Just the mention of the word “audit” can spark fear in most Americans. Whether you’re anticipating a one-on-one with the IRS or you’re in a regulated industry following governmental laws, audits are at the very least stressful. Auditors are not the enemy, but they could have a different view on things.
Even though compliance regulations are put into place to assure consumers that products and services are being carried out in a standard manner for the health, safety and benefit of everyone, they can be difficult to manage. Audits are simply inspections of policies, procedures and documentation that organizations are observing the rules set forth either by internal guidelines or external laws.
Sounds straightforward enough, right? Unfortunately, scandals from the early 2000s (think, Enron) eroded public trust in business and corporate sectors, setting off huge growth in the compliance management arena. Because of business operations’ reliance upon technology, it is not surprising that IT plays an integral part in an organization’s ability to adhere to rules and regulations and to collect and report information to prove compliance.
How to Prepare for an Audit
The ability to maintain and protect information in a way that also proves adherence to laws and integrity of the IT system requires a defensible process. Protocol Networks prepares organizations for audits with thorough pre-audit preparations.
Here are the top 3 must-do steps before an audit:
1. Documentation, documentation, documentation
Audits are all about documentation. As they say in the regulatory industry – if it’s not documented, it didn’t happen.
IT infrastructure documentation is one of the first things an auditor will ask to see. Make sure your online documentation and your hard-copy documentation match. (Some auditors insist on paper copies and others want the raw data, know your auditor and how they would prefer things.) Most importantly, compare your documentation to what your infrastructure looks like in actuality.
Establish that the documentation reflects what you have deployed and includes a process for documenting any changes. Last, don’t just train staff members to record changes; make sure they understand record keeping is just as important as making the changes.
2. Communicating with your auditor
Anybody who will be talking with auditors needs to understand the topics about which they will be interviewed. Answer questions fully but only speak to what you know specifically as you may inadvertently give incomplete information that could raise a red flag with the auditor. Providing longer responses just gives the auditor more information to sift through, and it also gives more areas that may bring additional questions. The ideal for both parties is to finish he audit successfully and get on with life.
Every audit will be preceded by communication about what the areas of focus will be. Make sure to stay within those walls, and if the audit continues on for a while, always refer back to the initial engagement letter to understand what the focus of the audit should be.
Make sure your organization’s IT management policies are published and accessible.
3. Don’t forget the simple things
Well in advance of any anticipated audits, review technology basics such as your password and user access policies. Also, you’ll never be done with security; continual monitoring and updates will keep you compliant. If you don’t have appropriate IT processes in place, before your audit is the time to remediate, not after.
Whether your organization is subject to internal policies, industry standards or government regulations, meeting the expectations of the rules with integrity and reliability takes an IT environment that is well planned, maintained and – documented.
Just like you have to brush your teeth and shower every day, your IT has to be maintained in specific, standard ways to ensure the integrity of the system. Protocol Networks examines organizational IT infrastructures from the inside out to ensure appropriate IT hygiene. For more compliance and audit recommendations, give us a call at 877-676-0146 or contact us online.