WHITEPAPER

GIVE YOUR COMPANY THE COMPETITIVE EDGE BY MEANS OF AN IT AUDIT By Thembi Lebese, Operations Analyst, EES Africa (Pty) Ltd

With increasing technological developments and competition, companies are looking at ways to enhance and optimise their information technology (IT) systems and technical infrastructure. An information technology audit, also referred to as a technical infrastructure audit, is an invaluable process to undertake to accomplish this.

ABOUT EES:

Established in 2001, EES Africa (Pty) Ltd specialises in the integration of multiple

system infrastructure including ICT, Data Centres, Audio Visual, Life Safety, Security

and Building Automation Systems. As an ISO 9001:2008 certifi ed company, our

vision is to be Africa’s management, engineering and auditing professional service

provider of choice.

The EES Value Proposition focuses on translating technology into tangible delivera-

bles for clients through the experience of a talented team of Engineering and ICT

Consultants and Project Managers. With offi ces in Cape Town, Johannesburg and

Stellenbosch, EES operates predominantly in the Renewable Energy, Oil & Gas, Fi-

nancial Services, Infrastructure, Utilities, Telecoms and Mining sectors.

CONTENTS

Page 2 Introduction

Page 2 The Audit Procedure

Page 2 Planning

Page 2 Organising

Page 2 Fieldwork

Page 2 Reporting

Page 3 Code of Ethics and Standards of Conduct

Page 3 Conclusion

Page 3 References

I MANAGEMENT I ENGINEERING I AUDITING I www.eeslive.com 1

EES Cape Town offi ce:

G11 Silverberg Terrace3 Silverwood CloseSteenberg Offi ce ParkCape Town 7945

PO Box 31322, Tokai 7966Western Cape, South Africa

Email: info@eeslive.comTel: +27 (0)21 702 8340Fax: +27 (0) 86 532 3532

EES Johannesburg offi ce:

Unit 8, West Block Loft Offi ces, First Floor, The Zone Phase II, 26 Cradock Avenue, Rosebank, 2186

PO Box 31322, Tokai 7966Western Cape, South Africa

Email: info@eeslive.comTel: +27 (0)10 590 6270Fax: +27 (0) 86 532 3532

EES Stellenbosch offi ce:

18 Tegno RoadTechno ParkStellenbosch 7599

PO Box 31322, Tokai 7966Western Cape, South Africa

Email: info@eeslive.comTel: +27 (0)21 200 5939Fax: +27 (0) 86 532 3532

Introduction

With increasing technological developments and compe-tition, companies are looking at ways to enhance and optimise their information technology (IT) systems and technical infrastructure. An information technology au-dit, also referred to as a technical infrastructure audit, is an invaluable process to undertake to accomplish this.

It examines IT governance and how a company’s IT en-vironment performs against best practice and emerging, leading edge technology. It does this by scrutinising in-formation systems, their inputs, outputs and processing, capabilities and performance.

The IT or technical infrastructure audit:

• Looks at ways in which a company’s technical infrastructure can be improved and updated in order to optimise productivity and gain a competitive advantage.

• Assesses whether an organisation’s current technical infrastructure is according to standard. Auditors must follow auditing standards which are set be an international body, International Standards of Auditing (ISA). The ISA was revised and redrafted in February 2009. If a company wants to be certifi ed for an undertaking or project, the organisation can then present an objective, accurate report to pro spective clients.

• Mitigates potential technical risks.

• Secures the organisation’s IT environment and safeguards confi dential company information.

• Ensures budgets are adhered to and business is done within the given timeframe. IT projects often overrun budgets or do not run according to schedule. It is benefi cial to know why this occurs and how it can be prevented. For example, does the organisation need to improve processes, or are there certain people that need to be employed? It also identifi es ways in which costs can be reduced.

• Enables planning for the future by, for example, identifying when technology upgrades will be required and scheduling licensing and renewals.

• Sees to it that technology initiatives are in sync with business goals, and assists in compilation of business strategies and support there-of.

Unlike a fi nancial audit, the IT or technical infrastructure audit is not a legal requirement, but is undertaken due to the benefi ts outlined above. It is advisable for the audit to be conducted by an external party to the organisation, as an independent party should have an objective view and therefore conducts the audit in a fair and profes-sional manner. It also ensures there is no possibility of internal parties in the company exerting any infl uence with regards to the outcome of the audit.

GIVE YOUR COMPANY THE COMPETITIVE EDGE BY MEANS OF AN IT AUDIT

April 2014

The Audit Procedure

All auditors follow a specifi c process. The audit procedure is usually draft-ed by the party conducting the audit. Once it has completed the audit, it presents a report explaining its methodology and provides recommenda-tions drawn from the work. An example of a standard audit procedure that needs to be followed is found below:

Planning

The audit team is formed, gains an understanding of the reasons for the audit, and identifi es its objectives. Data that can be used in the planning phase includes information from previously conducted audits, internet sites and other organisational documents. Sources may include, but are not lim-ited to, a risk assessment, internal and external evaluations and manage-ment guidance.

Organising

The audit team prepares a detailed audit plan and develops a preliminary audit program. It prepares any necessary administrative documentation and other requirements needed for the audit. It processes and identifi es the various types of information and documentation required from the client, which will generally include organisational charts, job descriptions and rel-evant reports.

Fieldwork

This stage involves executing the procedures described in the scope docu-ments. The duration of the audit will vary depending on the scope and the requirements, the availability of labour as well as other resources required for the audit. During fi eldwork, the auditor should identify, analyse, evalu-ate and document suffi cient, reliable, relevant and useful information to achieve the audit objectives. The evidence gathered by the auditor will be documented in the working papers and used as the basis for the conclu-sions made and the results of the audit. The auditor must discuss signifi cant fi ndings with the audit team in order to fi nd solutions to resolve any prob-lems related to the fi ndings.

Reporting

The activities conducted during the reporting phase include:

• Preparing a Draft Audit Report; • Discussing proposed changes with the appropriate level of management; • Preparing a Final Audit Report; and • Distributing the Final Audit Report to the audit team and client.

The reports should include the audit objectives, the scope of audit work performed, an overview of the business or activity, conclusions regarding fi ndings and observations, and recommendations to management to ad-dress any issues found.

Recommendations should be included in the fi nal section of the report. They should include information on shortfalls and risks, and suggestions as to ongoing improvement for the client. The reports should also acknowl-edge when satisfactory performance is found.

I MANAGEMENT I ENGINEERING I AUDITING II MANAGEMENT I ENGINEERING I AUDITING I www.eeslive.com 2

GIVE YOUR COMPANY THE COMPETITIVE EDGE BY MEANS OF AN IT AUDIT

April 2014

I MANAGEMENT I ENGINEERING I AUDITING II MANAGEMENT I ENGINEERING I AUDITING I www.eeslive.com 3

Code of Ethics and Standards of Conduct

Integral to an audit of technical infrastructure is a Code of Ethics and Standards of Conduct.

The following Code of Ethics needs to be adhered to at all times:

• Integrity - The integrity of auditors establishes trust and provides the basis for reliance on their judgment.• Objectivity - Auditors exhibit the highest professional objectivity in gathering, evaluating and communicating information. Auditors are not unduly infl uenced by their own interests or others in forming judgments.• Confi dentiality - Auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.• Competency - Auditors apply knowledge, skills and experience needed.

The audit also needs to adhere to the following Stand-ards of Conduct:

• Service - Preserve a commitment to carry out all responsibilities with an attitude of service towards the client while maintaining a sincere and dignifi ed attitude.• Excellence - Uphold a high standard of service and a commitment to quality in performing all projects and assignments.• Leadership - Provide noteworthy examples which emphasise high ethical and moral standards.• Professionalism - Conduct business in a manner that refl ects favourably on the client.

Conclusion

In an increasingly competitive environment organisations are looking to optimise the performance of their IT sys-tems and technical infrastructure. The IT or technical in-frastructure audit is today part of a strategic and cultural shift in IT governance that, when implemented correctly, can help companies better utilise technology assets and enhance a company’s effi ciency and productivity.

Furthermore, these audits are being conducted increas-ingly, as regulatory compliance, risk management and IT security become higher corporate priorities. They ensure that information assets are safeguarded and data integ-rity is maintained.

Written by Thembi LebeseOperations Analyst, EES Africa (Pty) LtdTel +27 (0)10 590 6270, Email info@eeslive.com

Thembi worked as an Analyst Developer in the Telecommunications Industry for 2 years before joining EES as Operations Analyst. She has experience in various organisational functional areas, infrastructure technologies, business processes within IT as well as development tools related to Enterprise Resource Planning.

Qualifi cations: - BCom (Business Information Systems) from the University of Venda

Additional Certifi cates:- PL/SQL Training- OBIEE Training

The evaluation of the audit fi ndings determines if the IT systems are oper-ating in a manner that will assist the organisation in achieving its strategic objectives. It assists the company in carrying out client projects according to budget and on schedule, and provides it with recommendations regard-ing future planning.

It is the responsibility of the company which has undergone the audit to implement the suggested actions in order to indeed improve their techni-cal infrastructure and consistently maintain a high level of performance.

References

Code of Ethics. (2013, June 12). Retrieved from http://www.iia.org.uk/: http://www.iia.org.uk/resources/global-guidance/code-of-ethics/

ISA 230 Audit Documentation

ISA 320 Materiality in planning and performing an audit

PLA

NN

ING

Gain understanding of the Audit

AU

DIT

REP

OR

T

Conduct meetings to

establish Audit team

Gather necessary

information related to the Audit

Prepare necessary

documentation

Organise the Audit

and prepare Audit

program

Identify necessary

information needed from

the client

Make necessary

changes to scope and

fi nalise requirements

Executing the procedures described in the scope

documents

Auditor should identify, analyse, evaluate and document suffi cient, reliable and useful

information to achieve the audit objectives

Prepare fi nal Audit report

Issue fi nal Audit report

START

END