IT Managers: Audits Are Your Best Friend

Remember back in school when you worked your hardest on a paper then turned it in, confident that it was error free, only to be surprised by a sea of red ink when you got it back? You weren’t the only one. Almost everyone has the same issue: It is very difficult to edit your own work. 

Our minds naturally trick us through cognitive bias. This means that when we read our own work, we know what we intended to say. Therefore, it sounds perfect. However, more often than not, the reality is far from perfect.

 

Technologists face a similar problem. They work deeply on IT problems and cobble together the best solutions possible. However, as in the situation above, they often do not have anyone to check their work. Even professionals with years of experience can make obvious mistakes that they cannot see. 

 

 

When you perform a task, confirmation bias makes it difficult for your mind to see anything other than what you think is correct.  The recent disaster experienced by British Airways is a perfect example. There were several glaring errors in the airline’s IT infrastructure that a cursory outside audit would have identified. In retrospect, they could have prevented the entire incident for a few thousand dollars. More likely than not, the team passed over the errors without taking notice because they were too familiar with the system. Unfortunately, the more familiar we are with a setup, the more correct it looks.

 

It is in the best interests of in-house IT professionals to have their work audited by an outside agency. Technology audits are not a sign of incompetence or poor work; they are a sign of responsibility, care and a deep understanding that technical excellence does not just happen. It is planned, executed and reviewed for potential improvements. 

 

The military has an old saying, “Trust, but inspect everything that is important.” Inspections ensure the most important details garner the attention they deserve. If there is a configuration mistake yet everything has been working; it can be very challenging to see the mistake. 

 

 

Think of technical audits like a type of insurance that pays off in the long term for both your career and your company. An outside IT auditor will probably not find any major flaws, but another perspective is still valuable. The auditor will be a trained professional with years of technical experience, and they may see something that is invisible to you. Their recommendations may be subtle yet powerful. Improvement, wherever it originates, is valuable to a business and shows maturity. If everything is perfect, then congratulations, job well-done. However, if the IT auditor finds something before it becomes a major problem, then you will be even better off.

 

An outside technology audit can prove even more essential if you are performing work from multiple disciplines. For example, if you are doing security, system administrator and desktop work, each at the highest level, it can be very demanding. There just are not enough hours in the day to be an expert at everything. The more complex an organization, the higher the likelihood of something falling through the cracks; not from a want of trying, but from the rush of work.

 

Imagine going to your management team with the results of an independent audit. There are two possible scenarios, both of which are positives for you. Either the network is improved based on the recommendations of the auditors, or they verified that your work was perfect. The result is also that both scenarios are a win for the company and you. 

 

The biggest win from an IT audit is the peace of mind that the company’s systems are optimized for security and users. The best practices are not just lip service, but a verifiable reality that you must check and regularly update due to fast-paced changes in technology.