The technology audits are activities that are not very common, or, at least, they are less common than financial or quality audits. Their role is more strategic than tactical, and they are very different to the other ones.
They are named audit because their methodology includes auditory practices, but there is an evident difference between technology audits and financial ones. In a financial audit, the auditor basically follows the work of the accounts to assure that it was well done. Then, the result of the audit will be reflexing the state of the accountancy, but not how the company processes are working or its potential future growth.
Analyzing only the accountancy is not the best way to value a company, because a present healthy accountancy does not guarantee a proper future development, this condition is not sufficient, but, in fact, it is not even necessary if management gets new funding in the future.
The financial audits are very useful for investors, as they validate the accountancy, if they select their investments as a function of the dividend that they could get in the next exercise. But the information provided by accountancy can be very insufficient for the mid or large term.
The quality audits and certification were born in order to assure correct supplies of different parts to be assembled in a factory. They are the next step from the quality testing when production depends on previously processed parts or materials. They are a way to control the whole chain value and not only the internal processes.
The quality audits check the productive processes of the company in other to guarantee that things are well done and the products that we serve are in good state. Their value is for the client and it is less useful by investors. Nowadays, quality system standards include all the processes of the company showing not only the work at the productive ones.
As in a financial audit that only assures the proper accountancy work following the accountancy established rules and it does not assure the quality of the investment, a quality audit only assures that the work in a company complies with a standard but it does not assure that the products will have high quality although accountancy rules and public standards were designed as good practices. Those audits are checking the quality of the work, and it is not measuring the quality of the result of the work.
The technology audit is very different activity. A technology audit is a strategic action that tries to analyze the capabilities of the company and the competences of the staff in order to develop the future of the company. Although it follows the procedure of an audit, in the sense that an auditor external to the process is asking how the company is working, there is not a reference standard. The objective of a technology audit is analyzing the potential of the company and it is not if the process is conforming to a rule o standard.
Although it should be a better way to analyze future investments, it is a tool for the directorate, or that can be used in merges to define better a value of the company, but it is not a tool developed to provide information to investors of the financial markets. The reason is that a technology audit is providing a deep vision of the core competences of the business that have a strategic value and it should not be known by the competence. If the information processed by some investment analysts was very good, they should be in a prison cell because industrial espionage is a crime.
Can the value of facebook be analyzed according to the accountancy value of a set of computers? Can the value of apple be analyzed only in function of the money available to buy other enterprises instead of the technologies that its engineers know well?
Rating agencies are imaging the result of a technology audit when they provide a rating, but unfortunately for the investors, the information that are analyzing is very poor and it can be very biased, driven by the company or the competence through the press.
The analysis methodologies that only used well-known data and can provide additional information over the raw data as resilience rating cannot give us a high definition picture of the health state of the company but, probably, are less error prone than other risk analysis techniques because complexity, as a technology audit, is showing the effect of the physical processes on the results, and it is not only a picture of the financial figures.