External and Internal Audits have long been accepted as an essential tools for any significantly sized organisation to ensure good Governance but many are not achieving that end result by failing to recognise the need for specialist, independent IT expertise and input.
External audit is typically primarily aimed at providing reasonable assurance that the company’s financial statements are prepared in conformity with accepted accounting standards, and Directors of course make sure this is done. These audits consider the Accounting IT systems and controls, and corporate risk assessments are part of the process.
However, what is often overlooked is that IT now underpins almost all areas of an organisation’s operation and, more importantly, that it is the complex interaction between software solutions, services and infrastructures that determines whether these technologies solutions are continuously available and operate as necessary to enable the business to function. Not only is IT systems availability and operation important but it is essential that the Strategic IT decision making processes and controls that lead to the procurement/development, implementation and eventual use of the systems work well.
External and internal Quality Assurance and Audit staff for many organisations do not have the expertise or skills to assess these areas and complexities. They typically have good understanding of Quality Assurance processes and techniques and/or Financial Accounting but will not have the necessary broad based IT experience and insight to look ‘underneath the covers’.
Increasingly many CEOs are realising that an external, strategic IT Health check from experienced IT Director level personnel covering topics such as visibility and control of IT investment, IT delivery and IT related risk management is an essential tool if the Governance of the organisation is to be truly checked. Done well an IT Heath Check can form the basis for optimising IT strategies, IT delivery and IT support functions. They can also lead to much better use of the total IT budget as funds are often invested in non-strategic areas and poor value is often obtained from the IT marketplace
It is not just corporates where IT Health Check initiatives can add great value. Educational bodies and Third sector organisations, where the Principals and CEOs must be particularly careful to prove that sound Governance is in place and where operational funds are often scarce, can benefit from an IT Health Check.
As an example consider the ITSS Case study for West Herts Further Education College where the Principal confirmed considerable benefits from an IT Audit from ITSS LLP, stating:
“Given how IT now underpins almost all functions I believe that the type of independent Health Check provided by ITSS is an essential part of good Governance for a Further Education College”
