Quality Assurance and Project Management

Feb 28 2017   10:46PM GMT

Is it Possible To Audit An External Company Auditing Your Organization?

Jaideep Khanduja Jaideep Khanduja Profile: Jaideep Khanduja


External auditing happen almost in all organization. It is probably a legal requirement under company act. But then is it possible to audit an external company auditing your organization. Obviously external auditors are the kings. They can ask and demand any information, data, and user rights. In case of physical information too, they can seek files and documents to any extent. Logically, when such audits happen, it is an audit of your practices, proedures, and policies. Basically, it is a check of what you say and what you do. These ideas came into my mind when i came across this question on ITKE. The title of the question is External IT company auditing security and policies.

Is it Possible to Audit an External Company

Photo credit: stevendepolo via Visual Hunt / CC BY

The question is – We have an external IT company auditing our security and policies. What kind of access should we give them? Should we be worried about auditing the auditors? In the nutshell, is it possible to audit an external company auditing your organization? I think, in an organized scenario, it is very much possible. There is a written agreement between the two parties – auditor and auditee. Everything is being taken care in that agreement. There is no need to audit the auditors. But you just need to ensure that you record every requirement from them in black and white along with the reason for which it is required. In any case, when you give them admin user/password you always have audit trail for all your critical data and actions.

Is it possible to audit an external company

Moreover, as the maturity level increase, the auditors inform you the key areas they would be looking into. Also, in most of the cases, they list down the information they would be seeking. This information might include an access to your key business application. They might like to access the application with differnt role level to check if the authorizations and alerts are working correctly of there are any gaps.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: