Keep Audit Planning Up to Date Through Change Management
The best way to reduce the stress of an IT audit is to incorporate audit planning into the IT team’s ongoing strategic planning activities. That means that you shouldn’t wait for an audit to be announced before you start to prepare for it.
An audit coordinator and a backup coordinator should be named for each team or department, and they should work together to develop an audit-planning document that can be distributed to stakeholders regularly. Coordinators should be responsible for audit preparations and planning on an ongoing basis.
That said, the audit preparation process is doomed to fail without open communication about changes to the IT landscape. With that requirement in mind, it is crucial to include audit coordinators in the change management process for their area.
As new applications or infrastructure components are deployed — or decommissioned — an audit coordinator should adjust the audit-planning document accordingly. Updates may include verifying whether newly deploy server logs are being archived properly, or the access control list is correct for new IT assets.
Audit coordinators don’t necessarily need to work as part of the actual change management approval process; however, they should be kept in the change management communications loop to ensure that any significant changes are reflected accurately in an audit-planning document.
More help for IT audit preparation can be found here.