock is thesame as ourcompetitors. Wecan pick and choosewhat styles to stock.

No

Have you got sufficientfinancial resources to fund any

changes you would like tomake?

No, we do tradeprofitably, but are

not able to fund anexpansion to a

larger footprintstore.

No

Do you have any cost

advantages over yourcompetitors?

No, rents are all

pretty standard, youcan save on rent butloose the foot

traffic, so it is allrelative.

No

Do you use superiortechnology in your business?

No No

Is your business high volume? No. We do sell alot, but not as muchas some of thelarger retail stores.

Our product is highquality, high marginand low volume incomparison

No


77/126

Technology Audit


Can your scale up your volumeif you need to?

Not really, ordersare placed in

advance, shop sizeis restrictive.

No

Intangible Strengths

Do you have or stock strong

recognizable brands

Yes, though the

brand space isbecoming clutteredwith more and morerecognizable

brands. Depleting

the value of any onebrand.

Yes

Your reputation - are youconsidered a market leader? orexperts in youre filed?

No. No

Do you have good relationshipwith your customers?

(Goodwill)

Yes, we have agood connection

with our customers,our email list growsand manycustomers advisethey were referredto us by their mates.

We get a lot ofrepeat customers.

Yes

Do you have strongrelationships with yoursuppliers

Yes, though we arejust anothersupplier to them.We are able todifferentiate from

Yes


78/126

Technology Audit


our competitors.We have long term

agreements in placewith some suppliersto be their solerepresentative in

this region.

Do you have a positiverelationship with your

employees

Yes, though weonly have a few

employees

No, ourcompetitors also

have goodemployee

relations

Do you have any uniquealliances with other

businesses?

No, maybe ourterritory agreementswith somesuppliers.

No

Do you own any patents orproprietary technology?

No No

Do you have a provenadvertising process that workswell?

Email news letterwith specials andnew stock, seems towork for retainingcustomers.Most newcustomers wereattracted to theshopping complex.

Yes

Do you have more experiencein your field?

No No

Are you managers highly No No


79/126

Technology Audit


experienced?

Do you have superior industryknowledge? No, though we dohave a good set ofsales skills,

particularly upselling and formingrelationships.People feel goodcoming by and

seeing us.

No

Are you involved with industryassociations?

No No

Is your business Innovative? No, only in salesand relationship

building.

No

Other Strengths

Current location Current location in

the center has hightraffic, in an areawith several othershops targeting thesame market whichdraws people to thearea

No

Our innovation is inour sales techniqueand point of saledisplays

Yes

Summary


80/126

technologyauditbymagdyelmessiry-130410144619-phpapp01

Documents

Transcript of technologyauditbymagdyelmessiry-130410144619-phpapp01