ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Auditing Green IT

Auditing Green IT

J. David Patón-Romero, CISA, PMP, Maria Teresa Baldassarre, PMP, Moisés Rodríguez, CISA and Mario Piattini, CISA, CRISC, CISM, CGEIT, PMP
| Published: 8/29/2019 2:56 PM | Category: Audit-Assurance | Permalink | Email this Post | Comments (1)

Sustainability has become a key focus in the 21st century. Both society and organizations recognize the importance of sustainability in their day-to-day functions and demand guidelines that help them implement, control and improve practices in this regard. Many IT organizations have begun to implement green IT practices. Based on our experience applying an extension of COBIT in different organizations to audit green IT, we believe that the following steps should be considered:

  1. Understand the scope—Due to the novelty of green IT, many organizations do not fully understand the scope of green IT practices. Thus, it is important to differentiate between green-by-IT practices (in which IT is used to reduce the negative impact that other areas have on the environment) and green-in-IT practices (in which sustainable practices are applied in IT itself to reduce its negative environmental impact).
  2. Conduct a systematic and progressive green IT assessment—Assessing all the processes established by COBIT (adapting them to green IT) is unfeasible. So, it is advisable to group COBIT processes using a maturity model. This allows auditors to conduct a more organized and progressive audit, assessing first and ensuring compliance with the most basic and necessary processes of the first maturity levels before assessing more complex processes of higher levels.
  3. Implement improvement actions—We have also guided organizations toward the improvement of the practices they carry out. Organizations should develop improvement plans and progressively implement the processes level by level of maturity.

We believe that these 3 steps can help you not only when properly assessing green IT, but also when establishing a strategy to implement and improve the processes and practices that are carried out. This will benefit your work as auditors, making the entire audit process simpler and more complete, and it will help organizations achieve better results in green IT.

Read J. David Patón-Romero, Maria Teresa Baldassarre, Moisés Rodríguez and Mario Piattini's recent Journal article:

"Auditing Green IT Governance and Management With COBIT 5," ISACA Journal, volume 4, 2019.


Auditing Green IT

As sustainability is becoming limelight many organizations are trying to contribute their part towards the society. One such initiative by IT companies now is the Green IT.

Green IT is the practice of environmentally sustainable computing that aims to minimize the negative impact of IT operations on the environment by designing, manufacturing, operating and disposing of computers and computer-related products in an environmentally-friendly manner.

A proper method for Auditing Green IT should be designed as its a new field and organizations haven't found out a method for auditing them.

Apart from the points mentioned above these are some other points which should be considered while auditing Green IT

1. Conduct an energy audit :Measuring the power consumption can be done two ways, by monitoring the electricity meter or monitoring the electricity usage of each type of device and then projecting the total over the entire building.

Once you have your data, you can calculate consumption, cost and GHG emissions. This will give you a baseline, which you can measure your progress against. From here you can assess your targets on your chosen metrics according to sustainability strategy.

2. Reduce Inventory: Reducing the amount of equipment you operate

3. Consolidate and Centralize: Example Virtual servers. Servers usually operate at less than 15% and often run at around 5% of their capacity. Therefore, around 95% of the power consumption is wasted energy. A way of reducing this waste of power consumption and capacity is virtualization.

4.Curb data centre energy use
5. Use power saving features on equipment
6. Reduce other office waste
7. Implement a sustainable procurement policy
8. Minimise e-waste
Deepa540 at 11/27/2019 10:42 AM