Professional Documents
Culture Documents
Audit Project Control
Audit Project Control
Audit Project Control
Student’s name:
Professor’s Name
Course:
Date:
IT Audit
operations and policies of an organization. It is done to evaluate systems and processes meant to
safeguard a company’s information assets, identify and mitigate possible risks and ensure
compliance with standards and organizational policies. Other IT projects include system
installation, done when an organization is shifting its operations to a new platform. Another
project is disaster recovery. The similarity of these projects is that they are all conducted for the
good of an organization’s IT infrastructure. Each has its own purpose but they are all conducted
with the ultimate goal of a functioning IT infrastructure. They differ mostly in their timing and
reason for conducting. System installation is an adaptive process, done to bring up to date the
organization’s infrastructure. Disaster recovery is corrective, done to restore information that has
been compromised. An IT audit is for the most part a preventive measure, done to gauge the
current status of an organization’s IT infrastructure. It results can lay out plans for adaptive
measures and preparations for corrective measures. (Fijneman & Topliss, 2008).
Challenges in an IT audit
As with most audits, IT audits also face challenges. A salient challenge is the priority given to IT
audits. As organizations generate more and more information each year, keeping track of it can
getting time off from these responsibilities to conduct an audit is difficult. Another challenge is
change in technology. This can be hard on organizations that have yet to upgrade their IT
infrastructure. As such, auditing tools for these systems will tend to be inconclusive, offering a
skewed position of the existing conditions. This is mostly as a result of the technology lacking
also the organizations management. The first would be giving priority to the audit. With the ever
organization be on top of security. With possible weaknesses and threats identifiable via audits, it
is vital that organizations allocate time and resources for regular audits. Auditing outdated IT
infrastructure is challenging. Since the possibility of a lot not being discovered with the nature of
such systems, organizations have no choice but to invest in the latest infrastructure to safeguard
their information. This being one of the greatest assets organizations can have, it should make
sure it is as safe as it can possibly be. Up to date infrastructure means better monitoring and risk
Controls to be implemented
The leadership of an organization’s IT department has the responsibility of initiating and going
through of an IT audit. This means they must put in place measures necessary for such an
exercise. It includes how to conduct it, resources required and solutions for possible challenges.
With less priority given to an IT audit, possible challenges might arise in the form of inadequate
budgets. With the audit given such a low priority, the management will not see the need for
budgeting for the task. A project can overcome by using the minimum number of staff possible,
freeing up resources. They can also conduct the audit over an extended period of time, doing
what can possibly be done at that point in time. In instances where the infrastructure is outdated,
the project manager might be required to involve the infrastructure manufacturers who will help
in providing the necessary guidance and information during the audit. This is important in
systems where no audit features were built on the user interface and will therefore the
Fijneman, R. G. A., & Topliss, J. (2008). IT auditing. The Hague: Academic Service.
Cascarino, R., & Cascarino, R. (2012). Auditor's guide to IT auditing. Hoboken, N.J: Wiley.