RECENT SEARCHES

    RECOMMENDED

    No Results Found

    Check business resilience with a technology audit

     

    Today, almost all business operations rely on technology — when the technology stops, so does the business.

     

    “What's critical to understand is that technology is really enabling and driving core operations of almost every business,” said Grant Thornton Risk Advisory Partner Scott Peyton. That’s why the resilience of your business depends on the resilience of your enabling technology infrastructure. Your internal audit team can play an important role in evaluating and maintaining your technology resilience. Audits of your technology infrastructure should assess your IT strategy, reporting tools, cloud change management and asset management.

     

     

     

    IT strategy

     

    An internal IT strategy audit can help a business ensure that it has the right technology infrastructure to drive its core operations with efficiency and resilience. In a recent Grant Thornton webinar with more than 1,000 attendees, almost half said that their companies have not audited their IT strategic plans.

     

     

    Inefficiencies in your IT infrastructure can be very costly, so it’s important to establish an IT strategy that helps you anticipate needs and adapt over time. It’s also important to get buy-in on that strategy, track its execution and audit it regularly.

     

    Your internal audit team can help you understand and ensure that your IT strategy supports your business strategy. It starts with identifying the essential components of an effective strategic plan. Your plan should:

    • capture the current and future state of the company’s technology infrastructure.
    • align with your overall business objectives, to strengthen your efforts towards business goals.
    • integrate with comprehensive enterprise risk management to help avoid or mitigate risks. 
    • include a process for ongoing monitoring and reporting that produces valuable data for informed technology decisions.

    Capturing the current state involves determining the company’s IT baseline, assessing each technology pillar or stack and understanding how it’s all managed through IT governance. Capturing the future state requires an IT roadmap that shows targets, priorities and innovation adoptions. A process for ongoing monitoring and reporting should track the current and future state, so that an audit can assess whether the company’s capabilities, financing and staffing are on track to meet the technology targets.

     

    “The IT internal audit really helps inform us about how the organization can avoid pitfalls, as it tries to deploy the IT strategic plan,” Peyton said.

     

     

     

    Reporting tools 

     

    Your IT strategy drives your technology decisions, and your reporting tools drive your business decisions.

     

    Internal auditors need to assess the enterprise’s reporting tools, like Microsoft Power BI and Excel or managed SQL queries. “You might also need to include data from legacy reports that management has always used, whether it’s on a mainframe or just a typical report out of the ERP system,” said Grant Thornton Risk Advisory Principal Matthew Cassidy. To analyze large amounts of data from enterprise data storage areas, consider online analytical processing software and artificial intelligence capabilities.

     

     

    Core reporting tools

     

    Reporting tools are especially important during phases one and two of the three-phase IT strategy audit, as it performs detailed testing procedures. Tools can reside in the cloud, on site, with a vendor or might be embedded in an existing system. Each repository and data flow has inherent risks to mitigate. “It’s critical to understand how the systems are connected, how data flows, and the processes and controls around each piece,” Cassidy said. “The controls and the procedures change, depending on where that data is within the flow of the systems.”

     

     

     

    Cloud change management

     

    Beyond your analysis and reporting tools, cloud platforms are the standard for most of today’s enterprise applications. That’s why it’s important to assess cloud change management, evaluating the Continuous Integration / Continuous Deployment (CI/CD) environment. “CI/CD is a modern definition of software development, in smaller increments rather than large deployments, to help ensure the changes are reliable,” said Grant Thornton Risk Advisory Managing Director Vikrant Rai.

     

    CI focuses on automated test cases and quality gates, testing application changes against pre-defined criteria where failures can be quickly resolved. Then, CD encompasses the ability to cancel or revert a change to a prior version, if the result of integration output adversely impacts production.

     

    A CI/CD model

     

    Efficient CI/CD can help ensure seamless and continuous updates before and during deployment, if the proper governance and controls are in place for stakeholders throughout the technology asset lifecycle. “The CI/CD policy is critical to ensure that there is successful automation in the overall process,” Rai said.

     

     

     

    Asset management

     

    Software and hardware assets constantly move through an organization as they are procured, deployed, employed, managed, stored and disposed of. To ensure that assets are managed appropriately from adoption to end-of-life, it’s important that people know and adhere to updated IT Asset Management (ITAM) procedures.

     

    “When we think about IT asset management, literally everybody who has an asset in the organization is a part of that effort, and needs to take ownership accordingly,” said Grant Thornton Risk Advisory Principal Chris Saracco. An audit can evaluate ITAM procedures against practices.

     

     

    Asset management best practices

     

     

    ITAM best practices can mitigate the risks of inaccurate records, noncompliance with software licensing, unclear vendor contracts and poor hardware or software disposal.

     

    A comprehensive technology audit can help ensure the successful development and ongoing execution of your IT strategy, reporting, cloud change management, asset management and more. It gives you the information you need to move toward your desired future state, and can help ensure the resilience of your business operations along the way.

    Icon: Request a meeting Icon: Request a meeting
    Request a meeting
    Authored alt text Icon submit RFP
    Submit RFP
     
     

    Contacts:

     
    Headshot of Scott Peyton Headshot of Scott Peyton Headshot of Scott Peyton
    Scott Peyton

    Partner, Internal Audit Cybersecurity Practice

    Denver, Colorado

    +1 303 813 3971
     
    Headshot of Vikrant Rai Headshot of Vikrant Rai
    Vikrant Rai

    Managing Director, Internal Audit Cybersecurity Practice
    Grant Thornton LLP

    +1 212 624 5212
     
    Headshot of Matthew Cassidy Headshot of Matthew Cassidy Headshot of Matthew Cassidy
    Matthew Cassidy

    Principal, Advisory

    Matt is a Principal in Grant Thornton’s Risk Advisory Insurance Practice.

    Philadelphia, Pennsylvania

    +1 215 814 4073
    Industries
    • Insurance
    Service Experience
    • Advisory
    • Audit & Assurance
     
    Headshot of Chris Saracco Headshot of Chris Saracco Headshot of Chris Saracco
    Chris Saracco

    IT Risk Advisory Principal

    +1 312 602 8384
     
     

    Our fresh thinking

     

    No Results Found. Please search again using different keywords and/or filters.