Streamline IT Audits With Savvy Information Management

May 16, 2016  

It’s audit time—do you know where your data is? Prepare with distributed capture solutions and centralized workflows.

You can’t cook a good meal if you don’t know which ingredients you have in your kitchen. The same goes for businesses and information technology. It’s impossible to determine if your IT systems are meeting the needs of your organization—at the right cost and without causing crippling inefficiencies—without a thorough inventory.

That’s where IT audits come in. They consist of in-depth accounting and analysis of a company’s technical environment, including hardware, software, services, plans, policies and personnel.

Too many businesses view IT audits as one-time or occasional events. Often they occur at times of crisis: during a review of IT or company-wide budgets, or when the business is evaluating IT readiness to pursue a new direction or strategic goal. But in reality, audits—and preparations for them—should take place consistently.

According to a study by PricewaterhouseCoopers, 70 percent of chief audit executives, senior managers and board members in the financial services industry say risks are growing.¹ Threats to information security and integrity, in particular, are becoming increasingly complex in the digital age. This has shed light on the importance of effective information management and increased the need for IT audits.

“To have any hope of protecting your organization’s critical assets, the business and security teams need to understand where your information lives, inside or outside,” according to Ernst & Young.²

Capturing Data at its Source
IT audits focus not only on cataloguing IT systems and software, but perhaps more importantly, on reviewing information management practices, including data security and integrity processes. Audits also ensure IT systems align with the enterprise’s overall business and financial goals. The exact type of information that must be collected and managed depends on the business. However, some important general categories include:

  • Data that identifies a person or business
  • Individual and business details that impact transactions
  • Information relating to compliance with IT-specific laws and standards, as well as industry-specific rules and regulations
  • Data central to mission-critical business processes, both internal and external

While much of that data today is digital—generated and stored within IT systems themselves—many important types of information remain paper-based.

“Paper is not dead,” says Emma Isichei, worldwide category director of capture solutions for Kodak Alaris. “We talk about the paperless office, but the amount of data has grown. A lot of this data is still on paper. And all of it is critical.”

The Amount of Data Created Each Day

To manage that data, businesses need to know exactly where it is created—and place the tools to collect it as close to the source as possible. Once the capture sources are identified, Isichei says, organizations can identify how they fit into a secure, transparent business workflow.

“The ability to capture at the point of need—in distributed locations throughout the business—is important so that information can be captured quickly and used,” Isichei says.

Distributed Capture and Centralized Control
Advanced information management technology not only ensures businesses automatically collect data at its source; they also streamline audits by providing visibility into the chain of command over the data. The KODAK Info Input Solution allows businesses to capture information from paper documents, digital records and images, and securely process them within the correct business workflow. Those capabilities ensure a smooth reporting process, allowing businesses to record data capture, classification and indexing. This, in turn, gives auditors a clear picture of how information is collected, stored and accessed within an organization.

The solution has the added advantage of being managed centrally, allowing companies to oversee data collection processes and share updated policies easily. Distributed capture technology and centralized control increase efficiency across the organization, while delivering the data needed for a successful IT audit.

Other Considerations:  Is your Enterprise Content Management (ECM) system a friend or foe?

Knowing where your data is closely tied to how well a firm’s employees embrace their ECM system.  If it’s irritating to use, involving needless click paths for storing, accessing, and editing documents, people will find ways around it.  This can become a serious problem – as any benefit of ECM is nullified if employees rebel against using it.  

Our audits will make every attempt to discover whether your ECM environment is helping, or undermining, your need for smooth, consistent information management.  If appropriate, we will make recommendations about optimizing your ECM platform so that it simplifies document storage, access, and usage in compliance with your firm’s business needs and internal policies.

¹ “State of the Internal Audit Profession study,” PwC, 2015
² “Ten Key IT Considerations for Internal Audit,” Ernst & Young, February 2013