Information Technology Audit Policies

In the information technology (IT) industry, auditing is a task that’s mostly misunderstood until too late. Properly configured, a solid IT audit policy can help organizations:

• Know when users are created or deleted
• Determine if malicious activity is taking place on the network
• Perform a post-mortem analysis in the event of a server failure
• Rapidly solve application failures on workstations
• Isolate hardware problems affecting multiple people
• Ensure software and hardware is working as advertised
• Verify that confidential files aren’t being accessed improperly

Many of these abilities are built into the products purchased by consumers; they merely need to be enabled, configured and monitored. Because they are somewhat opaque to organizations, a best practice is often to ask your consultant for regular audit reviews.

New Signature performs audit reviews each quarter for our clients, and rotates the task between different people to ensure that a fresh set of eyes goes over the process each time. This helps reduce the tendency for consultants to mentally block errors that reoccur.

As technology marches on, processes that used to take longer to setup (automated audit alerting for user creation; centralized storage of audit results) and many resources now consume far less. What might have taken two hours to review can now, through filtering and centralization, take less than half an hour.

A half an hour every three months can mean the difference between truly performing “due care” on your network, and being unaware that confidential information is being accessed by inappropriate inviduals (either inside or outside your network).