IT audits. Whether requested or required to true up software licenses, update and reconcile asset inventories, assess cyber security, or comply with regulatory requirements, IT audits are as essential as they are dreaded. Herewith, some thoughts on audits and how to make them less onerous.
IT Audits: Known Knowns, Known Unknowns, and Unknown Unknowns
You may have first heard the phrase “unknown unknowns” when US Secretary of Defense Donald Rumsfeld uttered it during a news briefing in 2002. But the term has been around since the 1950s. Today, it is commonly used by project managers and strategic planners, but is the bane of many IT leaders and teams as well.
Why? Because unknown unknowns trigger undesirable responses from those who conduct IT audits. Whatever triggers it and whoever requests or demands it, all IT audits arguably share a common goal. That goal is to discover any and all unknown unknowns, but to minimize or eliminate as many of them as possible.
For IT, the dynamic is complicated by the nearly constant growth and change that buffets almost every IT estate. User adds, moves, and changes. Application, data center, and cloud deployment migrations. Mergers and acquisitions. Internet of Things (IoT) deployments. New security threats and challenges. Shifts among external IT resource providers. New or revised regulatory or business requirements. Any and all of these and more result in changes to your IT environment, changes that directly affect what you know, what you think you know, and what you don’t know.
Your Best Defenses: Inventory Knowledge and Flexible Reporting
To pass every IT audit, you need the best available information about all of your IT assets. That information must be accurate, complete, and kept up to date, even in the face of constant change.
In addition, you need to be able to know, map, and keep current detailed information about the relationships that connect those assets to each other, your users, and your business. This means you need to know more than what and where an asset is. You also need to know what it does, for whom, how it is configured and secured, who owns it, who maintains and supports it, and who pays for it. Among other things.
The right IT asset management (ITAM) and inventory tools and processes can collect and maintain the knowledge you need about your environment. But gathering that knowledge is only half the battle. You also need to be able to translate that knowledge into information your IT team, your auditors, and your executives can understand and act upon. This means you need reporting as powerful, flexible, and straightforward as your inventory management solutions.
The combination of effective ITAM, inventory management, and reporting can do a lot more than make life easier for you and your IT team. That combination can help identify and address emerging security vulnerabilities before they become actual threats. It can help improve the availability and performance of critical IT-powered business services. And it can help avoid costly penalties for non-compliance with licenses or regulations.
Effective IT Inventory Management: Three Things to Do Now
Get comprehensive discovery. You can’t manage what you don’t know and can’t see. Ensure that all of your critical assets are discoverable, and that information about them and their interconnections is kept up to date.
Build a configuration management database. You need a CMDB to manage all of the information you discover effectively. A solid CMDB can also ease and speed the reporting you need to pass every audit.
Establish and maintain information baselines. Once you are able to collect and manage accurate, complete inventory information, use it to establish and maintain baselines for the information your constituents need. This will help you and your colleagues to focus on exceptions and not on data collection.
Create and maintain tailored, actionable reports. Every constituency you and your team supports needs different presentations of IT asset and inventory information to do their jobs. Work with your colleagues in IT operations, cyber security, finance, compliance, and other areas to ensure you delivering the information they need in forms that are clear and actionable.
Virima: Your Discovery, Management, and Reporting Partner
Virima’s discovery, ITAM, and ITSM solutions can help your business achieve and maintain the inventory knowledge you need to pass every IT audit. Virima solutions can automatically discover and map your critical IT resources and the interconnections that link them to one another, your applications and services, and your users. Virima solutions are easy to use and configure, and designed to work well with each other. They also produce useful, actionable reports about your IT environment, for IT managers and business decision makers.
These features can help you and your IT management team acquire, manage, and deliver the information your business needs to pass your audits and maximize the business value of your IT estate. Learn more about Virima’s IT asset and service management solutions online, or contact Virima today.
Latest posts by Mike Bombard (see all)
- You’ve Decided You Need an ITAM Tool. Now What? (Part 1 of 2) - May 13, 2019
- ITSM and ITOM: How They Align, How They Differ, and Why They Matter - May 1, 2019
- Why Patch Management is Not Asset Management - April 17, 2019