Wow! Well okay then, it seems my last post has sparked some interest. Next to my Motorola Q post it has seen a lot of activity. From friends in the industry the main question is “how do we even go about preparing for an audit?” usually followed by a statement such as “it always seems we are running around not sure what is going to happen next in an audit” and other such questions and comments.
Here, let’s point you in a starting direction, Microsoft has created a basic document located here that you might be interested to add to your reading list.
Again, there are many resources out there, based on the audit you might be facing, that can help you. I highly suggest that you employ a firm (have I mentioned I’m available for contract?) in at least double checking your findings before the actual audit. Ensure that you have written policies in place that your organization will follow, and reprimands for those that do not follow due process. For what is a policy without a consequence for breaking it? Make sure that everything is clearly outlined for those that need be involved. Right on down to the employee release forms.
Hopefully this will help those of you who are new to the process of an audit get a better understanding of some things to look at for the future. Again, being in Information Technology myself, this is from an IT perspective.