Audit and analysis are two different processes with different outputs. Many companies call analysis an audit just because it sounds more professional. But is it always necessary for your IT to meet all audited standards? And what does the deployment of audit and analysis look like in practice?
Audit and its standards
An audit is an official inspection or verification of systems, processes, projects, products and other aspects in a company. It always runs against internal or recognized standards (for example, the well-known ISO 9001 in the field of management, which also includes information technology). The aim of the whole process is simply to find out whether specific systems achieve the required levels.
In a corporate environment you often encounter, for example, accounting audits or quality audits. The latter addresses whether the quality system meets the standards set by the company (often according to ISO 9000 series). For information technology you may encounter, for example, general information audits or security ones. However, it is important that during the audit the standard is mainly adhered to and not much is thought about the effectiveness and functionality of the examined aspect within the company.
What can analysis do?
In contrast to the audit, the analysis focuses less on formal procedures, while addressing problems in a comprehensive way. At first glance, it may seem that there are no well-defined standards. But the analysis advises the company what to improve or points out what does not work. It does not always use strict standards that have their place in the audit.
You will use the analysis, for example, to evaluate the project after its completion (what did or didn’t succeed and which processes you want to improve in the future). It can also be focused on the overall evaluation of the state of IT in the company and the identification of opportunities for improvement, including calculations or a proposal for a future project.
The analysis also addresses how systems are interconnected, whether they work properly and efficiently, how secure they are, and whether they unnecessarily restrict users. It can also deal with their connection to other areas in the company (for example, automation of email communication with employees and the recruitment process versus HR, automation in production versus production itself and more). At the same time, it reduces inputs and maximizes outputs.
Practical example: Diploma thesis, audit and analysis
The fundamental differences between audit and analysis can be nicely illustrated in the process of writing professional papers. The audit would examine whether citations, numbering and other aspects of professional work comply with the currently valid standard.
The analysis would address mainly the content, and not so much these standards. It would be important for the analyst (tutor or lecturer) to find out whether the whole work makes sense, is beneficial for their own field and useful as a whole. They would also address the context, the quality of resources, and see if the student knows what they are writing about.
From the academic environment, let’s go back to IT for a while. In this case, the analysis would address the fact that IT is set up so that everything makes sense and that its full potential is realized.
Is a standard needed for everything?
It is not always necessary to perform an audit. If a company has suitably set up information technologies, has quality security and functional information systems, standards may not come first for it.
In IT, analysis will often be more useful to you (if you do not need to deal with ISO). The analysis can also be done taking into account industry standards. Thanks to this, it is possible to address the specifics of a particular company, which often omits audits.
In terms of IT, companies primarily need functional information systems and technologies that increase work efficiently and enable 100% use. We at PEKK Consulting say: more important than a standard that does not solve anything in itself are functioning Information Technologies. Therefore, a well-performed analysis is often a better choice than an audit taken out of context.