Performing an IT Cost Management Review
 (Part 2 of 3)

By: Mitchell H. Levine, CISA
Audit Serve, Inc.


In the last issue of Audit Vision, cost management within the development group was discussed. This installment of the article will discuss the cost management of cell phone and pagers. 

Two of the major costs within the telecommunications group is cell phone and pager usage. In order to obtain the best possible rates, organizations have centralized the budget and cost management of pagers and cell phones. However, in order to ensure that the pagers and cell phones are being used appropriately, a mechanism needs to exist to provide accountability at the lowest group level. This is accomplished by either allocating the costs back to the area or providing sufficient data to support required review processes. The preferred approach would be the allocation of costs since there is incentive to save cost in one's own budget. One of the obstacles of establishing an effective review process is the level of billing detail provided by the vendor. Although the data provided by the vendor would include the phone number, the number of minutes used and the total costs, many vendors do not provide the data of the individual phone calls made. In addition, they do not provide the data in electronic format which can be used to perform cost analysis. As part of the procurement of these services an audit issue should raised if the detail data is not available electronically. In addition, if detailed data is not provided electronically, there would be no mechanism to distribute the data to the respective areas to support a review process. This would also be an audit issue.

Another component of the cost management of pager and cell phones is the analysis of utilization to determine whether individual accounts should be moved into plans which allow for more usage. This is a critical function which could save an organization thousands of dollars. 

The final set of controls which need to be in place is the formalization of the policy of use which is distributed to all individuals. Establishing a policy which discourages personal use except for an emergency, in addition to the statement of ongoing reviews to ensure compliance to the policy, will provide a deterrent for unauthorized use. In addition, standards should be in place which indicate the type of job functions which will be distributed pager and cell phones. In addition, the standard should specify the specific job functions which will be provided international calling plans. 


For a free proposal to perform an audit of your organization or provide SOX support & testing services, contact Mitchell Levine of Audit Serve at (203) 972-3567 or via e-mail at

Copyright  2006, Audit Serve, Inc. All rights reserved. Reproduction, which includes links from other Web sites, is prohibited except by permission in writing.

AuditNet - The Global Resource for Auditors

Audit Vision

Since 1991
Join 3,500 other subscribers



Free Audit Serve Seminars Posted Online

25 minute extract from the seminar entitled "Alternate Control Design Approaches for z/OS" presented by Mitch Levine in London (at the Churchill War Rooms) March, 2018 which would be of interest to IT Audit, Security and GRC personnel

General Data Protection Regulation Seminar

Copyright © 2015. All Rights Reserved.