Auditors

            Auditors are an essential part of governance. Auditors are
            responsible for reporting to management on the status of the
            controls in place to protect the systems, processes, and
            operations of the organization. Some auditors specialize in
            financial audits, others in operational or IT audits. Regardless of
            which areas are being checked, however, IT is almost always
            involved since nearly every system or business process today
            has some IT component. Auditors are to be independent,
            objective, and systematic. They are expected to investigate,
            discover, and uncover any flaws or vulnerabilities in systems,
            and report on any areas of non-compliance with organizational
            policies or procedures.

            Auditors are the eyes and ears of senior management and are
            expected to develop and follow an annual audit plan that
            focusses on the areas of most concern to management. Through
            proper examination and evaluation of systems and processes,
            auditors provide management with findings and
            recommendations on how to improve processes, strengthen
            controls, provide better oversight, and increase efficiency or
            effectiveness.

            IT staff are often required to provide support for audits, and this
            can take a considerable amount of time. However, a properly
            conducted review may be of significant advantage to an IT
            department. Issues that may have been challenging for the IT or
            security department to resolve may be highlighted in an audit
            report and (finally!) receive the attention and budget required.