In this blog post from our ITAM best practice series, you will learn how to conduct self audits. The goal is to carry out formal internal assessments for compliance and audit readiness.
Here is why self audits are important. Being compliant and audit-ready ensures that you are in control of your IT, and that you have already curbed a lot of unwanted IT spending. Real audits may occur any time, and therefore you need to ensure that you are always audit-ready. Conduct self-audits for all your vendors at least twice a year.
Now, let’s take a look at the benefits of conducting internal self-audits
-
Serves as an early warning system.
-
Helps you save huge fines and penalties.
-
Reduces existing discrepancies in your IT infrastructure.
-
Helps your staff get enough hands-on experience to face real audits without any panic.
Follow these simple steps to conduct a hassle-free audit
1. Prioritize your vendors
Audits are usually time-consuming. Make sure you prioritize your vendor list before a self-audit, based on external factors such as likeliness of audit from the vendor, vendor profile, and vendor who has supplied the majority of inventory. Always remember to perform the audit one vendor at a time and not rush things.
2. Set audit policies
You need to clearly define the people and tools involved in your audits. You also need to plan your audit execution strategy and set the scope of your audit.
People aspect
Define appropriate audit roles. List the department names and their level of involvement in the audit. Choose skilled people from the legal and technical departments to play the auditor’s role. Also, form a committee to represent and defend the organization.
Tools involved
Check to see if you need to install a third-party tool, or if you are planning to use existing tools for the audit. Some vendors may not entertain the use of third-party tools.
Planning
You also need to plan between having a fast paced surface audit or a time-consuming, in-depth audit. Devise proper roll-out and back-out plans to execute the audit.
Setting the scope
Some audits might focus on just license violations, while others might focus on finding the usage of prohibited software. You need to identify specific parameters to track for individual audits based on the purpose of the audit.
3. Facilitate an audit-friendly environment
Keep records related to purchases, entitlements, and inventory ready and accessible for the audit. Provide incentives to your workforce to participate in the audit. This will give them a purpose and the motivation to dive deep into executing the audits wholeheartedly. Prepare your tools to run usage and compliance reports multiple times, if required.
4. Come up with a remediation plan
Audit results are mostly disappointing, with a lot of discrepancies. Answering the following questions will help you make necessary modifications to properly set your inventory.
-
How do I install/uninstall software?
-
How do I purchase new licenses?
-
Do I have the budget to pay potential fines?
If you have any questions, please feel free to post them in the comments section below. In the next blog post, we will see how to continuously improve your ITAM process. In the meanwhile, if you are looking for an out of the box IT service desk solution with in built-in ITAM capabilities, we encourage you to check out ServiceDesk Plus.
