Tactical Advice

Uncover Your Areas of Risk

IT audits can confirm effective IT processes and improve business continuity.

The benefits of IT auditing extend well beyond regulatory compliance. Most small and medium-size businesses aren’t bound to these rigorous standards of reporting. But even when not required by law, IT audits should become regular checkpoints for almost every information technology environment.

Business owners historically recognize the risks involved with having someone else manage their money; thus financial audits are expected in the due course of business. Often owners don’t extend this mindset to the critical role of IT. Business continuity and disaster recovery planning remain firmly entrenched in the hands of IT, often out of view of business leaders.

Business leaders need to be educated about the benefits of auditing processes. IT audits uncover areas of risk and help owners understand where additional money may need to be budgeted. IT spending becomes more strategic at the business level. Audits confirm effective IT processes to ensure the job security of the technical staff. Ultimately, identifying and minimizing risk increases peace of mind, when business leaders are shown that the systems and information needed to operate the business are safe and secure.

When developing an IT auditing plan, consider a few key strategies:

  • Meet with owners to identify business goals and discover concerns. What fears do they have? What potential failures do they see? This meeting will be one of joint education, where IT and leadership share what each thinks is important. Based on discovered concerns, develop an audit plan to check and confirm the most important mutual goals.
  • Select an unbiased third party for the audit. An audit performed by a group that wants to sell additional products or services might not produce a trustworthy report. Clearly state the scope of work and limit the potential for future services. This approach encourages focus on the task at hand and engenders trust in the resulting report.
  • Evaluate business continuity as part of the audit. Critical systems that have redundant components should be failed (during a maintenance window) to confirm that operations will continue even during a failure. Test different failure modes to ensure continuity despite a variety of potential problems. Try to fail the system when testing — don’t try to pass it. Only when the system can’t be made to fail should it be considered acceptable.
  • Auditors should be key contributors to your disaster recovery planning, both in plan development and firedrill testing. Have the auditor recover critical portions of your environment. After each major IT deployment, consider trying a system recovery offsite, as though you had lost your data center in a fire, flood or other natural disaster.
  • IT auditors should also be well-versed in security protocols and “white hat” hacking. Allow your auditors to attempt to compromise your systems by hijacking services or stealing data (specifically, customer data).
  • Auditors also need to keep a scorecard of observed, regular maintenance. How often were backups performed successfully? Were logs checked regularly? What other daily or weekly tasks should be measured to assure those tasks were actually performed as scheduled? Simple metrics (for example, the success rate for daily backups, measured as a percentage) can be tracked to show improvement (or lack of it) over time.
  • The auditor should produce two documents. The first, a technical report for IT staff on what risk points were found. The second, and most important, should be a one-page nontechnical summary for leadership. Develop a simple scoring system so each audit over time can be given a simple grade. This will help measure improvement and show the value that audits bring.

Every company depends on their IT systems to keep business moving. Most firms skip the easy and relatively affordable step of implementing an effective, independent, unbiased IT audit. Few firms will find a better way to increase communication, understanding and trust between IT and business leadership.

Sign up for our e-newsletter

About the Author

Ryan Suydam

Ryan Suydam is director of operations at Design Facilitator, creator of the web-based Client Feedback Tool, located in Raleigh, N.C.

Security

Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.