J
Auditing IT in the workplace.
Is this a practice commonly used in an ISO 9001 environment.
I'm finding it difficult to audit IT as a horizontal as this department don't really fit within the ISO standard.
Does anyone else include auditing IT systems in their internal audits?
Is this a practice commonly used in an ISO 9001 environment.
I'm finding it difficult to audit IT as a horizontal as this department don't really fit within the ISO standard.
Does anyone else include auditing IT systems in their internal audits?
As for how... audit processes, don't audit by area/department. Identify how and where 'IT' appears in your processes and audit those parts. Andy gives an excellent example of why this is important.
Another example: audit of a service consulting company followed an audit trail to IT who was responsible for backups of the whole company's data. Including a unique database, which they had a multimillion dollar contract with a seriously large client to build, operate and maintain. The audit was about a core business process, but went across to IT in the course of that process. And found that... oops, they hadn't been backing up that database (which changed daily) for oh, about 6 weeks after a new piece of data had been installed, and no one had noticed. The commercial implications? Horrendous (MD is reported to have turned white when it was reported to him).
