For job security, get the house in order before an IT audit

Conclusion: IT auditors typically consult with, and report their findings to, the board’s Audit and Risk Committee. Their POW (program of work) or activities upon which they will focus may or may not be telegraphed in advance to stakeholders, including IT management.
To avoid getting a qualified audit report for IT, e. g. when internal (systems) controls are weak or IT risks are unmanaged, business and IT management must first get their house in order, by tightening controls and addressing risks before the possible arrival of the audit team. Failure to get the house in order, before an audit, could be career limiting for IT and business managers.

About The Advisor
Alan Hansell
Alan Hansell is an IBRS advisor who focuses on IT and business management. Alan is able to critique and comment on IT and business management trends, ways to justify and maximise the benefits from IT-related investment, IS management development and the role of the CIO. Alan has extensive experience in IT management, consulting and advising senior managers in matters related to IT investment. He was a Director in Gartner's Executive program and adviser to over 50 CIOs and business managers and before joining Gartner a consultant with DMR Group. He also worked as an IS professional, manager and industry consultant for IBM for nearly 30 years. Alan is a CPA and Associate of Governance Institute of Australia.