by KB Mandefro
When it comes to IT audits, it can feel daunting to figure out what documentation is needed. Depending on the audit goal and scope, auditors routinely request supporting documents to validate the effectiveness, efficiency and compliance of Information Technology General Controls (ITGCs.
Very often, IT system owners, custodians and audit liaisons wonder what to document and what information to gather for auditors. But not knowing is no excuse. Proper documentation and maintenance of IT key supporting documents (KSDs) is essential.
According to a report by Department of Defense (DoD) Inspector General (IG) on management challenges, more than 1,000 IT and financial management system Notice and Finding Report (NFR) were issued for FY2018 alone. The good news is that many of these findings are easily preventable.
Here are four ways federal agencies can prepare proper documentation for their IT audits.
In addition to supporting an audit, proper KSDs also support confidentiality, integrity and availability. Detailed and complete supporting documents should also include internal controls for all applicable systems.
Be sure these document requirements are communicated to all responsible parties and understood by IT and non-IT individuals alike, so your organization is prepared long before the audit takes place.