skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Audits Made Simple

Technical Report ·
DOI:https://doi.org/10.2172/1177976· OSTI ID:1177976
 [1]
  1. Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
+ Show Author Affiliations

A company just got notified there is a big external audit coming in 3 months. Getting ready for an audit can be challenging, scary, and full of surprises. This Gold Paper describes a typical audit from notification of the intent to audit through disposition of the final report including Best Practices, Opportunities for Improvement (OFI), and issues that must be fixed. Good preparation can improve the chances of success. Ensuring the auditors understand the environment and requirements is paramount to success. It helps the auditors understand that the enterprise really does think that security is important. Understanding and following a structured process ensures a smooth audit process. Ensuring follow-up on OFIs and issues in a structured fashion will also make the next audit easier. It is important to keep in mind that the auditors will use the previous report as a starting point. Now the only worry is the actual audit and subsequent report and how well the company has done. “Virtualization, mobilization, and cloud technology have created new points of entry into business, leaving them vulnerable to covert cyber-attacks,” states a report by Ernst & Young. Executives are struggling with the potential for a data breach, and resolving this business risk is high on their agenda. While most audit committee members are financially solid, they lack knowledge of technology issues, making understanding of this risk difficult. Success with an audit helps management understand the risk management is accepting, highlight gaps in security, and generate ideas on how to improve. These results are an important aspect of managing the business risk.

Research Organization:
Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC52-06NA25396
OSTI ID:
1177976
Report Number(s):
LA-UR-15-22546
Country of Publication:
United States
Language:
English

Similar Records

Total assessment audits (TAA) in Iowa
Conference · Thu Jul 01 00:00:00 EDT 1999 · OSTI ID:1177976
Management audit as a regulatory tool: recent developments and prospects for the future
Technical Report · Tue Dec 01 00:00:00 EST 1981 · OSTI ID:1177976
Audit Report on "Protection of the Department of Energy's Unclassified Sensitive Electronic Information"
Technical Report · Sat Aug 01 00:00:00 EDT 2009 · OSTI ID:1177976

Related Subjects

97 MATHEMATICS AND COMPUTING
99 GENERAL AND MISCELLANEOUS
Audit