That is the only part of an audit I do enjoy. Getting to write-up mgmt. for not following good practices. Like no lab or test environment for testing updates or requested changes to environment, not providing training, having out-of-date software, etc. I have actually been asked by mgmt. not to include some of that stuff in my reports because they "just don't have the time or money to implement" the stuff. Sorry, I do not report to you and you can't fire me!
One time I wrote up an agency in a global corp because they were not following the parent company's guidelines for IT requirements. i.e. no lab, weren't following change control, server's out of warranty, SAN no longer supported by vendor, etc etc etc. IT Manager was fired the next week and in less than a month they were getting POs for replacing most of their out-of-date HW/SW and implementing a lab for the IT staff. Oh, and the IT staff each received 2 weeks of training of their choice for either hardware, software or virtualization stuff. I may have been the bad guy for one full week but I bet if I walked in there a few months later I would have been the hero. No publically traded company wants a bad IT audit! J Have I ever told you guys and gals, I really don't like doing IT audits. J Webster From: Ziots, Edward [mailto:[email protected]] Subject: RE: Experience with doing IT Audits Also, Auditors are not your enemy, which a lot of IT managers think they are, if utilized correctly you can get a lot accomplished that is getting squashed by the politics etc etc in your companies. I welcome the auditors, it gives you a chance to see what is broken and look forward to fixing it. Especially when you been saying it all along and it falls on deaf ears, because people want to play the ostrich defense ( head in the sand) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
