From time to time there are audits that take a considerable time to complete and it would be inappropriate for the auditor to only report at the end of the project. One such type of audit is an SDLC audit. Here the audit could be broken down into a series of audits according to the steps that are required to complete the SDLC. Thus, as the user and IT sign off each section of the development, the auditor produces an audit report concerning the work completed on the section. The advantage of this is that should there be an audit issue that needs to be addressed it can be addressed as early in the project as possible. The cost of fixing an error later in the project grows exponentially and an item that may have cost R50 to fix immediately could cost over R10000 to fix on completion of the project. At the end of the project there may be a pre-implementation and/or post implementation review. At this stage the auditor should be able to combine the audit reports in a single cohesive audit report indicating the audit findings throughout the project as well as their resolution. This report should be combined with a project management report indicating strengths and weaknesses in the management of the project.
However, there are other audits that are just excessively large audits. One such audit could be an audit of the security in an IT environment. This could refer to a multitude of disciplines i.e. Perimeter security, Facilities security, Workstation security, Computer Room security, procedures for the termination of staff, multiple IT Operating Systems security, Applications Security etc. To produce a single report for such a massive project would again be irresponsible as security is a extremely sensitive component of IT and the staff must address inadequate controls immediately. To wait to the end could mean that you are report to the executor of an insolvent company. Thus, it is vital that inadequate controls are timeously addressed. Thus there is a need for interim reports. These cannot be divided along the lines of clear cut sections as some of the audit environment may take a short time to audit i.e. Perimeter Security, Facilities Security, Computer Room security and environmental security while other areas may take a long time. These may include AS400 security (especially if it is being done manually,) RACF security etc. Another area that may take some time is to review the security of the network switches should a complete audit be required. In cases like these interim audits are vital.
Information Request Form
Select the items that apply, and then let us know how to contact you.
Send service literature Please could you set up a Asset Management System Please contact me
