Ensuring the safety of company assets and creating a favorable corporate environment is largely achieved through an effective internal audit. In the near future, the preparation of an internal audit on the employee use of company-owned laptops will be completed. This process requires setting appropriate goals, involving stakeholders, planning audit stages, and interpreting the results with subsequent communication to the senior management. The purposes of these activities are to assess whether employees adhere to the safe use of corporate laptops and identify potential misuse.
Basic Rules of Internal Audit
Internal audit is a procedure that is performed in accordance with clearly defined norms. Abdullah et al. (2018) note that specific legal requirements determine the rules to adhere to, particularly oversight responsibilities and the adequacy of inspections. At the same time, such rules may slightly differ depending on companies’ profiles. Compliance with operational procedures and risk management practices is usually the main subject of analysis. Therefore, the planned internal audit is aimed at assessing whether the employees know and adhere to safety standards when utilizing company-owned laptops.
Audit Team and the Scope
To determine all the stages of the planned audit, a team of executors should be selected. Firstly, the right business unit leaders should be properly selected. Since the proposed inspection concerns the use of computer technology, the head of the IT department can oversee this activity. Secondly, the team of participants should include both IT specialists and human resource managers to interact with colleagues efficiently and offer relevant optimization solutions if necessary. The team will include the following members:
- Head of IT department.
- Two computer maintenance specialists.
- Two human resource managers.
- A secretary taking comments and suggestions.
Audit Stages and Performance
Since the objectives and goals of internal audit are defined, the work plan is narrowed down to direct practical and assessment objectives. Computer security is the core topic, and, according to Kahyaoglu and Caliyurt (2018), a special checklist can help identify specific requirements and conditions for meeting them. The stages of the planned audit are as follows:
- Compiling the schedule.
- Notifying the parties involved (the executors and the company’s employees).
- Preparing the checklist.
- Recording and analyzing the results.
- Communicating the audit outcomes to the senior management.
Through objective analysis, relevant trends in using company-owned laptops by the employees will be determined. This is a valuable perspective for identifying potential gaps in worker knowledge regarding cybersecurity and malware. As Stafford et al. (2018) argue, the primary task to achieve due to an internal audit of this profile through is to increase the computer literacy of staff, which, in turn, is the key to the safety of corporate data. Therefore, careful planning of all the stages of the upcoming work is an objectively essential procedure.
Results Analysis and Communication
Based on the outcomes of the internal audit, the results will be summed up, taking into account the criterion of the employees’ computer literacy as one of the main indicators. The results will be communicated to the senior management through a progress report. With this assessment, proposals for optimizing the current risk mitigation practices will be given, which is one of the prospects for such an audit (Kahyaoglu & Caliyurt, 2018). All involved members will present their vision of the work done and its outcomes.
The planned internal audit is designed to test the computer literacy of the employees using company-owned laptops. Involving members to the inspection team implies creating a commission in which each participant will perform specific functions. The outcomes will be compiled in a report and presented to the senior management. Building a strong team of professionals is valuable for the company in terms of the prospects of strengthening its cybersecurity and preventing the loss of assets; therefore, joining the group is encouraged.
Abdullah, R., Ismail, Z., & Smith, M. (2018). Audit committees’ involvement and the effects of quality in the internal audit function on corporate governance. International Journal of Auditing, 22(3), 385-403. Web.
Kahyaoglu, S. B., & Caliyurt, K. (2018). Cyber security assurance process from the internal audit perspective. Managerial Auditing Journal, 33(4), 360-376. Web.
Stafford, T., Deitz, G., & Li, Y. (2018). The role of internal audit and user training in information security policy compliance. Managerial Auditing Journal, 33(4), 410-424. Web.