Your boss says, “Our IT audit is coming up soon.”
How do you suddenly feel?
a) Ready for that root canal you’ve been putting off.
b) Like Harry Potter going to meet Voldemort in book seven.
c) The same as when you got caught sneaking in the back door after curfew.
d) As if you’re having that dream about finals week when you haven’t been to class all semester.
e) Some combination of a, b, c and d.
Audits take time, cost money and always seem to focus on things you’re doing wrong. Who wants that in their workday? Have you ever welcomed an IT audit or known anybody who did?
The IT audit is a big show-me.
It’s hard for most people to focus on the upside of an audit, so I won’t even try. But I will cut to the chase on what an audit boils down to: presenting documentation that shows you’ve defined the processes and policies that govern your business, and proving that you follow them.
You say that all change requests for your ERP system require approval by two IT managers? Show me.
You say you take a snapshot of your ERP system before implementing each round of changes? Show me.
You say you capture and log the deployment of every object associated with every change? Show me.
Ultimately, an IT audit assures the business and regulatory bodies whose standards you must observe that your organization does what it says.
It goes into a lot of questions and expects a lot of answers – more than most companies can readily pull together manually. If all you have are manual tools like spreadsheets and doc files, you can probably deliver what the audit requires, given enough time.
But without automated change management, you’re in for a long, oppressive audit.
That’s why we have a new e-book for you, called “Avoid the Common Pitfalls of ERP Change Management.”
We’ve written an e-book called Avoid the Common Pitfalls of ERP Change Management: Part 2 explains auditing and demonstrating compliance with the ERP change process.
Following up on our advice in Part 1 of the e-book to apply a secure, automated change management process, Part 2 outlines the need to be able to assess and report on your change-based activities.