The Cove Business Standards Discussion Forums More Free Files Forum Discussion Thread Post Attachments Listing Cove Discussion Forums Main Page
UL - Underwriters Laboratories - Health Sciences
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > Common Quality Assurance Processes and Tools > Auditing Quality and Environmental Management Systems > Internal Auditing
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

Internal Audit on IT Department - What to Audit??


Elsmar XML RSS Feed
Elsmar Cove Forum RSS Feed

Monitor the Elsmar Forum
Sponsor Links



Courtesy Quick Links

Links that Cove visitors will find useful in your quest for knowledge:


ASQ - American Society for Quality

International Standards Organization - ISO Standards and Information

Atul's
Quality Forum Online

Howard's
International Quality Services

Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum

Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining

NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology


Related LinkedIn Groups

ISO 9001 for Small Businesses

ISO 9001:2015 Revision Discussions

Information Security Community

Medical Devices Group

Quality and Regulatory Network

FDA (Food and Drugs)

AS91XX Series - Tips and Advice


Related Topic Tags
audits and auditing, information technology (it), internal audits
Reply
 
Thread Tools Search this Thread Rate Thread Content Display Modes
  Post Number #1  
Old 1st December 2010, 06:00 AM
Glen D

 
 
Total Posts: 23
Question Internal Audit on IT Department - What to Audit??

I need to perform an audit on the IT department but not entirly sure what to audit during a general audit?

I was talking with a company director yesterday and we were struggling to come up with what to audit as i know the department does not keep many records or documents (They are not the best IT department in the world!) from when i wrote the Control of documents and records procedures.

Could anyone give some sort of pointers or guidance as i'm not the best with IT

Many thanks

Glen

Sponsored Links
  Post Number #2  
Old 1st December 2010, 06:19 AM
Jerome's Avatar
Jerome

 
 
Total Posts: 80
Re: Internal Audit on IT dept...What to Audit??

Start with the question: "why do I want to audit the IT department?" (and don't say 'because my quality manual say so...' )
If there is really nothing documented on the workings of this department start of with a process map on what the company expects from the department or how the department should work.
Think about:
- how does a project get started and ended (who initiates, who manages the projects, release criteria etc.)
- what is the flow of events regarding development (user requirements, functional req., design, risk assessments, (in)formal testing, reviews, etc...)
- how do you measure software quality
- what quality controls are/should be in place (coding conventions/standards, design and/or code review, verification and validation etc.)
- Who is qualified for what and how is that managed
- audit on change control / configuration management

Many general items from your QMS also apply to your IT deparment.
Come to think of it... I'm assuming it produces software as a product (or part of).
But your IT dept. could just as well handle the infrastructure of an institute...

So, what type of IT dept are we talking about here?

Also, is not having documented how the dept. should work a flaw of the dept. or the management system supporting it?
Thank You to Jerome for your informative Post and/or Attachment!
Sponsored Links

  Post Number #3  
Old 1st December 2010, 06:23 AM
somashekar's Avatar
somashekar

 
 
Total Posts: 5,076
Re: Internal Audit on IT dept...What to Audit??

Quote:
In Reply to Parent Post by Glen D View Post

I need to perform an audit on the IT department but not entirly sure what to audit during a general audit?

I was talking with a company director yesterday and we were struggling to come up with what to audit as i know the department does not keep many records or documents (They are not the best IT department in the world!) from when i wrote the Control of documents and records procedures.

Could anyone give some sort of pointers or guidance as i'm not the best with IT

Many thanks

Glen
Dear Glen D.
Take some time to read thru THIS thread for more information.

Last edited by harry; 1st December 2010 at 10:40 AM. Reason: fix link
Thanks to somashekar for your informative Post and/or Attachment!
  Post Number #4  
Old 1st December 2010, 06:47 AM
Glen D

 
 
Total Posts: 23
Re: Internal Audit on IT dept...What to Audit??

Jerome - Company is approx 200 people over 4 sites (150 at one site) with 2 IT persons at the main site.

It is just to support the business with Radan/CAD department, an in house built Asset management system and many other PC's within the business.

The question of auditing was put to me as the IT department are failing to support the business and progress is being held back as a consequence of IT either not completing tasks or not completing them correctly.

MD/CEO is blind to this and would maybe resond better to objective evidence from me as requested by another director.

Somashekar - thanks for that!
  Post Number #5  
Old 1st December 2010, 08:24 AM
qusys

 
 
Total Posts: 2,227
Re: Internal Audit on IT dept...What to Audit??

Quote:
In Reply to Parent Post by Glen D View Post

Jerome - Company is approx 200 people over 4 sites (150 at one site) with 2 IT persons at the main site.

It is just to support the business with Radan/CAD department, an in house built Asset management system and many other PC's within the business.

The question of auditing was put to me as the IT department are failing to support the business and progress is being held back as a consequence of IT either not completing tasks or not completing them correctly.

MD/CEO is blind to this and would maybe resond better to objective evidence from me as requested by another director.

Somashekar - thanks for that!
In addition to what the other Covers rightly said, I would suggest to audit contingency plans for IT , considering that a down of the system could potentially affect production line.
I would check the process as a whole in terms of responsibility, procedures, tools, competency, records, measurement.
  Post Number #6  
Old 1st December 2010, 09:25 AM
adickerson

 
 
Total Posts: 134
Re: Internal Audit on IT Department - What to Audit??

I would also audit backups. Important records should always be made on a regular basis. If they are supposed to be doing this you can audit to see if it really is happening on the frequency it is supposed to. Weekly sounds reasonable and a lot of this can be automated.

I would also make them show you how to retrieve the backup files and they should have a work procedure for the process. Make sure it works and can be done by someone outside of the IT department. Furthermore make sure that the backups are occasionally stored on a flash drive or CD and kept in a fire proof box with keys controlled by a member of management. There are a lot of organisations that never recover from massive data loss. If your IT department is less then you expect then be prepared because I would not trust them.
Thanks to adickerson for your informative Post and/or Attachment!
  Post Number #7  
Old 1st December 2010, 10:36 AM
samsung's Avatar
samsung

 
 
Total Posts: 1,431
Re: Internal Audit on IT dept...What to Audit??

Quote:
In Reply to Parent Post by somashekar View Post

Dear Glen D.
Take some time to read thru THIS thread for more information.
Find trouble to get along the link. Needs fixing.

Last edited by harry; 1st December 2010 at 10:41 AM. Reason: fix link
  Post Number #8  
Old 1st December 2010, 09:05 PM
Randy's Avatar
Randy

 
 
Total Posts: 8,354
Re: Internal Audit on IT Department - What to Audit??

It's no more complicated than the following.

What's supposed to be getting done?

Is it being done as planned?
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > Common Quality Assurance Processes and Tools > Auditing Quality and Environmental Management Systems > Internal Auditing

Bookmarks



Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
Sales Department Internal Audit Shibs Internal Auditing 23 3rd August 2014 08:18 AM
How to Audit the Quality Department (Internal Audit) ahmed_hasan Internal Auditing 15 23rd October 2009 12:47 PM
Internal Audit of the Legal Department selena15 Process Audits and Layered Process Audits 7 18th September 2008 06:02 AM
Does ISO 9001 Audit fit in within the Corporate Internal Audit department? gg-audit Internal Auditing 31 7th May 2007 10:33 PM
Internal Audit of HR Department... Chris May Internal Auditing 2 12th February 2003 07:05 AM



The time now is 05:42 PM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.


 


NOTE: This forum uses "Cookies" -- The Elsmar Cove is *Copyright Free*.
A Peachfarm LLC Internet Property