IT Audit of Business Processes. Better Prevent Than Cure

1. What is IT Audit of Business Processes?
2. When Does Business Need Processes to be IT Audited?
3. What Does IT Audit Procedure Cover?
4. What Does Business Get Out of Internal IT Audit?
5. Results of Business Processes IT Audit In Practice

2020 witnessed as all of a sudden the world changed to a new life pattern which is mostly online-centered. There is hardly any business that remains unaffected: disrupted supply chains, remote working, unpredictable pivots, inter- and intra-industry collaborations, etc. 

No doubt, it will be of interest and advantage for any business to have their existing business-processes checked in terms of IT prior to launching any digital improvements.

What is IT Audit of Business Processes?

While the traditional audit is aimed at checking a business process for conformity with the established standards and specification requirements we, as the business processes IT auditors, check whether the processes run smoothly, and resources are used reasonably resulting in the client’s complete satisfaction.

Then, based on the findings we provide a detailed report including a specific solution to optimize your business processes. In case you find it appropriate, we may agree upon any further support in implementing the solution.

When Does Business Need Processes to be IT Audited?

As a rule, we get used to the business-processes and feel comfortable in  the full conviction that the conventional approach will work without fail. The idea of any changes required causes discomfort and negation. For this very reason, the businesses (having never admitted a possibility of any eventual failure) risk to face the situation when the urgent solution is required. 

In fact, you would not wait for the severe toothache to spoil your life, but rather visit the dentist regularly. Or it would never cross your mind to wait till your car falls to pieces in the middle of the highway - you prefer to have it inspected on a regular basis. The same refers to the business-processes. They need preventive measures as well.

Here are some situations, when such information technology audit should be considered:

• the company is going through some sufficiently quiet period: process run smoothly, profits are stable, and clients are satisfied with the quality. You plan no significant changes and/or business extension, but have time enough to look at the business processes from outside. Then, it’s high time to conduct the audit in order to check whether any of your current business-processes may appear to become a weak point in the nearest future, and get the tool to strengthen those weak points; or to determine what new channels for increasing profit/efficiency are hidden within the processes used, how they can be opened and applied in an efficient manner.
• the company experiences regular missteps, deadlines for projects/tasks are not always or practically never met, clients are systematically unsatisfied with the outcome, profits are irregular. You are aware of the fact, that some process (or more than one) fails, but cannot define which one.
• it may happen that you know exactly which process is the bottleneck of your business. But you have no single idea of the way to remedy the situation, and need someone reliable, who can support you and be entrusted with searching for a solution; or your ideas are ready, but you need someone to check everything and fulfill them in a quality manner and under reasonable time limits.
• probably, you extend your business, and the company is at the transition phase: scope of work is increasing, staff is growing, products and/or services range is extending. The previously used processes are actually satisfactory, but cannot cope with a new flow and volume. And you have to find out promptly, in what way they can be optimized.

What Does IT Audit Procedure Cover?

1. First of the IT audit steps is to study the subject to be audited, i.e. business processes used.
   • we collect general company information: products and/or services offered, staff, any internal procedures and policies, whether they are successfully used in practice, any business internal audit processes and their findings, etc;
   • we examine manuals, operational documents, profit and loss reports, etc., in order to go deep into the current strategy and not only adjust the processes, but to find specific levers to improve efficiency and profit;
     For example:
     We often have the cases, when our clients spend too much money for hosting, and not always reasonably.  We will help to determine which expenses are excessive, and will explain how they can be avoided.
   • we conduct interviews and brainstorms with the employees to find out whether there are any problems, whether everyone is aware of them, and what is the way to manage the problems;
   • we check whether any complaints are received from the clients;
   • if the processes are stable and established, we check emergency procedures (simulate the situations when the employees have to deviate from standard patterns).
2. Information technology audit process continues with analysis of the information collected and defining bottlenecks within business processes.
   • based on the documents and data received, we build the diagrams to see whether the process runs systematic or randomly;
   • we analyze to what extent the processes depend on performers: whether any experience and knowledge transfer is practiced (for example, in case an employee  resigns/is fired: whether the information is transferred, to whom and in what form);
   • we detect poorly organized processes, which involve too much time and more people than actually required;
   • we analyze the processes and determine the bottlenecks.
3. As a result of internal information technology audit we suggest variants aimed to unblock the bottlenecks (optimize and automate the processes).
   • having found out the bottlenecks, we think over the possible variants to eliminate them due to automation or due to changing management approach;
   • we set priorities: which processes are to be handled with special care now, and which ones shall be taken into account for the future;
   • we prepare a detailed report on the findings of the business process IT audit  specifying the suggested optimization and automation options.

What Does Business Get Out of Internal IT Audit?

After the check is completed, you have presented the detailed report with the results of the business process audit specifying the following:

• list of bottlenecks within the processes;
• recommendations focused on the possible ways to improve the situation through optimization and/or automation;
• risk assessment of the processes used.

Results of Business Processes IT Audit In Practice

In theory, things sound rather formal, and obviously, you would prefer to find out the practical effect of the complete procedure.

We are not going to make you bored with long speculations, but rather offer you some examples.

Case 1:

Background: This was the case of an IT company. Headhunting had never been its key activity, they just had HR Department to search for the candidates for the company’s vacancies. But at some point business started growing, the number of employees was increasing, and recruitment requirements stiffened, accordingly.

At that time the issue grew pressing: more candidates were required, the department was extended, and the process became irregular and nontransparent (sometimes the department staff invited the same candidate twice for the interview, and the data were simply lost). As result the recruitment efficiency dropped to the lowest level and not less important, the company reputation suffered.

That was at that moment when the company made a decision to have the business processes audited in order to find out the way to optimize the department activity.

IT audit findings: the information technology audit of the infrastructure has shown that the current process runs as follows:

• the department members use a separate job seekers base (Excel table), and the candidates funnel is kept in CRM. Accordingly, when a candidate for a definite vacancy is searched for, the suitable candidates are transferred from the base to the funnel manually;
• for the purpose of validating information on the candidate, every link to social and/or professional network profiles are also to be checked manually;
• after the candidate is processed in the funnel, the data often remain in the funnel without being transferred to the base (forgotten, not done on time). Consequently, the base becomes irrelevant, and cannot be relied upon.

Conclusion: the most challenging bottleneck in the process is updating the candidate base. The applied funnel tool suits for the ongoing vacancy processing, but there is no tool designed to connect the funnel and the candidate base to ensure their automatic synchronization.

Solution suggested: to develop the relevant script/plugin. The tool shall cover the following:

• single candidate base (the current base is automatically transferred to a new one);
• easy candidate search through the base by several filters with the immediate addition to the funnel;
• the complete candidate history in the funnel is assigned to the candidate in the base and saved after exiting the funnel along with the history of HR personnel contacts with the candidate;
• the funnel has the same functions that the HR staff is used to, including stages for working with the candidate and possibility to add notes at any stage;
• Chrome browser extension that allows collecting automatically the complete candidate information from social network pages and adding it to the base with one button click.

Case 2

Background: a marketing agency provides services for many companies and prepares for them mails for mass distribution. The task requires significant time. As marketing mailouts are usually aimed at the specific date or period, deadlines missing is rather often.

The company is aware of the existing problems and, probably, of their nature, but cannot identify and eliminate them. This means, the current challenges are addressed using some temporary measures, and no comprehensive solution is found.

IT audit findings: the business process audit has resulted in the conclusion, that design and layout for the mail templates costs much time. The process runs as follows:

• the first to start the job is the designer, whose task is to combine and bring to the same style all mail components;
• then, the mail is passed to a layout designer, who creates the responsive html page with styles according to the design;
• after that, the mail template comes to a marketing expert to be filled with the content and transferred to some special mailing service.

The fact is, that the procedure is not so simple in itself. And if we consider the human factor and add time for introducing any eventual changes in the course of the working process, it is no wonder that the team has not always succeeded in meeting deadlines.

Conclusion:the issue is that too many people are engaged in the mail creating process. Though the work done is not always of unique nature (mails are executed in accordance with the corresponding corporate style and have similar structure), it appears that the valuable time is spent for the task to be fulfilled by each chain participant, for communication between people, for correcting the layout if things do not comply with the wishes of marketing experts.

Solution suggested: to automate the process and develop a tool allowing the marketing expert (who has no idea of the layout design) to create quickly and easily the ready-made mail templates using the visual editor. The tool itself already considers every requirement (responsivity, browser requirements). By way of bonus, the same system can distribute the mails, so that there is no need to transfer the template to some other service, as MailChimp.

Why could not any already existing solutions be used in this case? The reason is, they do not offer any differentiation by companies and by access rights for the agency employees in charge for this or that company.

Case 3

Background: the audit was requested by a company, engaged in recruiting workers for construction projects. The issue arose due to regular negative feedback from the clients. Moreover, every client was complaining for own reasons: quality of works, attitude to duties, permanent failure to meet deadlines. The company did not succeed in finding the cross point for the claims at the internal level. Accordingly, no solution was found.

IT audit findings: through communication with clients and inspection of the sites it was cleared out, that the construction activities run slowly because many workers are simply out, late or regularly leave their working places.

Conclusion: the company needs a tool to monitor workers presence on site avoiding any human factor influence.

Solution suggested: to create an application to monitor working place presence. The solution is based on using the BEACON device having a limited radius that is constantly scanning the space within the radius and exchange information with other devices via Bluetooth.

That’s simple like this - the BEACON device is placed at the working place, and the worker has the app installed on the mobile device. As far as the worker remains within the operating radius of the device, the working time counter is on. And everyone is paid for the actual working time, accordingly.

As you see, these are cases where the practical and reasonable solution was found and offered due to the timely audit. Do you want to see your story on the list of the stories to be continued happily? Then, check information on Umbrella IT audit services scope right now - we are ready to review the things, find the solution and assist you in implementing it!

Photo: Unsplash