The Elsmar Cove Wiki More Free Files The Elsmar Cove Forums Discussion Thread Index Post Attachments Listing Failure Modes Services and Solutions to Problems Elsmar cove Forums Main Page Elsmar Cove Home Page
Go Back   The Elsmar Cove Forum > ISO (International Organization for Standardization) Standards > ISO 19011 - Auditing Quality and Environmental Management Systems > Internal Auditing
Forum Username


Search the Elsmar Cove
Custom Search
Monitor the Elsmar Forum
Follow Marc & Elsmar
Elsmar Cove Forum RSS Feed  Marc Smith's Google+ Page  Marc Smith's Linked In Page   Marc Smith's Elsmar Cove YouTube Page  Marc Smith's Facebook Page  Elsmar Cove Twitter Feed
Elsmar Cove Groups
Elsmar Cove Google+ Group  Elsmar Cove LinkedIn Group  Elsmar Cove Facebook Group
Sponsor Links





Donate and $ Contributor Forum Access

Click the graphic above.
Courtesy Quick Links

Links that Elsmar Cove visitors will find useful in your quest for knowledge:

Howard's
International Quality Services
Marcelo Antunes'
SQR Consulting
Bob Doering's
Correct SPC - Precision Machining

NIST's Engineering Statistics Handbook
IRCA - International Register of Certified Auditors
SAE - Society of Automotive Engineers
Quality Digest Portal
IEST - Institute of Environmental Sciences and Technology
ASQ - American Society for Quality

Related Topic Tags
audits and auditing, information technology (it), internal audits
Reply
 
Thread Tools Search this Thread Rate Thread Content Display Modes
  #1  
Old 1st December 2010, 05:00 AM
Glen D Glen D is offline
Involved in Discussions

 
Registration Date: Aug 2010
Location: UK, South East
Age: 37
 
Posts: 23
Thanks Given to Others: 19
Thanked 10 Times in 4 Posts
Karma Power: 19
Karma: 60
Glen D has less than 100 Karma points so far.
Question Internal Audit on IT Department - What to Audit??

I need to perform an audit on the IT department but not entirly sure what to audit during a general audit?

I was talking with a company director yesterday and we were struggling to come up with what to audit as i know the department does not keep many records or documents (They are not the best IT department in the world!) from when i wrote the Control of documents and records procedures.

Could anyone give some sort of pointers or guidance as i'm not the best with IT

Many thanks

Glen

Sponsored Links
  #2  
Old 1st December 2010, 05:19 AM
Jerome's Avatar
Jerome Jerome is offline
Involved in Discussions

 
Registration Date: Jul 2005
Location: the Netherlands
Age: 37
 
Posts: 79
Thanks Given to Others: 82
Thanked 26 Times in 16 Posts
Karma Power: 44
Karma: 145
Jerome is appreciated, and has over 100 Karma points.Jerome is appreciated, and has over 100 Karma points.
Re: Internal Audit on IT dept...What to Audit??

Start with the question: "why do I want to audit the IT department?" (and don't say 'because my quality manual say so...' )
If there is really nothing documented on the workings of this department start of with a process map on what the company expects from the department or how the department should work.
Think about:
- how does a project get started and ended (who initiates, who manages the projects, release criteria etc.)
- what is the flow of events regarding development (user requirements, functional req., design, risk assessments, (in)formal testing, reviews, etc...)
- how do you measure software quality
- what quality controls are/should be in place (coding conventions/standards, design and/or code review, verification and validation etc.)
- Who is qualified for what and how is that managed
- audit on change control / configuration management

Many general items from your QMS also apply to your IT deparment.
Come to think of it... I'm assuming it produces software as a product (or part of).
But your IT dept. could just as well handle the infrastructure of an institute...

So, what type of IT dept are we talking about here?

Also, is not having documented how the dept. should work a flaw of the dept. or the management system supporting it?

__________________

Doubt is not a pleasant condition, but certainty is absurd.
Voltaire (1694 - 1778)
Thank You to Jerome for your informative Post and/or Attachment!
Sponsored Links

  #3  
Old 1st December 2010, 05:23 AM
somashekar's Avatar
somashekar somashekar is offline
Cross Forum Moderator

 
Registration Date: Mar 2008
Location: Bangalore city, INDIA
 
Posts: 4,488
Thanks Given to Others: 1,483
Thanked 2,336 Times in 1,645 Posts
Blog Entries: 2
Karma Power: 504
Karma: 15073
somashekar is appreciated, and has over 1700 Karma points.
somashekar is appreciated, and has over 1700 Karma points.
Send a message via Yahoo to somashekar
Re: Internal Audit on IT dept...What to Audit??

Quote:
In Reply to Parent Post by Glen D View Post

I need to perform an audit on the IT department but not entirly sure what to audit during a general audit?

I was talking with a company director yesterday and we were struggling to come up with what to audit as i know the department does not keep many records or documents (They are not the best IT department in the world!) from when i wrote the Control of documents and records procedures.

Could anyone give some sort of pointers or guidance as i'm not the best with IT

Many thanks

Glen
Dear Glen D.
Take some time to read thru THIS thread for more information.

__________________

Best Regards...
Somashekar BV, INDIA

Last edited by harry; 1st December 2010 at 09:40 AM. Reason: fix link
Thanks to somashekar for your informative Post and/or Attachment!
  #4  
Old 1st December 2010, 05:47 AM
Glen D Glen D is offline
Involved in Discussions

 
Registration Date: Aug 2010
Location: UK, South East
Age: 37
 
Posts: 23
Thanks Given to Others: 19
Thanked 10 Times in 4 Posts
Karma Power: 19
Karma: 60
Glen D has less than 100 Karma points so far.
Re: Internal Audit on IT dept...What to Audit??

Jerome - Company is approx 200 people over 4 sites (150 at one site) with 2 IT persons at the main site.

It is just to support the business with Radan/CAD department, an in house built Asset management system and many other PC's within the business.

The question of auditing was put to me as the IT department are failing to support the business and progress is being held back as a consequence of IT either not completing tasks or not completing them correctly.

MD/CEO is blind to this and would maybe resond better to objective evidence from me as requested by another director.

Somashekar - thanks for that!
  #5  
Old 1st December 2010, 07:24 AM
qusys qusys is offline
Appreciated Information Resource

 
Registration Date: Mar 2008
 
Posts: 2,194
Thanks Given to Others: 242
Thanked 720 Times in 633 Posts
Karma Power: 253
Karma: 4308
qusys is appreciated, and has over 1700 Karma points.
qusys is appreciated, and has over 1700 Karma points.qusys is appreciated, and has over 1700 Karma points.qusys is appreciated, and has over 1700 Karma points.qusys is appreciated, and has over 1700 Karma points.qusys is appreciated, and has over 1700 Karma points.qusys is appreciated, and has over 1700 Karma points.qusys is appreciated, and has over 1700 Karma points.qusys is appreciated, and has over 1700 Karma points.qusys is appreciated, and has over 1700 Karma points.qusys is appreciated, and has over 1700 Karma points.
Re: Internal Audit on IT dept...What to Audit??

Quote:
In Reply to Parent Post by Glen D View Post

Jerome - Company is approx 200 people over 4 sites (150 at one site) with 2 IT persons at the main site.

It is just to support the business with Radan/CAD department, an in house built Asset management system and many other PC's within the business.

The question of auditing was put to me as the IT department are failing to support the business and progress is being held back as a consequence of IT either not completing tasks or not completing them correctly.

MD/CEO is blind to this and would maybe resond better to objective evidence from me as requested by another director.

Somashekar - thanks for that!
In addition to what the other Covers rightly said, I would suggest to audit contingency plans for IT , considering that a down of the system could potentially affect production line.
I would check the process as a whole in terms of responsibility, procedures, tools, competency, records, measurement.
  #6  
Old 1st December 2010, 08:25 AM
adickerson adickerson is offline
Involved in Discussions

 
Registration Date: May 2009
 
Posts: 134
Thanks Given to Others: 54
Thanked 84 Times in 57 Posts
Karma Power: 35
Karma: 490
adickerson is appreciated, and has over 400 Karma points.adickerson is appreciated, and has over 400 Karma points.adickerson is appreciated, and has over 400 Karma points.adickerson is appreciated, and has over 400 Karma points.adickerson is appreciated, and has over 400 Karma points.
Re: Internal Audit on IT Department - What to Audit??

I would also audit backups. Important records should always be made on a regular basis. If they are supposed to be doing this you can audit to see if it really is happening on the frequency it is supposed to. Weekly sounds reasonable and a lot of this can be automated.

I would also make them show you how to retrieve the backup files and they should have a work procedure for the process. Make sure it works and can be done by someone outside of the IT department. Furthermore make sure that the backups are occasionally stored on a flash drive or CD and kept in a fire proof box with keys controlled by a member of management. There are a lot of organisations that never recover from massive data loss. If your IT department is less then you expect then be prepared because I would not trust them.
Thanks to adickerson for your informative Post and/or Attachment!
  #7  
Old 1st December 2010, 09:36 AM
samsung's Avatar
samsung samsung is offline
Appreciated Member

 
Registration Date: Feb 2008
Location: India
Age: 45
 
Posts: 1,431
Thanks Given to Others: 1,435
Thanked 601 Times in 401 Posts
Karma Power: 180
Karma: 5424
samsung is appreciated, and has over 1700 Karma points.
samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.samsung is appreciated, and has over 1700 Karma points.
Re: Internal Audit on IT dept...What to Audit??

Quote:
In Reply to Parent Post by somashekar View Post

Dear Glen D.
Take some time to read thru THIS thread for more information.
Find trouble to get along the link. Needs fixing.

__________________

"Success will never lower it's standard to accommodate us, we have to raise our standard to achieve it."

Last edited by harry; 1st December 2010 at 09:41 AM. Reason: fix link
  #8  
Old 1st December 2010, 08:05 PM
Randy's Avatar
Randy Randy is online now
Super Moderator

 
Registration Date: Jun 1999
Location: Greenwood (Ft Smith area), Arkansas, USA
Age: 63
 
Posts: 8,215
Thanks Given to Others: 48
Thanked 2,689 Times in 1,650 Posts
Karma Power: 923
Karma: 20027
Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.
Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.Randy is appreciated, and has over 1700 Karma points.
Send a message via Skype™ to Randy
Re: Internal Audit on IT Department - What to Audit??

It's no more complicated than the following.

What's supposed to be getting done?

Is it being done as planned?

__________________

We who have seen war, will never stop seeing it. In the silence of the night, we will always hear the screams. Joe Galloway
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Forum > ISO (International Organization for Standardization) Standards > ISO 19011 - Auditing Quality and Environmental Management Systems > Internal Auditing

Do you find this discussion thread helpful and informational?


Bookmarks


Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
Purchasing Department Internal Audit HELP! chardcaringal Internal Auditing 12 24th July 2012 05:47 PM
How to Audit the Quality Department (Internal Audit) ahmed_hasan Internal Auditing 15 23rd October 2009 12:47 PM
Internal Audit of the Legal Department selena15 Process Audits and Layered Process Audits 7 18th September 2008 06:02 AM
Does ISO 9001 Audit fit in within the Corporate Internal Audit department? gg-audit Internal Auditing 31 7th May 2007 10:33 PM
Internal Audit of HR Department... Chris May Internal Auditing 2 12th February 2003 06:05 AM



The time now is 11:09 AM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.


   


Marc Timothy Smith - Elsmar.com
8466 LeSourdsville-West Chester Road, Olde West Chester, Ohio 45069-1929
513 341-6272