Elsmar Cove Forum Header Graphic The Elsmar Cove Wiki Sitemap More Free Files The Elsmar Cove Forums Discussion Thread Index Post Attachments Listing Failure Modes Services and Solutions to Problems Elsmar Cove Forums Main Page Elsmar Cove Home Page
NQA-USA
NQA-USA
Miner's MSA (Measurement Systems Analysis) Blog 
Go Back   The Elsmar Cove Forum > ISO (International Organization for Standardization) Standards > ISO 19011 - Auditing Quality and Environmental Management Systems > Internal Auditing
Forum Username

Wooden Line

Internal Audit on IT Department - What to Audit??

Search the Elsmar Cove
Search Elsmar
Monitor the Elsmar Forum
Follow Marc & Elsmar
Elsmar Cove Forum RSS Feed  Marc Smith's Google+ Page  Marc Smith's Linked In Page   Marc Smith's Elsmar Cove YouTube Page  Marc Smith's Facebook Page  Elsmar Cove Twitter Feed
Elsmar Cove Groups
Elsmar Cove Google+ Group  Elsmar Cove LinkedIn Group  Elsmar Cove Facebook Group
Donate and $ Contributor Forum Access
Courtesy Quick Links

Links that Elsmar Cove visitors will find useful in your quest for knowledge:

Howard's
International Quality Services
Marcelo Antunes'
SQR Consulting
Bob Doering's
Correct SPC - Precision Machining

NIST's Engineering Statistics Handbook
IRCA - International Register of Certified Auditors
SAE - Society of Automotive Engineers
Quality Digest Portal
IEST - Institute of Environmental Sciences and Technology
ASQ - American Society for Quality

Related Topic Tags
audits and auditing, information technology (it), internal audits
Reply
 
Thread Tools Search this Thread Rate Thread Content Display Modes
  Post Number #1  
Old 1st December 2010, 06:00 AM
Glen D

 
 
Total Posts: 23
Question Internal Audit on IT Department - What to Audit??

I need to perform an audit on the IT department but not entirly sure what to audit during a general audit?

I was talking with a company director yesterday and we were struggling to come up with what to audit as i know the department does not keep many records or documents (They are not the best IT department in the world!) from when i wrote the Control of documents and records procedures.

Could anyone give some sort of pointers or guidance as i'm not the best with IT

Many thanks

Glen

Sponsored Links
  Post Number #2  
Old 1st December 2010, 06:19 AM
Jerome's Avatar
Jerome

 
 
Total Posts: 79
Re: Internal Audit on IT dept...What to Audit??

Start with the question: "why do I want to audit the IT department?" (and don't say 'because my quality manual say so...' )
If there is really nothing documented on the workings of this department start of with a process map on what the company expects from the department or how the department should work.
Think about:
- how does a project get started and ended (who initiates, who manages the projects, release criteria etc.)
- what is the flow of events regarding development (user requirements, functional req., design, risk assessments, (in)formal testing, reviews, etc...)
- how do you measure software quality
- what quality controls are/should be in place (coding conventions/standards, design and/or code review, verification and validation etc.)
- Who is qualified for what and how is that managed
- audit on change control / configuration management

Many general items from your QMS also apply to your IT deparment.
Come to think of it... I'm assuming it produces software as a product (or part of).
But your IT dept. could just as well handle the infrastructure of an institute...

So, what type of IT dept are we talking about here?

Also, is not having documented how the dept. should work a flaw of the dept. or the management system supporting it?
Thank You to Jerome for your informative Post and/or Attachment!
Sponsored Links

  Post Number #3  
Old 1st December 2010, 06:23 AM
somashekar's Avatar
somashekar

 
 
Total Posts: 4,652
Re: Internal Audit on IT dept...What to Audit??

Quote:
In Reply to Parent Post by Glen D View Post

I need to perform an audit on the IT department but not entirly sure what to audit during a general audit?

I was talking with a company director yesterday and we were struggling to come up with what to audit as i know the department does not keep many records or documents (They are not the best IT department in the world!) from when i wrote the Control of documents and records procedures.

Could anyone give some sort of pointers or guidance as i'm not the best with IT

Many thanks

Glen
Dear Glen D.
Take some time to read thru THIS thread for more information.

Last edited by harry; 1st December 2010 at 10:40 AM. Reason: fix link
Thanks to somashekar for your informative Post and/or Attachment!
  Post Number #4  
Old 1st December 2010, 06:47 AM
Glen D

 
 
Total Posts: 23
Re: Internal Audit on IT dept...What to Audit??

Jerome - Company is approx 200 people over 4 sites (150 at one site) with 2 IT persons at the main site.

It is just to support the business with Radan/CAD department, an in house built Asset management system and many other PC's within the business.

The question of auditing was put to me as the IT department are failing to support the business and progress is being held back as a consequence of IT either not completing tasks or not completing them correctly.

MD/CEO is blind to this and would maybe resond better to objective evidence from me as requested by another director.

Somashekar - thanks for that!
  Post Number #5  
Old 1st December 2010, 08:24 AM
qusys

 
 
Total Posts: 2,210
Re: Internal Audit on IT dept...What to Audit??

Quote:
In Reply to Parent Post by Glen D View Post

Jerome - Company is approx 200 people over 4 sites (150 at one site) with 2 IT persons at the main site.

It is just to support the business with Radan/CAD department, an in house built Asset management system and many other PC's within the business.

The question of auditing was put to me as the IT department are failing to support the business and progress is being held back as a consequence of IT either not completing tasks or not completing them correctly.

MD/CEO is blind to this and would maybe resond better to objective evidence from me as requested by another director.

Somashekar - thanks for that!
In addition to what the other Covers rightly said, I would suggest to audit contingency plans for IT , considering that a down of the system could potentially affect production line.
I would check the process as a whole in terms of responsibility, procedures, tools, competency, records, measurement.
  Post Number #6  
Old 1st December 2010, 09:25 AM
adickerson

 
 
Total Posts: 134
Re: Internal Audit on IT Department - What to Audit??

I would also audit backups. Important records should always be made on a regular basis. If they are supposed to be doing this you can audit to see if it really is happening on the frequency it is supposed to. Weekly sounds reasonable and a lot of this can be automated.

I would also make them show you how to retrieve the backup files and they should have a work procedure for the process. Make sure it works and can be done by someone outside of the IT department. Furthermore make sure that the backups are occasionally stored on a flash drive or CD and kept in a fire proof box with keys controlled by a member of management. There are a lot of organisations that never recover from massive data loss. If your IT department is less then you expect then be prepared because I would not trust them.
Thanks to adickerson for your informative Post and/or Attachment!
  Post Number #7  
Old 1st December 2010, 10:36 AM
samsung's Avatar
samsung

 
 
Total Posts: 1,431
Re: Internal Audit on IT dept...What to Audit??

Quote:
In Reply to Parent Post by somashekar View Post

Dear Glen D.
Take some time to read thru THIS thread for more information.
Find trouble to get along the link. Needs fixing.

Last edited by harry; 1st December 2010 at 10:41 AM. Reason: fix link
  Post Number #8  
Old 1st December 2010, 09:05 PM
Randy's Avatar
Randy

 
 
Total Posts: 8,273
Re: Internal Audit on IT Department - What to Audit??

It's no more complicated than the following.

What's supposed to be getting done?

Is it being done as planned?
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Forum > ISO (International Organization for Standardization) Standards > ISO 19011 - Auditing Quality and Environmental Management Systems > Internal Auditing

Do you find this discussion thread helpful and informational?


Bookmarks


Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
Purchasing Department Internal Audit HELP! chardcaringal Internal Auditing 12 24th July 2012 06:47 PM
How to Audit the Quality Department (Internal Audit) ahmed_hasan Internal Auditing 15 23rd October 2009 01:47 PM
Internal Audit of the Legal Department selena15 Process Audits and Layered Process Audits 7 18th September 2008 07:02 AM
Does ISO 9001 Audit fit in within the Corporate Internal Audit department? gg-audit Internal Auditing 31 7th May 2007 11:33 PM
Internal Audit of HR Department... Chris May Internal Auditing 2 12th February 2003 07:05 AM



The time now is 10:42 PM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.


   


Marc Timothy Smith - Elsmar.com
8466 LeSourdsville-West Chester Road, Olde West Chester, Ohio 45069-1929
513 341-6272
NOTE: This forum uses "cookies".