Intro

As an auditor with 29 years of IT auditing experience, I’ve used my fair share of tools to perform audits over the years. From commercial tools to home-grown tools to the standards such as Excel and Access, I’ve used whatever is available to collect data, analyze it, and export it for the workpapers.

About 12 years ago I discovered a platform that would forever change how I performed my audits.  An SOP I reviewed referenced a process that used a PowerShell script.  After some research and a lot of Googling, I realized not only how powerful and versatile this platform was, but that it was free and relatively straightforward to use.  What a discovery!

Using PowerShell not only improved the outcome of the audit I was working on (e.g., didn’t have to sample a population, could audit it in its entirety), but every audit since then.  Not to mention, some aspects of GWDC operations.  (Ever wonder why we say in our conferences that poll responses entered in the chat are counted for CPE credit?  A PowerShell script is used to incorporate them into CPE calculations.)

PowerShell is the primary tool in my toolbox because of its versatility in allowing me to essentially create my own tools.  PowerShell can be used for simple tasks such as combining multiple files into one, or for far more complex tasks such as obtaining source data (such as Active Directory, the web, XML files, etc.), analyzing it, and exporting data into workpaper-friendly format.  Every auditor should have it in their toolkit as well.

 

What is PowerShell 

PowerShell is a command-line interface and scripting language that was designed to assist Windows systems administrators in managing Windows systems.  Microsoft uses it as well to execute tasks inside the Windows Operating System.  PowerShell is free and built-into every Windows operating system.  Over the years, PowerShell has been expanded to work on other platforms such as MacOS and Linux.

As IT auditors, we often use IT tools for audit purposes.  Through PowerShell, you can access information inside Windows systems as well as other Windows applications, such as Active Directory and Encanta (Azure).  Software vendors often write modules for PowerShell so that their software can be accessed through it.  Administrators use PowerShell to obtain data from these sources and execute changes.  For auditors, we only need to obtain data from these sources for our testing and analysis, thus a perfect tool to use for this purpose.

However, PowerShell also has capabilities to handle data that auditors typically use, such as CSV, XML, Word, Excel, and text files.  PowerShell has built-in features that easily import and read this data.  Combined with the scripting capabilities, PowerShell can process large amounts of data and export it into an auditor-friendly CSV file (and many other formats).

 

How Auditors Can Use PowerShell

The best way to illustrate how auditors can use PowerShell is to list a few examples of how I’ve used them over the years.  These are not hypothetical uses but actual scripts I’ve written:

• Queried Active Directory and exported user, computer, and group information into CSV files.
• Imported 30+ Nessus XML files into a single CSV file.
• Combined Windows Log Files, extracted records of interest, and generated an HTML-based report summarizing the activity.
• Combined numerous CSV files (same layout) into a single CSV file.
• Collected Windows configuration information from multiple systems and combined it into CSV files based on configuration type.
• Extracted data from Excel files and combined them into a single file.
• Searched and scraped data from Word documents and exported to a CSV file.
• Collected data from virtualization software regarding virtual machine settings and combined into a single CSV file.
• Queried websites and scraped data from them and combined it into a CSV file.

These are just a few of the examples of how it can be used.  In each of these examples, a PowerShell script was written to obtain the data, format it, and export it how it was needed for the audit.  For example, if date fields need to be sorted, they can be formatted into a sortable format.

 

But Wait, There’s More

PowerShell can also be used for other projects that aren’t specifically related to audits.  For example, in my time volunteering for the GWDC, I’ve used PowerShell to do the following:

• Read data from Word files for chapter events and generate a web page for the chapter website.
• Combine data from Cvent and Zoom, calculate CPEs, and prepare an Excel file that reviewed and uploaded to Cvent for CPE credits.
• Prepare the file of CPE credits that is uploaded to ISACA Global on a quarterly basis.

Any task that requires the import, analysis/manipulation, and export of data is a candidate to use with PowerShell.  Whether it’s IT auditors, Financial Auditors, security professionals, or other IT professionals.

 

How to Start

There are a variety of ways to get started, including opening PowerShell ISE (Integrated Scripting Environment) and practicing the commands in the help section.  Searching the Internet also can help you get started.

For those who would like a hands-on class experience to get started, I am teaching for the GWDC a two-day seminar, Introduction to Auditing with PowerShell®, on November 30 and December 1st. 

For those looking for a more advanced seminar on using PowerShell, I am also teaching for the chapter seminars on Auditing with PowerShell®: Nessus®, Auditing with PowerShell®: Active Directory®, and Auditing with PowerShell®: Azure Active Directory® in 2024.

Whatever path is chosen, auditors should begin (or continue) their journey using PowerShell.  By investing your time to learn this platform and build your own tools, you will be amazed at what you can accomplish.

 

---

 

About the Author

Mike Howard has been an IT auditor for 29 years and has audited a variety of IT technologies and processes.  He has also volunteered for the GWDC for 20 years, primarily designing and operating the Chapter’s website and registration system.  Mike has also taught popular Auditing with PowerShell seminars for the chapter.