COMPUTERS & AUDITING
Improve the quality of intra-department
communication, as well as communication with clients.
Enable auditors, clients, and other
selected users to access audit information at any time, anywhere within the
We initially used the intranet simply as
a tool to promote the audit department’s
services and to educate our clients about
internal auditing. We created Web pages
that provided information on the department’s function, roles, and mission, as well
as its importance to the enterprise. We
then began developing the site’s ability to
serve as a communication and document-management tool and published electronic
forms and workpapers online so that the
auditors could create, update, and delete
information in real time.
We continued to increase the system’s
capabilities gradually and have now
developed it into an integrated audit
management system that enables our
department to organize all audit documentation online and manage workflow
across geographic locations. Virtually all
Building an Intranet
Based on our experience at Banco do Brasil, we’ve developed guidance that
may be useful to other auditors who are thinking about setting up an
intranet for their department. The following tips can help practitioners avoid
common pitfalls and ensure successful system development.
DETERMINE SHORT- AND LONG-TERM GOALS What does the audit
department expect from the intranet?
Will the system serve only as an
information-sharing device, or will it
constitute a fully functional application environment? What purpose will
it serve two years from now? Four
years from now? These are just some
of the questions that need to be
answered during the planning
process. Failure to address these
basic issues early may result in wasted money and time on software,
hardware, communication infrastructure, and personnel training.
prepared for this request. If we had
not anticipated the need for external
access, however, we would have needed to upgrade our application and
acquire new software and hardware to
accommodate security requirements.
REQUIREMENTS Some corporate
intranets provide a broad range of
applications, including messaging
software, collaboration tools, publishing features, and imaging software.
Deploying these tools requires multiple applications and servers and substantial monetary investment. Choose
functionalities that can deliver immediate, tangible benefits. Especially if
the audit department has a limited
budget and may not have an information technology department to attend
to user requests immediately, keep
the site as streamlined as possible. To
minimize costs and simplify development, for example, initial functionality
goals could be limited to facilitating
intra-department collaboration and
network of organizations dedicated to
developing Web standards
[ www.w3.org], provides guidance on
HTML, extensible markup language,
cascading style sheets, and other Web
programming tools. Following W3C’s
guidelines can help ensure program-
ming codes will work with almost any
type of browser. In addition, develop-
ers should construct SQL queries and
create tables and views according to
American National Standards Institute
[ www.ansi.org] specifications, which
will ensure compatibility with almost
any type of database system.
ESTABLISH A POLICYMAKING GROUP
Specific individuals within the
department should be designated to
develop intranet policies and procedures. Otherwise, the site can
become a “Wild West” of disjointed,
poorly organized information and
resources. The policymaking group
should consider issues such as
access policies, system security, critical transactions, and screen layout.
Furthermore, the group should
ensure that the site is aligned with
the organization’s rules and policies.
DEFINE USER BASE To ensure the
intranet will meet all user needs, auditors must determine in advance who
will require access to the system.
Consider future growth and plan
accordingly. For example, two years
after implementing our intranet system, we were asked to provide access
to regulators. Fortunately, we were
USE INDUSTRY STANDARDS Which
browsers will intranet users employ?
What database programs are they
using? What type of server operating
system will be used? Is the information technology (IT) infrastructure heterogeneous? Whenever possible,
developers should use standards-based technologies, as opposed to
proprietary solutions, to ensure maximum compatibility across the system.
The W3C Consortium, a global
DETERMINE RESOURCES NEEDED FOR
SYSTEM DEVELOPMENT If the department has already determined its system requirements and goals for the
intranet, all specifications can be
delivered to either the IT department
or an outside provider for development and implementation. However, if
the department has not defined its
requirements and still has many unan-swered questions regarding how the
intranet will be used, consider establishing a group composed of IT and
audit staff to plan, specify, develop,
test, and implement the audit intranet
and related applications.
If the audit department has its own
programming staff, you may be able to
develop the intranet in house with
technical support from IT. Keep in
mind, however, that there are potential pitfalls to handling the process
within the department. Having the
resources to accomplish programming
tasks internally allows more control
over development, but the department
may also be more inclined to tweak
and change the system throughout
the process, which can prolong projects and impede progress.
INTERNAL AUDITOR JUNE 2004