This IT Audit project was a typical example of how we can empower staff to do-it-for-themselves.
There is a common perception, particularly amongst smaller audit teams, that IT Audit is for specialists only. On this project we set out to debunk that idea.
We executed what we call ‘hand-holding’ consultancy where we direct the audit team staff to conduct an IT review in partnership with ourselves. We audit and teach as we go. The target goal is to leave the team in a position where they can repeat the exercise, with extensions and modifications, for themselves after we have gone. In a sense we are doing ourselves out of a job, but we believe in sharing knowledge anyway so that’s normal practice for us.
We ran the project in the following way:
- We gave the team a briefing that contained enough knowledge to understand what we would be doing next;
- Then we split the task between team members and oversaw their activities;
- When results came back we sat down together and debriefed the team then appended further explanation as necessary for the team to understand the outcomes;
- Finally we generated knowledge texts and work programmes to act both as aide-memoirs and useful tools for later activities.
In particular, we focussed our attention on key risk based issues that were approachable by staff with less knowledge to act as building blocks for more complex work later on.
This project received enthusiastic feedback and the organisation, today, still remembers how they got onto the first rung of the IT Auditing ladder.