Association Leadership - March/April 2008 - (Page 33) technology You want to AUDIT my what? A wake up call! By T.J. Scott, CAE Independent Bankers Association For the last 10 years working as their computer person, I have been aware every year IBAT gets an outside firm to audit the books. Other than ensuring all the correct connections to the internet and printers while in the office, I have never had any direct dealings with the auditor. But this year would be different: They were going to do an IT audit. Wikipedia defines an “information technology audit” as “an examination of the controls within an information technology (IT) infrastructure. An IT audit is the process of collecting and evaluating evidence of an organization’s information systems, practices and operations. These reviews may be performed in conjunction with a financial statement audit, internal audit or other form of attestation engagement.” I looked up the definition as a guideline, but through the process, here is what I learned: I requested the Audit PBC (Prepared By Client) list from the audit firm. This is a list of all the things the auditor will want to see when they arrive. Every audit firm does things differently, but the list I got had 16 technology-related items. Some of the items were easy to provide, such as a contact list – a list of staff and their responsibilities for maintaining applications, including programmers, users, key personnel or stakeholders. Some items took a little time to compile – if I had done everything Bob Harris told me to do about documenting everything all the time I would have already had this – like a list/inventory of applications used by the company, key contacts and stakeholders, while identifying if they were built in-house or purchased from third-party vendors. Some items I made up as I went along, including a list of projects currently in progress, completed, onhold or cancelled. And there were items not applicable to our association, like a list of system access requests for the current year. The last thing was the easiest because we had never had an IT audit before, providing a copy of any audits performed for the prior year, including internal and external audits relative to the financial applications. During the audit process, I sat down with the auditor and gave her everything I had compiled from the PBC list. She asked a few questions, made a few recommendations and left. We have not received the results yet, but I think we did OK. To help prepare for next year, I joined the IT Compliance Institute, a resource for IT professionals seeking to help businesses meet privacy, security, financial accountability and other regulatory requirements. They have tons of information on their Web site, including an IT audit checklist series, whitepapers and webinars. The reason for an IT audit is the same as any audit, to safeguard the association and directors from legal, financial and moral responsibility. There are a number of laws and regulations making us all liable for our IT networks. Some of the data that we need and use on a daily basis will easily fall into the category of personally identifiable information (PII). A member may give you an unlisted telephone number or e-mail address that is not public information. If it is released inadvertently, you are liable. If your member sends you a credit card number to pay for services or to hold a hotel room at your convention and your system gets hacked, you could be liable for that information being released. My advice? Start preparing these lists now and don’t be surprised someday if someone comes to you and says “we are going to do an IT audit.” ◆ March/April 2008 | Association LEADERSHIP 33
Table of Contents Feed for the Digital Edition of Association Leadership - March/April 2008 Association Leadership - March/April 2008 Contents Chairman's Column Homepage 60-Second Solutions Southwest Showcase Highlights Feature: Succession Plans Interim Executives Job Documentation Coaching: A Walk in the Park Perspectives Technology Column Association Case Study Government Affairs: Focus On Electronic Resources New Members Community Spotlight Houston Index to Advertisers Advertiser.com Board of Directors Association Leadership - March/April 2008 Association Leadership - March/April 2008 - Association Leadership - March/April 2008 (Page Cover1) Association Leadership - March/April 2008 - Association Leadership - March/April 2008 (Page Cover2) Association Leadership - March/April 2008 - Association Leadership - March/April 2008 (Page 3) Association Leadership - March/April 2008 - Association Leadership - March/April 2008 (Page 4) Association Leadership - March/April 2008 - Contents (Page 5) Association Leadership - March/April 2008 - Contents (Page 6) Association Leadership - March/April 2008 - Chairman's Column (Page 7) Association Leadership - March/April 2008 - Chairman's Column (Page 8) Association Leadership - March/April 2008 - Homepage (Page 9) Association Leadership - March/April 2008 - Homepage (Page 10) Association Leadership - March/April 2008 - 60-Second Solutions (Page 11) Association Leadership - March/April 2008 - 60-Second Solutions (Page 12) Association Leadership - March/April 2008 - 60-Second Solutions (Page 13) Association Leadership - March/April 2008 - Southwest Showcase Highlights (Page 14) Association Leadership - March/April 2008 - Southwest Showcase Highlights (Page 15) Association Leadership - March/April 2008 - Feature: Succession Plans (Page 16) Association Leadership - March/April 2008 - Feature: Succession Plans (Page 17) Association Leadership - March/April 2008 - Feature: Succession Plans (Page 18) Association Leadership - March/April 2008 - Feature: Succession Plans (Page 19) Association Leadership - March/April 2008 - Interim Executives (Page 20) Association Leadership - March/April 2008 - Interim Executives (Page 21) Association Leadership - March/April 2008 - Interim Executives (Page 22) Association Leadership - March/April 2008 - Job Documentation (Page 23) Association Leadership - March/April 2008 - Job Documentation (Page 24) Association Leadership - March/April 2008 - Coaching: A Walk in the Park (Page 25) Association Leadership - March/April 2008 - Coaching: A Walk in the Park (Page 26) Association Leadership - March/April 2008 - Coaching: A Walk in the Park (Page 27) Association Leadership - March/April 2008 - Coaching: A Walk in the Park (Page 28) Association Leadership - March/April 2008 - Coaching: A Walk in the Park (Page 29) Association Leadership - March/April 2008 - Perspectives (Page 30) Association Leadership - March/April 2008 - Perspectives (Page 31) Association Leadership - March/April 2008 - Perspectives (Page 32) Association Leadership - March/April 2008 - Technology Column (Page 33) Association Leadership - March/April 2008 - Association Case Study (Page 34) Association Leadership - March/April 2008 - Association Case Study (Page 35) Association Leadership - March/April 2008 - Association Case Study (Page 36) Association Leadership - March/April 2008 - Government Affairs: Focus On Electronic Resources (Page 37) Association Leadership - March/April 2008 - Government Affairs: Focus On Electronic Resources (Page 38) Association Leadership - March/April 2008 - New Members (Page 39) Association Leadership - March/April 2008 - New Members (Page 40) Association Leadership - March/April 2008 - Community Spotlight (Page 41) Association Leadership - March/April 2008 - Community Spotlight (Page 42) Association Leadership - March/April 2008 - Community Spotlight (Page 43) Association Leadership - March/April 2008 - Community Spotlight (Page 44) Association Leadership - March/April 2008 - Houston (Page 45) Association Leadership - March/April 2008 - Houston (Page 46) Association Leadership - March/April 2008 - Index to Advertisers (Page 47) Association Leadership - March/April 2008 - Advertiser.com (Page 48) Association Leadership - March/April 2008 - Advertiser.com (Page 49) Association Leadership - March/April 2008 - Board of Directors (Page 50) Association Leadership - March/April 2008 - Board of Directors (Page Cover3) Association Leadership - March/April 2008 - Board of Directors (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.