With increasing technological developments and competition, companies are looking at ways to enhance and optimise their information technology (IT) systems and technical infrastructure. An information technology audit, also referred to as a technical infrastructure audit, is an invaluable process to undertake to accomplish this.
It examines IT governance and how a company’s IT environment performs against best practice and emerging, leading edge technology. It does this by scrutinising information systems, their inputs, outputs and processing, capabilities and performance
Give Your Company the Competitive Edge by Means of an IT Audit
1. WHITEPAPER
GIVE YOUR COMPANY THE COMPETITIVE EDGE BY
MEANS OF AN IT AUDIT
By Thembi Lebese, Operations Analyst, EES Africa (Pty) Ltd
With increasing technological developments and competition, companies are looking at ways to
enhance and optimise their information technology (IT) systems and technical infrastructure. An
information technology audit, also referred to as a technical infrastructure audit, is an invaluable
process to undertake to accomplish this.
2. ABOUT EES:
Established in 2001, EES Africa (Pty) Ltd specialises in the integration of multiple
system infrastructure including ICT, Data Centres, Audio Visual, Life Safety, Security
and Building Automation Systems. As an ISO 9001:2008 certified company, our
vision is to be Africa’s management, engineering and auditing professional service
provider of choice.
The EES Value Proposition focuses on translating technology into tangible delivera-
bles for clients through the experience of a talented team of Engineering and ICT
Consultants and Project Managers. With offices in Cape Town, Johannesburg and
Stellenbosch, EES operates predominantly in the Renewable Energy, Oil & Gas, Fi-
nancial Services, Infrastructure, Utilities, Telecoms and Mining sectors.
CONTENTS
Page 2 Introduction
Page 2 The Audit Procedure
Page 2 Planning
Page 2 Organising
Page 2 Fieldwork
Page 2 Reporting
Page 3 Code of Ethics and Standards of Conduct
Page 3 Conclusion
Page 3 References
I MANAGEMENT I ENGINEERING I AUDITING I www.eeslive.com 1
EES Cape Town office:
G11 Silverberg Terrace
3 Silverwood Close
Steenberg Office Park
Cape Town 7945
PO Box 31322, Tokai 7966
Western Cape, South Africa
Email: info@eeslive.com
Tel: +27 (0)21 702 8340
Fax: +27 (0) 86 532 3532
EES Johannesburg office:
Unit 8, West Block Loft Offices,
First Floor, The Zone Phase II,
26 Cradock Avenue, Rosebank, 2186
PO Box 31322, Tokai 7966
Western Cape, South Africa
Email: info@eeslive.com
Tel: +27 (0)10 590 6270
Fax: +27 (0) 86 532 3532
EES Stellenbosch office:
18 Tegno Road
Techno Park
Stellenbosch 7599
PO Box 31322, Tokai 7966
Western Cape, South Africa
Email: info@eeslive.com
Tel: +27 (0)21 200 5939
Fax: +27 (0) 86 532 3532
3. Introduction
With increasing technological developments and compe-
tition, companies are looking at ways to enhance and
optimise their information technology (IT) systems and
technical infrastructure. An information technology au-
dit, also referred to as a technical infrastructure audit, is
an invaluable process to undertake to accomplish this.
It examines IT governance and how a company’s IT en-
vironment performs against best practice and emerging,
leading edge technology. It does this by scrutinising in-
formation systems, their inputs, outputs and processing,
capabilities and performance.
The IT or technical infrastructure audit:
• Looks at ways in which a company’s technical
infrastructure can be improved and updated in
order to optimise productivity and gain a
competitive advantage.
• Assesses whether an organisation’s current technical
infrastructure is according to standard. Auditors
must follow auditing standards which are set be an
international body, International Standards of
Auditing (ISA). The ISA was revised and redrafted in
February 2009. If a company wants to be certified
for an undertaking or project, the organisation can
then present an objective, accurate report to pro
spective clients.
• Mitigates potential technical risks.
• Secures the organisation’s IT environment and
safeguards confidential company information.
• Ensures budgets are adhered to and business is
done within the given timeframe. IT projects often
overrun budgets or do not run according to
schedule. It is beneficial to know why this occurs
and how it can be prevented. For example, does
the organisation need to improve processes, or are
there certain people that need to be employed? It
also identifies ways in which costs can be reduced.
• Enables planning for the future by, for example,
identifying when technology upgrades will be
required and scheduling licensing and renewals.
• Sees to it that technology initiatives are in sync with
business goals, and assists in compilation of
business strategies and support there-of.
Unlike a financial audit, the IT or technical infrastructure
audit is not a legal requirement, but is undertaken due to
the benefits outlined above. It is advisable for the audit
to be conducted by an external party to the organisation,
as an independent party should have an objective view
and therefore conducts the audit in a fair and profes-
sional manner. It also ensures there is no possibility of
internal parties in the company exerting any influence
with regards to the outcome of the audit.
GIVE YOUR COMPANY THE COMPETITIVE
EDGE BY MEANS OF AN IT AUDIT
April 2014
The Audit Procedure
All auditors follow a specific process. The audit procedure is usually draft-
ed by the party conducting the audit. Once it has completed the audit, it
presents a report explaining its methodology and provides recommenda-
tions drawn from the work. An example of a standard audit procedure that
needs to be followed is found below:
Planning
The audit team is formed, gains an understanding of the reasons for the
audit, and identifies its objectives. Data that can be used in the planning
phase includes information from previously conducted audits, internet sites
and other organisational documents. Sources may include, but are not lim-
ited to, a risk assessment, internal and external evaluations and manage-
ment guidance.
Organising
The audit team prepares a detailed audit plan and develops a preliminary
audit program. It prepares any necessary administrative documentation and
other requirements needed for the audit. It processes and identifies the
various types of information and documentation required from the client,
which will generally include organisational charts, job descriptions and rel-
evant reports.
Fieldwork
This stage involves executing the procedures described in the scope docu-
ments. The duration of the audit will vary depending on the scope and the
requirements, the availability of labour as well as other resources required
for the audit. During fieldwork, the auditor should identify, analyse, evalu-
ate and document sufficient, reliable, relevant and useful information to
achieve the audit objectives. The evidence gathered by the auditor will be
documented in the working papers and used as the basis for the conclu-
sions made and the results of the audit. The auditor must discuss significant
findings with the audit team in order to find solutions to resolve any prob-
lems related to the findings.
Reporting
The activities conducted during the reporting phase include:
• Preparing a Draft Audit Report;
• Discussing proposed changes with the appropriate level of
management;
• Preparing a Final Audit Report; and
• Distributing the Final Audit Report to the audit team and client.
The reports should include the audit objectives, the scope of audit work
performed, an overview of the business or activity, conclusions regarding
findings and observations, and recommendations to management to ad-
dress any issues found.
Recommendations should be included in the final section of the report.
They should include information on shortfalls and risks, and suggestions as
to ongoing improvement for the client. The reports should also acknowl-
edge when satisfactory performance is found.
I MANAGEMENT I ENGINEERING I AUDITING I
I MANAGEMENT I ENGINEERING I AUDITING I www.eeslive.com 2
4. GIVE YOUR COMPANY THE COMPETITIVE
EDGE BY MEANS OF AN IT AUDIT
April 2014
I MANAGEMENT I ENGINEERING I AUDITING I
I MANAGEMENT I ENGINEERING I AUDITING I www.eeslive.com 3
Code of Ethics and Standards of Conduct
Integral to an audit of technical infrastructure is a Code
of Ethics and Standards of Conduct.
The following Code of Ethics needs to be adhered to at
all times:
• Integrity - The integrity of auditors establishes trust
and provides the basis for reliance on their judgment.
• Objectivity - Auditors exhibit the highest professional
objectivity in gathering, evaluating and
communicating information. Auditors are not unduly
influenced by their own interests or others in forming
judgments.
• Confidentiality - Auditors respect the value and
ownership of information they receive and do not
disclose information without appropriate authority
unless there is a legal or professional obligation to do so.
• Competency - Auditors apply knowledge, skills and
experience needed.
The audit also needs to adhere to the following Stand-
ards of Conduct:
• Service - Preserve a commitment to carry out all
responsibilities with an attitude of service towards
the client while maintaining a sincere and dignified
attitude.
• Excellence - Uphold a high standard of service and
a commitment to quality in performing all projects
and assignments.
• Leadership - Provide noteworthy examples which
emphasise high ethical and moral standards.
• Professionalism - Conduct business in a manner that
reflects favourably on the client.
Conclusion
In an increasingly competitive environment organisations
are looking to optimise the performance of their IT sys-
tems and technical infrastructure. The IT or technical in-
frastructure audit is today part of a strategic and cultural
shift in IT governance that, when implemented correctly,
can help companies better utilise technology assets and
enhance a company’s efficiency and productivity.
Furthermore, these audits are being conducted increas-
ingly, as regulatory compliance, risk management and IT
security become higher corporate priorities. They ensure
that information assets are safeguarded and data integ-
rity is maintained.
Written by Thembi Lebese
Operations Analyst, EES Africa (Pty) Ltd
Tel +27 (0)10 590 6270,
Email info@eeslive.com
Thembi worked as an Analyst Developer
in the Telecommunications Industry for
2 years before joining EES as Operations
Analyst. She has experience in various
organisational functional areas, infrastructure technologies,
business processes within IT as well as development tools
related to Enterprise Resource Planning.
Qualifications:
- BCom (Business Information Systems) from the University of Venda
Additional Certificates:
- PL/SQL Training
- OBIEE Training
The evaluation of the audit findings determines if the IT systems are oper-
ating in a manner that will assist the organisation in achieving its strategic
objectives. It assists the company in carrying out client projects according
to budget and on schedule, and provides it with recommendations regard-
ing future planning.
It is the responsibility of the company which has undergone the audit to
implement the suggested actions in order to indeed improve their techni-
cal infrastructure and consistently maintain a high level of performance.
References
Code of Ethics. (2013, June 12). Retrieved from http://www.iia.org.uk/:
http://www.iia.org.uk/resources/global-guidance/code-of-ethics/
ISA 230 Audit Documentation
ISA 320 Materiality in planning and performing an audit
PLANNING
Gain
understanding
of the Audit
AUDITREPORT
Conduct
meetings to
establish
Audit team
Gather
necessary
information
related to
the Audit
Prepare
necessary
documentation
Organise
the Audit
and prepare
Audit
program
Identify
necessary
information
needed from
the client
Make
necessary
changes to
scope and
finalise
requirements
Executing the
procedures
described in
the scope
documents
Auditor should identify,
analyse, evaluate and
document sufficient,
reliable and useful
information to achieve
the audit objectives
Prepare final
Audit report
Issue final
Audit report
START
END