Auditing the Management of IT

As like any other field, management is the most important aspect. Plan, control, direct and act the the most common management term.

In auditing the management of IT, the following aspects should be reviewed:-

• Information Systems Strategy - review of the IT short term and long term plan, IT steering committee
• Policies And Procedures - review of the IT standards, security policy, operation manual
• Information System (IS) Management Practices - IT budget, personnel management, project management, change management
• IS Organisational Structure And Responsibilities - review of the IT organisation chart, job descriptions

The level of controls effectiveness should be assessed to determine whether there is any exposure. For example, if the IT Security Policy is last updated 5 years ago, then, the controls in place might not be highly effective as technology keeps on changing. The controls should also be revised and updated accordingly.