Conclusion: IT auditors typically consult with, and report their findings to, the board’s Audit and Risk Committee. Their POW (program of work) or activities upon which they will focus may or may not be telegraphed in advance to stakeholders, including IT management.

To avoid getting a qualified audit report for IT, e. g. when internal (systems) controls are weak or IT risks are unmanaged, business and IT management must first get their house in order, by tightening controls and addressing risks before the possible arrival of the audit team. Failure to get the house in order, before an audit, could be career limiting for IT and business managers.

Existing Client Login



This Advisory paper is only available to IBRS Advisory clients. To find out more about becoming an IBRS Advisory client complete the attached form and we will be in touch.
Please let us know your name.
Please let us know your email address.
Please enter a valid phone number
Invalid Input
Invalid Input

Read more ...



Alan Hansell

About The Advisor

Alan Hansell

Alan Hansell is an IBRS advisor who focuses on IT and business management. Alan is able to critique and comment on IT and business management trends, ways to justify and maximise the benefits from IT-related investment, IS management development and the role of the CIO. Alan has extensive experience in IT management, consulting and advising senior managers in matters related to IT investment. He was a Director in Gartner's Executive program and adviser to over 50 CIOs and business managers and before joining Gartner a consultant with DMR Group. He also worked as an IS professional, manager and industry consultant for IBM for nearly 30 years. Alan is a CPA and Associate of Governance Institute of Australia.