Is the term IT Audit correct?
Although, I have been using this term and process for long! Now, I urge for the correction, at least I shall be thinking and use the audit matter the following way from now on.
Let me explain – How is it, if it is saying
– Audit for IT Operations of Business Process or
– Audit for IT Operations of BackOffice Management System – and
the both shall be performed separately in active presence of the Subject Matter Experts (SME).
The invented deliverables of Information technology are the finished products and services – made and intended for the end users. These products are: Operating, Networking and Communication Systems, Device Drivers, Software Applications and Apps, Collaboration and Service Agents, Interfaces, Database Systems, Security Systems and lots of hosting, communicating, backup, output, ranges of Intelligent, active and passive hardware and so on. At the innovation, design and building stage, these products are services passes through a process of quality assurance, validated against industry standard controls and rigorous benchmark testing phases. This is widely known that the things are bug-fixed and adequately usable to the beneficiaries. So, the IT and its deliverables – In the context of functionalities and operations, the potential and obvious problems of IT products and services can jeopardise the Business Process or the back-office management process.
It is known to all about the business process (those directly built for revenue generation) – for examples, Core Banking System, Healthcare Systems, Retail operation, Customer Relationship Management, Production and Manufacturing, Hospitality Management, Vehicle Management, Education Management etc. And, the example of BackOffice Management system are (not having direct connection of revenue generation and profit) – Finance and Accounting System, Human Capital Management, Asset Management, Security and Surveillance system, Warehouse and Inventory System (common for Business and BackOffice purposes), Power Management System etc. These are supportive in action.
IT and the end users products and services have to be installed and configured the way to support the operational needs of the both areas – Business Process and BackOffice Management Process. In the situation of any misconfiguration and intentional or unintentional operational deviation, error; the business and the backOffice operations are disrupted and suffers in delivering the intended outcome.
So, the conclusions is – this is not IT’s default operations with its software and hardware deliverables, responsible for the business or backoffice operation hazards or discontinuity. This is the enduser’s functionality setup – designed, configured and custom made for business and BackOffice.
Audit must be on these areas:
– Audit for IT Operations of Business Process, or
– Audit for IT Operations of BackOffice Management System
This makes scene and relevant.
Leave a Reply