Rebounding from a Less-than-Stellar Audit

Rebound from less than stellar audit

Rebound from less than stellar auditNow that your audit is over, take a minute to breathe a huge sigh of relief. Even if your audit results were less than stellar, know that audits aren’t all or none, and you do have the opportunity to correct areas needing improvement.

We’ve put together this checklist to help you get on the road to compliance by correcting your current audit deficiencies.

How to Correct Audit Shortcomings Checklist

  • Slow down

Audit deficiencies are common, and this is not the end of the world. Your organization didn’t fail the audit by having one bad day, and audit issues can’t be fixed in one day either. Noncompliant processes and procedures have evolved over time. You will have to change the way you do business to move in the right direction.

  • Put together an action plan

Once you’ve received your audit results, you generally have three months to a year to remedy the areas needing improvement. Prepare an action plan to remediate and get it to senior leadership as soon as possible for approval so you can get started on the audit remediation process.

Word of caution – if you made a commitment to your auditor to correct an item, make sure you have it complete by the date promised. Nothing triggers a re-audit like a missed deadline!

  • Identify resources needed to correct audit failings

Now is the time to ask for any resources you may need to bring your organization into compliance. Directly correlating people, equipment and software to audit remediation practically guarantees you will be granted those resources.

  • Go after low-hanging fruit

Identify areas that can easily be fixed and take care of them right away. If you were dinged for not having current documentation of your systems to provide to the auditor, document processes now so you have time to revise, review and correct before your next audit. (Implement documentation updates as an ongoing process.)

  • Correct these common areas of failure

The No. 1 error organizations make is not managing change in compliance with regulations. For instance, managing employee turnover must have a plan outlining each new employee’s network accesses, software needs and equipment requirements. And, on the other hand, ensuring that exiting employees aren’t taking valuable data and equipment with them when they leave is equally important to document and execute.

Speaking of documentation, this is the other area businesses frequently fail in. Whether it’s lack of documentation or documentation that differs from actual practices, auditors focus on documentation and often find it insufficient and/or inaccurate.

  • Anticipate your next audit

Start preparing for your next audit now. Stay on top of the basics like documentation and security instead of trying to cram for your audit at the last minute. As compliance issues arise, take care of them as quickly as possible.

There’s not an “Easy button” to bring your organization into compliance so you must be prepared for the next audit. Protocol Networks has assisted financial institutions, health care practices and other regulated businesses with audits. Our team has the experience necessary to prepare you for and pass audits – give us a call now at 877.676.0146 or contact us online to start preparing for your next audit.

Audit Time. Is Your IT Up to Snuff?

Audit Checklist

Audit ChecklistYour audit results are in – there are 42 deficiencies and your overall grade is “F.” The report has just hit your CEO’s desk. Now what?

Now is the time to call in experts: IT consultants who have been through literally hundreds of audits themselves – successfully. Seasoned audit-experienced IT professionals will correct IT shortcomings using solid principles to build a well-documented environment that will bring your organization out successfully on the other side of an audit. Meanwhile, your in-house team continues to maintain day-to-day operations without skipping a beat.

Protocol Networks works with banks and other financial institutions before and after audits. Anticipating and planning for your audit could mean the difference between an “A” and an “F.”

Get IT Audit-Ready

Speaking of grades, you can’t cram for an audit. First, you never know exactly what the auditor is going to look for or ask about. And, second, it’s best to do the basics well and not cut corners year round. It’s also important to realize that not all audit items are equal, even if they are equally weighted on the audit.

Here are 5 actions we take to ensure your next audit goes well:

  1. Security takes first place among audit items that are very important. Make sure your security stack is up to par and being continually evaluated as you are never done with security. Preventing unauthorized visitors on your corporate network is imperative whether it’s hackers or your customers in the lobby. From network infrastructure to password management, security practices must be solid.
  1. Review your documentation to ensure that it matches what is actually happening in your organization. Documenting changes to your environment is just as important as making the change itself. When changes go undocumented, auditors see red flags.
  1. Protocol takes an inventory of the documentation your company has published online so you are aware of what information an auditor already has access to. Once this is done, then it is matched – or updated – to reflect your actual practices.
  1. Communicate to everyone in the organization what’s going on, including the scope and expectations of the audit. Protocol Networks works directly with IT leaders on how to communicate best with auditors – what to say and what not to say. Being interviewed by an auditor is somewhat similar to testifying in court. Only answer what is being asked; do not volunteer extra information.
  1. Protocol Networks coaches IT directors about how to strategically meet the standards required by auditors including how to include audit needs in your annual plan and budget. When IT goals align with audit outcomes, it makes sense to allocate necessary resources to make them happen. Some great companies have failed an audit. It is not a knock on your leadership or ability, in some cases it is an opportunity to hire and staff at the level you have been asking for, for years.

It’s unreasonable to expect your small, internal IT team to meet the same specifications required of larger financial institutions, but that is exactly the expectation of auditors. No matter the size of your company, you have to have the right IT infrastructure in place to serve and protect customers and to meet all of the requirements of internal and external auditors. The success or failure of the audit was determined when the four corners of the audit were initially established.

Protocol Networks has helped financial institutions, health care practices and other regulated businesses with audits for since 2000. Our team has been through hundreds of audits – give us a call now at 877.676.0146 or contact us online to prepare for your next audit.

The Top 3 Must-Do Steps Before an Audit

Just the mention of the word “audit” can spark fear in most Americans. Whether you’re anticipating a one-on-one with the IRS or you’re in a regulated industry following governmental laws, audits are at the very least stressful. Auditors are not the enemy, but they could have a different view on things.

Even though compliance regulations are put into place to assure consumers that products and services are being carried out in a standard manner for the health, safety and benefit of everyone, they can be difficult to manage. Audits are simply inspections of policies, procedures and documentation that organizations are observing the rules set forth either by internal guidelines or external laws.

Sounds straightforward enough, right? Unfortunately, scandals from the early 2000s (think, Enron) eroded public trust in business and corporate sectors, setting off huge growth in the compliance management arena. Because of business operations’ reliance upon technology, it is not surprising that IT plays an integral part in an organization’s ability to adhere to rules and regulations and to collect and report information to prove compliance.

How to Prepare for an Audit

The ability to maintain and protect information in a way that also proves adherence to laws and integrity of the IT system requires a defensible process. Protocol Networks prepares organizations for audits with thorough pre-audit preparations.

Here are the top 3 must-do steps before an audit:

1. Documentation, documentation, documentation

Audits are all about documentation. As they say in the regulatory industry – if it’s not documented, it didn’t happen.

IT infrastructure documentation is one of the first things an auditor will ask to see. Make sure your online documentation and your hard-copy documentation match. (Some auditors insist on paper copies and others want the raw data, know your auditor and how they would prefer things.) Most importantly, compare your documentation to what your infrastructure looks like in actuality.

Establish that the documentation reflects what you have deployed and includes a process for documenting any changes. Last, don’t just train staff members to record changes; make sure they understand record keeping is just as important as making the changes.

2. Communicating with your auditor

Anybody who will be talking with auditors needs to understand the topics about which they will be interviewed. Answer questions fully but only speak to what you know specifically as you may inadvertently give incomplete information that could raise a red flag with the auditor. Providing longer responses just gives the auditor more information to sift through, and it also gives more areas that may bring additional questions. The ideal for both parties is to finish he audit successfully and get on with life.

Every audit will be preceded by communication about what the areas of focus will be. Make sure to stay within those walls, and if the audit continues on for a while, always refer back to the initial engagement letter to understand what the focus of the audit should be.

Make sure your organization’s IT management policies are published and accessible.

3. Don’t forget the simple things

Well in advance of any anticipated audits, review technology basics such as your password and user access policies. Also, you’ll never be done with security; continual monitoring and updates will keep you compliant. If you don’t have appropriate IT processes in place, before your audit is the time to remediate, not after.

Whether your organization is subject to internal policies, industry standards or government regulations, meeting the expectations of the rules with integrity and reliability takes an IT environment that is well planned, maintained and – documented.

Just like you have to brush your teeth and shower every day, your IT has to be maintained in specific, standard ways to ensure the integrity of the system. Protocol Networks examines organizational IT infrastructures from the inside out to ensure appropriate IT hygiene. For more compliance and audit recommendations, give us a call at 877-676-0146 or contact us online.