For those who are absolute beginners to the IT auditing process, it’s important to know the individual steps of the process and how the aims of the process can be achieved.
As an IT auditor, we must first understand the business. Even if a company cannot see how their business model might not be connected through their IT infrastructure, in many ways it is.
Two companies might sell the same products and services; however they might deliver the two in completely different ways. A failure in an area of your IT provision might irrevocably damage your business, although for another company it could even be beneficial for an area of provision to fail, for example, if it is not cost effective, or if it were producing bottlenecks in other areas.
It’s very important to understand these risks to a company. Once an IT auditor has looked through, analyzed and assessed your IT processes, it means that they are able to accurately assess the problems, vulnerabilities and insecurities faced by the internal IT process.
Some people see only risks to their IT infrastructure only in terms of hackers, industrial sabotage and system failure. It’s the job of an IT auditor to accurately assess these problems. It might be highly unlikely that hacking is a potential threat and the risk from disgruntled ex-employees stealing databases of clients maybe higher. Perhaps there is danger from malicious competitors who could spam a client through botnets and in a denial of service attack. These are all factors that an IT auditor needs to take into account when assessing current vulnerabilities and then recommend action based both on the cost and the need.
Dependency is another factor that an IT auditor would have to take into account when assessing the vulnerabilities of an IT system. Perhaps your business is based solely around ecommerce and the database that stores; credit cards, contact numbers and addresses reside upon an ancient server with no possibility of back up if it fails. The cost of restoring a failed database maybe insignificant where compared the damage the loss of entire client database.
The final stage of an IT audit is testing for weaknesses and vulnerabilities. This could be checking cables and casing, it could be checking that administrators only have access to key passwords. It could be checking that the servers are maintained and stored in a secure, temperature controlled room, or that the firewall is update with the latest virus definitions.
Interpersonal skills of the IT auditor can be crucial when performing an IT audit. Employees can often feel that the audit is being essentially critical of their work, as often you will be challenging the processes that are already in place or scrutinising others for the lack of process. If you have considering being an IT auditor, you have to be a skilled diplomat and inspire cooperation in others. This will make your audit go smoothly without problems.
If you have many years of experience in IT and have a wide range of knowledge within different IT sectors, the job of an IT auditor could be just for you.