5 Reasons to Conduct Client-Initiated IT and Financial Audits

Home » 5 Reasons to Conduct Client-Initiated IT and Financial Audits

 

Danny Harris By Danny Harris, Ph.D., PMP                                                              Dimitri Dizna Co-Author, Dimitri Dizna 

Former CIO, U.S. Department of Education                                                     CEO, BINARC                                                         

Senior Strategic Advisor, BINARC                                                                       Senior Solutions Architect

 

 

The word “audit” can strike fear in the hardiest of Chief Financial Officers (CFOs) and Chief Information Officers (CIOs)—and for good reason.

Given the sheer size and complexity of so many IT projects, it is almost certain that any rigorous audit will reveal some sort of error or shortcoming. How, then, might CFOs and CIOs better protect themselves and their lines of business from potentially serious and embarrassing audit findings? One solution is the continuous “Client-Initiated Audit.” The client referred to here is a CIO, CFO or any executive responsible for an organization’s critical line of business that may be subjected to an independent audit.

A Client-Initiated Audit is an exercise that partially mimics the traditional annual audit conducted for a specific line of business. In the case of a CFO, the annual Financial Statement/System Audit and OMB A-123/Internal Control Audits are good examples. In the case of a CIO, the annual Federal Information Security Management Act (FISMA) Audit would be more comparable.

The value of such a proactive and continuous self-audit prior to the external, independent audit cannot be overstated.

BINARC_blog_10-26-20-1600x900v6

Here are 5 reasons to conduct a Client-Initiated Audit:

1. Uncover “Low-hanging Fruit”

Nothing defines good leadership more than quickly identifying and solving problems that pose risks to an organization’s mission. Client-initiated audits can uncover problems that may be apparent but perhaps “too close” for staff at most of the organization’s levels to see. Such problems can range from a simple policy change to an slight systems or operations modification.

Often, focusing on such “low-hanging fruit” can provide immediate benefits with a low level of effort and little, if any, additional funding. CIOs and CFOs should take advantage of these quick wins.

2. Tackle Major Flaws Early

The last thing leadership can afford is an outside auditor finding a critical flaw in their systems or operations. These flaws can ultimately decrease confidence in your security posture or the very data spawned by mission-critical applications.

Quickly getting a handle on major flaws can mean the difference between being hailed as a hero or needing to update your resume. Keep in mind that identifying problems and establishing a remediation plan are the critical first steps to actually fixing the problems—and it is much better for the CFO or CIO to inform external auditors of problems and proposed solutions (even if the problems are not yet actually resolved) than for the problems to be revealed for the first time by the external audit.

3. Strengthen Policies and Procedures

As mentioned previously, some problems can be quickly resolved by updating and modifying policies and procedures. For example, simple “separation of duties” procedures have been known to remediate many problems found in IT operations. Many organizations fail to adequately update their policies and procedures, and a Client-Initiated Audit can uncover opportunities to do so—and avoid additional pitfalls down the road.

4. Develop Robust Corrective Action Plans

Performing a Client-Initiated Audit can prove invaluable not just in identifying problem areas, but further in helping CFOs and CIOs understand the full nature and extent of the problems—which is critical to developing effective corrective action plans.

Without a documented plan that demonstrates a full understanding of the problems and which serves to guide the remediation approach, organizational leadership may well still be deemed to have “fallen asleep at the wheel.” While a detailed plan may not offer a solution for funding and time constraints, it should convey a logical and sequential approach for resolution.

 

Schedule a Microsoft Teams Training
5. Reduce Independent Audit Stress

Not surprisingly, knowing that you have found most (if not all) of the weaknesses and vulnerabilities in your financial management operation or IT ecosystem will allow you to sleep a little more peacefully as youawait the audit report from the independent reviewer. If done properly, a Client-Initiated Audit can all but eliminate unpleasant surprises.

 

Summary

There is a saying amongst CIOs: “Get caught trying.” This simply means that executives should work hard to uncover their organization’s shortcomings and develop plans to fix them. Having an outside auditor discover these challenges can be embarrassing and create doubts surrounding leadership’s competency and stewardship. Clearly, it is much more desirable for an auditor to report problems that were previously identified and already being addressed—even if the problems remain unresolved. Additional benefits of the client-initiated audit includes, (1) determining the adequacy of Internal Controls, (2) supporting compliance with policies and procedures, and (3) uncovering fraud, waste and abuse.

BINARC and Zenius Corporation have developed a joint practice to support customers in performing robust Client-Initiated Audits using a methodology that is suited for both financial management systems and operations and IT infrastructures and ecosystems.

 

For more information, contact Dimitri Dizna, BINARC CEO, at 202-681-7787.

 

Posted on