What is measured can be improved.
Our approach to IT auditing is that of services, which is oriented to tangible deliverables that allow the organization to generate the change that allows it to achieve its strategic objectives as planned.
Based on that statement, the challenge is an audit service that generates tangible deliverables of value embodied in a portfolio of solutions. In other words, leaving the classic approach of only evaluating, comparing and qualifying according to the following framework:
BEFORE: Understand | Understand
DURING: Select | Adapt IT services
AFTER: Evaluate | Measure l GAP | Project Portfolio
|
|
|
|
The comparative results are the best input to define a portfolio of projects that allow to overcome the gap indicating schedules, investments and required conditions. Qualifying them in improvements, projects, programs or portfolios; where improvements can and should be made immediately and using spending as a financial strategy, while projects, programs and portfolios deserve a financial analysis to apply investments pending return.
The audit is framed within the BABOK business analysis practices of IIBA, we will use these methodologies, practices and tools for the development of our Framework based on IIA GTAG. That is, we will carry out an elicitation process to understand what they really expect from your IT organization, so that the results are not to buy reality with an ideal, but on the contrary to buy the current situation with the current reality (expectation) applying practices of PMI - Stakeholder Management.
Benefits.
- After the results of the audit, your organization will be available to initiate the actions that will effectively allow you to:
- T.I is more effectively involved with corporate strategy,
- Optimize the knowledge and understanding of the needs of the different areas.
- IT management through service-oriented evolutionary planning.
- Improve the design and dimensioning of necessary resources on demand, estimating scope, cost and service time with efficiency and quality.
- Analyze with better precision the technical / economic needs for external support and outsourcing services.
- Implement clear, consistent, complete and standard processes, which are continually self-perfecting.
- Use the concept of continuous improvement and best practices for the evolution of the IT area to strategic.
- Have a committed and effective human team.
- Migrate from a user and technology “language” communication to a business language.
- Stay up-to-date on technology trends and their impact on productivity
- Be prepared to lead the company towards the demands of a globalized business world
- Have a clear and transparent budget scheme.
- For all planning and projects, aspects such as security, risk and business continuity management will be critical factors.
- Generate value for the organization by managing services with transfer of responsibility and profitability to the user.
- Consider change management in each project.
- Promote the concept of information quality.
- Gain experience knowledge of their equivalents in other companies.
- Measure the performance of the area through indicators.
- Improve public image.
- Trust in users about the security and control of IT services.
- Optimize internal relationships and work climate.
- Reduce the costs of poor quality (reprocesses, rejections, claims).
- Define action plans for IT risks.
- Monitor your investment in an often unpredictable IT environment.
Strategy.
The main objective of the systems audit is to evaluate the status of the technological activities which must ensure that the plans and operations meet their objectives, for which the flow of threats must be known around the processes and procedures involved (risks) that are the factors that prevent their achievement.
The main objective of the systems audit is to evaluate the status of the technological activities which must ensure that the plans and operations meet their objectives, for which the flow of threats must be known around the processes and procedures involved (risks) that are the factors that prevent their achievement.
What we evaluate
Based on standards, experience and their applicability in the country, geographical area, business line, business limitations and other conditioning factors, we audit looking for evidence of the maturity of the organization with respect to an applicable model (which must be defined previously ). We will audit "how you do it", NO! What are you doing.
What are we looking for
The audit process is based on tangible evidence, not opinions, not intentions, however the adaptability or adaptation or innovation of processes, procedures and actions that finally achieve the objectives is valid for certain types of business. What we seek is to show that the efforts achieve DELIVERABLES (objectives), likewise we must seek that these deliverables are aligned with the business and that the business has defined the value of those deliveries. Those connections from the field of operations to the financial results of the organization is what we seek, in this way we can sustain deviations, propose improvements and recommendations and everything hierarchically integrated.
Objectives.
After fine-tuning, including or eliminating some in particular (first audit meeting) these are generally the large-scale objectives:
Based on standards, experience and their applicability in the country, geographical area, business line, business limitations and other conditioning factors, we audit looking for evidence of the maturity of the organization with respect to an applicable model (which must be defined previously ). We will audit "how you do it", NO! What are you doing.
What are we looking for
The audit process is based on tangible evidence, not opinions, not intentions, however the adaptability or adaptation or innovation of processes, procedures and actions that finally achieve the objectives is valid for certain types of business. What we seek is to show that the efforts achieve DELIVERABLES (objectives), likewise we must seek that these deliverables are aligned with the business and that the business has defined the value of those deliveries. Those connections from the field of operations to the financial results of the organization is what we seek, in this way we can sustain deviations, propose improvements and recommendations and everything hierarchically integrated.
Objectives.
After fine-tuning, including or eliminating some in particular (first audit meeting) these are generally the large-scale objectives:
- Research, consultation, review, verification and evidence in accordance with organizational plans and global good practices.
- Verification of controls in information processing, systems development and infrastructure in order to evaluate their effectiveness and present sustainable recommendations.
- Analysis of the efficiency of Information Systems.
- The review of the effective administration of technological resources.
Methodology
Through interviews, questionnaires and observations (personal meeting, preliminary shipments, interview) facts and opinions, with managerial, operational and strategic skills based on PMI project management (during the process), BABOK process management and managing deliverables
Risks to mitigate:
Falsehood
Discussions (edit)
Aggressiveness
Uncommon language
Role exchange
Unnecessary advice.
Formulate advanced hypotheses. .
Too much non-relevant information.
Anticipation of solutions or process solutions and not system solutions.
Through interviews, questionnaires and observations (personal meeting, preliminary shipments, interview) facts and opinions, with managerial, operational and strategic skills based on PMI project management (during the process), BABOK process management and managing deliverables
Risks to mitigate:
Falsehood
Discussions (edit)
Aggressiveness
Uncommon language
Role exchange
Unnecessary advice.
Formulate advanced hypotheses. .
Too much non-relevant information.
Anticipation of solutions or process solutions and not system solutions.
