An Information and Communication Technology audit involves the examination and evaluation of an organization’s information and communication technology infrastructure, applications, data use and management policies, procedures and operational processes against recognized standards or established policies.
The audit’s focus is around an interrogation of the ICT Policy regarding its completeness, validity and relevance to the organization strategy and objectives. ICT Policies govern the use and protection of ICT resources by various user groups within the organization and enable compliance with legal frameworks governing the ICT sector.
Th review of ICT processes involves defining and testing ICT processes to determine the validity of the outputs generated by such processes once correct inputs are applied. These processes must pass basic sanity tests as well be fit purpose to underpin the organization’s need for information for decision making.
A complete audit provides an assessment of the risks involved in the use of ICT infrastructure within the target organization. The assessment of risk, evaluation and mitigation allows the organization to focus its efforts and resources on the right initiatives to achieve desired outcomes.
Ultimately, the impact of any ICT initiative must be viewed considering the effect it has on the organization’s ability to generate and sustain revenue. Any hurdles must be identified and addressed to ensure the continued well-being of the organization
Chris Sang – ICT Advisory
Share this page