Handle audits smartly

Last one month I have been busy with internal/external audits. During this audit I have learned many things which I thought of writing it down.

I am working as head of IT services from almost 4 years, and during this tenure I have been working on various initiatives to shape up the IT Services operations. I have seen many challenges however recent audits have given good learning. Here I am not going to talk about the audit findings however surly will touch upon some of the key lessons.

1. Never take any audit lighter – think twice before responding to any audit, you never know where this would create an issue.
   
2. Mock Audit- Conduct a mock audit drill before the actual audit. This is another tool to ensure your audit is not going out of control and you know in advance what potential findings are.
   
3. PDCA- in IT services there are 4 departments and their responsibilities is ensure process and procedure are followed and documented properly. Individual team has created excellent, to the point process and efficiently delegated to the outsourced worker however they missed important part of delegation i.e. monitoring, in believe that outsourced partner are doing good and they will manage it well. During audit it was found very basic hygiene things were missing because monitoring was done on very high level not at each process level. I have learned we are too good in "D" that is delegation however very poor in monitoring. So have detail monitor plan with checklist in place and divide it in daily, weekly, and monthly dashboard.
   
4. Single face and team confidence on him. – never give a person name who has very low bonding in team
   
5. Providing correct data- source of data is big reason for audit findings and if data is not correct it add confusion which leads to lot to misunderstanding and eventually lead to some findings.
   
6. Be punctual and meet commitment- Never let auditor wait be on or before time give auditor comfort let him not make any perceptions of your or department.
   
7. Don't defend it if you know you are not right- some time you stuck in very thin line of right and wrong, generally auditor give benefit of doubts to auditee only if your aura has given him comfort otherwise be ready to take it from Auditor.
   
8. Team spirit- Acting and responding as a team to auditor is one important aspect. Help audit coordinator by providing specific information on time is important instead of passing the buck or thinking its coordinator responsibility to mange this.
   
9. Draw the boundary – define the role and responsibilities very clearly for audit and ensure all are in sync with this will help to reduce confusion
   
10. Correct management response - If you disagree with a finding, make sure to clearly state your objections and your measurement of the risk
    
11. Look for opportunity to improve further- end of the objective of audits is to ensure control are well in placed and are adhered if you find opportunity to improve further don't hesitate to pick it up.
    

    Your comments are welcome!!
    

    Thanks
    

    Parvinder
    

    May 26, 2011