Information Technology Auditing

Information technology (IT) auditing collects and evaluates data pertaining to an IT infrastructure. An IT audit may augment a financial audit, but it is specifically designed to test the IT infrastructure’s accuracy, efficiency, and security. Though around since the 1960s, IT audits have become especially important in the 21st century, when so much of a business’s activity is conducted or assisted electronically.

The first IT audits were necessitated by the use of electronics in accounting systems. Early computers did little more than that-compute-and the combination of their expense with their extraordinarily narrow focus of applications meant that they were adopted slowly. Though General Electric used a computerized accounting system in 1954, computer use was a highly specialized skill, and early input methods (such as punch cards or paper tape) were tedious to error-check.

With the development of specialized office computers in the 1960s and the shift toward developing computers for people who did not work on them for a living, larger businesses began to integrate computers into some of their accounting procedures, especially data storage (such as to keep track of inventory or reservations) and handling large amounts of complicated information. The first IT audits were therefore electronic data processing (EDP) audits, doublechecking the accuracy of the software systems in use at a business and the data entered into and derived from them.

This led to the development of specialized accounting software, and in 1968 the American Institute of Certified Public Accountants helped formalize EDP audits, keeping them at the rigorous standards employed by financial audits. The Electronic Data Processing Auditors Association (EDPAA) was formed shortly thereafter, for the growing number of accountants who specialized in EDP audits. EDPAA has since (in 1994) changed its named to the Information Systems Audit and Control Association, and publishes CobiT-Control Objectives for Information and related Technology, the widely accepted list of standards and objectives in IT audits.

IT auditing became especially prioritized in the aftermath of the Equity Funding Corporation of America scandal of 1973, when former EFCA employee Ronald Secrist and analyst Ray Dirks reported that the Los Angeles company-which sold mutual funds and life insurance-was guilty of widespread and organized accounting fraud. At least 100 employees since 1964 had been guilty of deceiving investors and the government, and that deceit included a computer system devoted to the forgery of insurance policies for fictitious policyholders.

Determining the extent of the fraud, of course, meant auditing the computer system, as well as all others in use by the company-a process that took over two years. Similarly, in the wake of the 21st-century accounting scandals, the Sarbanes-Oxley Act of 2002 was passed, establishing stricter standards for public company boards and public accounting firms-with a greater emphasis on IT audits.

There are five categories of IT audits:

Systems and Applications audits test the input, output, and processing at all levels of the company’s systems and applications.

Information Processing Facilities audits test the control of the processing facility under normal and disruptive conditions. Systems Development audits examine the systems under development to make sure that they meet the company’s objectives and standards.

Management of IT and Enterprise Architecture audits examine the organizational structure and procedures in use.

Client/Server, Telecommunications, Intranets, and Extranets audits focus on networking issues, an area where there is particular concern with staying current in security protocols.

Information technology changes rapidly, as does its position in the process of doing business. IT auditors, though they may be CPAs, are generally more versed in information systems, with a general understanding of accounting principles, because the accounting component of their job is the more static ingredient in the mix, while the ramifications, security concerns, and potential for misuse of technology are always in flux.

3 Top Career Paths in Information Technology

Information Technology, or IT for short, is definitely everywhere these days. Opening the computer, browsing your favorite websites, playing video games, and accessing apps on your smartphone actually mean utilizing the work of IT professionals. Moreover, various software used to increase efficiency and productivity in numerous businesses and industries are also designed and maintained by technology experts as well. It is completely understandable why this specific field is currently considered as one of the fastest growing industries across the world. The good news here is that this is obviously a trend that will continue for many years to come.

Those pondering about the possibility of establishing an IT career need to realize that a lot of great opportunities await qualified individuals. For the most part, completing courses and certifications or receiving relevant trainings will get you through the door.

What are some of the most interesting job titles out there? Read this list and you’ll have a good idea.

Data Administrator

Those working in this capacity have the responsibility of making sure that the data used by businesses are readily accessible, consistently accurate and always secure. It can be said that the corporate database is the key towards having well-organized systems for manufacturing, sales, payroll, and many more. In short, a data administrator plays a big role in helping a company achieve goals and prevent problems. It definitely helps that this position comes with a great salary potential since most companies are willing to spend big amounts of money to hire a competent individual.

Web Developers

These experts handle the task of creating web pages and web applications. This includes compiling good content for a site such as copy, photo, videos, and others. In short, a web developer is the go-to person when it comes to planning the layout and navigation of websites. His goal goes beyond having a good-looking page for the client but to help users have a convenient experience as they access the site.

Web developers are highly knowledgeable when it comes to different programming languages such as CSS, HTML, and Javascript.

Graphic Designer

If you are someone who loves arts and computers, being a graphic designer might be the recommended career for you.

Another in-demand profession, graphic designers perform the work of designing company logos, doing layouts for newsletters, banners, and catalogs, creating package designs for products, coming up with effective marketing materials, and many more.

This is definitely an interesting job position for anyone who loves creating designs with the use of digital tools.

Information Technology Service Management

Over the last few years I have facilitated several Information Technology Service Management (ITSM) work sessions within the oil and gas and utility industries. The challenge was to build consensus through identifying what is important, making recommendations and decisions and establish direction that would enable the IT organization to improve processes and services offered to their customers. The following article briefly outlines a number of lessons learned that came from our experiences.

An ITSM Work Session should provide the foundation for your organization to create the blueprint to propel IT services and business value forward. In establishing an ITSM initiative the following key groups must be involved:

Strategic: CIO and Directors to establish strategic intent, vision and enterprise objectives

Tactical: Directors and Managers to establish improvement objectives, priorities and program charter

Operational: Managers and Key Stake-holders to establish solution, roadmap, business case and project charters.

Fundamental to any ITSM session when engaging these groups is to develop a clear problem definition, defined and approved by the executives or senior steering committee. This is an area which IT often falls short. The lack of a clear problem definition negatively impacts the tactical and operational levels of the organization and limits the ability to move forward.

When working with your teams, build an understanding of all the work that is taking place in the IT department right now and how it fits within the ITSM support and delivery relationship models. Discussion, training and clarity will be required to ensure your people understand the ITSM relationship and delivery model. By engaging people in a defined work exercise, your teams can map out and see how their work aligns with your ITSM program requirements. This is effective in establishing leadership and team buy-in.

Establish a clear understanding of your points of pain (PoPs) and the IT maturity. PoPs can be established through focused brainstorming sessions. Once collected, your PoPs should be looked at from an organizational and process maturity perspective. This is often missed as IT has a habit of looking only at processes and tools to solve problems. Align your PoPs with the industry maturity model standards (non-existence, chaos, reactive, proactive, service, value). It is important that the content be translated into a service management maturity grid and aligned with the Information Technology Infrastructure Library (ITIL) process categories. Work to obtain various IT teams, customers and business representatives’ perspective on the ITSM organizational and process maturity levels. This builds some reality into the PoPs and maturity levels thinking by dislodging IT from a position of working in isolation.

Build a business case and program plan that can be activated by your people. At this point you are seeking clear recommendations and improvement objectives (what), benefit realization (why), tactical needs (how) and time frame (when) for which to move your organization forward with your ITSM program. This is the foundation for your ITSM program business case and charter that will be divided into project and operational requirements. You will need a solid approved business case and charter to enable you to navigate the challenges that will unfold on your journey and to clearly articulate the streams of work to be completed. There needs to be an executive team or steering committee assigned to provide clear strategic guidance. When forming and using a steering committee, their mandate must be strategic and clear. Tactical task-based reporting can be left to the project management teams and their need for task-based results and status meetings.

Recognize that ITSM is not an IT tool solution. From a business perspective, IT needs to stop chasing tool solutions, and “flavor-of-the-month quick fixes.” Ultimately, the ITSM program is a business organizational change program that seeks to align IT with the business objectives and requirements, improve processes and change culture in an effort to control or decrease costs, increase productivity and contribute to the bottom-line. ITSM programs need to be effectively operationalized. Therefore change management and communication must be at the forefront.

Work with your teams to have them answer “WIIFM” and “WIIFT” questions (what is in it for me and what is in it for them). Ensure you established the fears, uncertainties and doubts (FUDs). Be prepared to have a long FUDs list. These will need to be acknowledged and managed within the context of the ITSM program and the change management and communications plan. Use your teams and people to establish a communication plan that takes into consideration your target audience and communication needs. Every organization has an approach to communications that may or may not align with their corporate culture. Prepare a clear communications strategy and follow it.

The information in this article is based on feedback obtained during facilitated ITSM work sessions and the work of dedicated IT professionals. Efforts focused on consideration for the strategic, tactical and operational requirements. Ultimately the goal was to improve IT. It can be done. Good luck.

BraveWorld Inc. ©2007