Audit Project Control

Student’s name:

Professor’s Name

Course:

Date:
IT Audit

An IT audit involves examining and evaluating the information technology infrastructure,

operations and policies of an organization. It is done to evaluate systems and processes meant to

safeguard a company’s information assets, identify and mitigate possible risks and ensure

compliance with standards and organizational policies. Other IT projects include system

installation, done when an organization is shifting its operations to a new platform. Another

project is disaster recovery. The similarity of these projects is that they are all conducted for the

good of an organization’s IT infrastructure. Each has its own purpose but they are all conducted

with the ultimate goal of a functioning IT infrastructure. They differ mostly in their timing and

reason for conducting. System installation is an adaptive process, done to bring up to date the

organization’s infrastructure. Disaster recovery is corrective, done to restore information that has

been compromised. An IT audit is for the most part a preventive measure, done to gauge the

current status of an organization’s IT infrastructure. It results can lay out plans for adaptive

measures and preparations for corrective measures. (Fijneman & Topliss, 2008).

Challenges in an IT audit

As with most audits, IT audits also face challenges. A salient challenge is the priority given to IT

audits. As organizations generate more and more information each year, keeping track of it can

be especially time-consuming. Given the many responsibilities entrusted to an IT department,

getting time off from these responsibilities to conduct an audit is difficult. Another challenge is

change in technology. This can be hard on organizations that have yet to upgrade their IT

infrastructure. As such, auditing tools for these systems will tend to be inconclusive, offering a

skewed position of the existing conditions. This is mostly as a result of the technology lacking

proper native auditing capabilities. This is common in operating systems.

Overcoming these challenges require multi-concerted efforts from not just the IT department but

also the organizations management. The first would be giving priority to the audit. With the ever

increasing threats to a company’s information assets, it is important that the concerned

organization be on top of security. With possible weaknesses and threats identifiable via audits, it

is vital that organizations allocate time and resources for regular audits. Auditing outdated IT

infrastructure is challenging. Since the possibility of a lot not being discovered with the nature of

such systems, organizations have no choice but to invest in the latest infrastructure to safeguard

their information. This being one of the greatest assets organizations can have, it should make

sure it is as safe as it can possibly be. Up to date infrastructure means better monitoring and risk

identification. (Cascarino & Cascarino, 2012).

Controls to be implemented

The leadership of an organization’s IT department has the responsibility of initiating and going

through of an IT audit. This means they must put in place measures necessary for such an

exercise. It includes how to conduct it, resources required and solutions for possible challenges.

With less priority given to an IT audit, possible challenges might arise in the form of inadequate

budgets. With the audit given such a low priority, the management will not see the need for

budgeting for the task. A project can overcome by using the minimum number of staff possible,

freeing up resources. They can also conduct the audit over an extended period of time, doing

what can possibly be done at that point in time. In instances where the infrastructure is outdated,

the project manager might be required to involve the infrastructure manufacturers who will help

in providing the necessary guidance and information during the audit. This is important in

systems where no audit features were built on the user interface and will therefore the

manufacturer’s permission and help in taking apart any necessary infrastructure.

References

Fijneman, R. G. A., & Topliss, J. (2008). IT auditing. The Hague: Academic Service.

Cascarino, R., & Cascarino, R. (2012). Auditor's guide to IT auditing. Hoboken, N.J: Wiley.