IT Auditing Environment: Improve IT Auditing Environment

5. Improve IT Governance. 'IT Governance is the obligation of officials and top managerial staff, and comprises of the authority, hierarchical structures and procedures that guarantee that the venture 's IT maintains and expands the association 's methodologies and goals. ' The initiative, authoritative structures and procedures alluded to in the definition all point to IT examiners as key players. Key to IT evaluating and to general IT governance is an in number comprehension of the worth, dangers and controls around an association 's innovation surroundings. All the more particularly, IT auditors audit the worth, dangers and controls in each of the key segments of innovation - applications, data, foundation and individuals. Another viewpoint on IT governance comprises of a structure of four key

• “Shoot the messenger syndrome

• If an external audit or inspection yields observations, management will ask, “why didn’t the audit function find this?”

• If the auditor cannot show that an issue was identified in an audit, the auditor could become the focus of the company’s corrective action instead of the non-conformance itself.

4. In a paranoid auditing environment “The auditors out to get us” any observation can place an auditor into a “pick your poison” situation i.e. Don’t write the observation, and hope nobody else ever uncovers the non-compliance situation and that you knew about it.

• OR-Hold your breath and write the observation, but only after checking to see that your mortgage has been paid in full

• How do you get out the paranoia situation?

 Obtain management commitment to find the truth

 Explain to management the need to them to be receptive to observations. It is for their own protection. FDA not only prosecutes companies, but also individual executives.

 Allocate funding for a qualified independent person to referee questionable compliance