Audits- the necessary evil?
Most IT executives recognize the importance of a proper audit, yet audits can be a painful process for both the auditor and the IT organization. Audits give companies opportunities to improve, based on analysis and advice. How big (and complex) should an audit be depends on the risk priorities and thresholds, business objective, differences in the operating environments and the overall audit objectives. The goal of the audit should not be to “make the auditor” happy, but to review and show how well the department meets the needs of the business.
Logging, reporting and monitoring are very important for both daily IT functions as well as audit processes. In an audit: Logging provides a record of events related to IT processes. Monitoring is important when trying to determine state changes and other significant events. Reporting is the creation of reports whether manual (on-demand) or automatic (scheduled). On the surface these activities may look like mundane activities, but in reality they are the most important tools for managerial oversight.
Applications such as the Active Directory Manager, Active Directory Change Notifier and the Active Directory Reporter help IT organizations prepare for audits and implement solid policies that will have long-term, positive effects on the enterprise. For example, the Active Directory Manager and Active Directory Reporter offer an extensive report library, ready to use right out of the box. IT users can customize those reports to satisfy even the most detailed audit requirements.
These applications help IT managers with their audits and provide the tools needed to successfully complete the process.