Audits come in various shapes and sizes – ranging from an initial free audit that we carry out as part of getting to know a new client, to a comprehensive audit that we are engaged to carry out. Whatever the scope of the engagement, the basic process is quite similar and varies in the level of detail in the assessment & report.
Phase I: Discovery
We start the ball rolling by gathering any existing documentation that exists about your IT systems, including network documentation, policy documents & backup / DR / continuity plans.
We use a combination of human & technical measures to assess the status of your systems. This includes running automated discovery & audit tools across your estate as well as manual inspection of key systems.
A comprehensive audit covers all components of your IT infrastructure including server, firewalls, network equipment and endpoints including desktops, laptops and mobile devices.
We also assess any cloud or hosted infrastructure that the organisation operates, with a view to assessing fitness for purpose and performance & reliability.
Business Assessment: Stakeholder Interviews
As part of the audit process we conduct interviews with key stakeholders. Within the comprehensive audit framework we also interview end users in order to get a fuller picture of your business requirements, what components of your infrastructure are and aren’t performing and how your existing infrastructure needs are likely to change in line with your business objectives & strategy over the next 5 years.
As IT professionals, security is a recurring theme that underpins everything we do. No audit would be complete without an assessment of Information Security at your organisation.
We provide several levels of security auditing – a basic security scan that is part of a free assessment, a more in-depth assessment that is part of a comprehensive IT audit, a compliance audit which focuses on security from a regulatory / compliance perspective, and finally we offer a standalone security audit service.
We examine your existing IT sourcing contracts across your entire vendor base, from internet services, cloud services, hardware, software down to printer ink & toner and voice services.
We assess your existing cost base with a view to providing a consolidated view of the financial aspect of running your existing infrastructure. This includes the cost of hardware & software as well as services such as on-going subscription fees, hosting agreements, cloud services, internet provision and the personnel / support costs associated with each of these.
Phase II: Analysis
A thorough analysis is then performed for each of the above assessment areas.
A gap analysis of the technical & security assessments usually reveals a fairly visible set of results that indicate any difference between your existing setup and best practice configurations.
We consolidate the information we have gathered about your supplier relationships and costs and examine this and seek to identify potential for consolidation, cost saving, rationalisation & improved performance and efficiency.
The final part of the analysis is to see how your systems perform vis-a-vis your operational & organisational objectives and align your IT development plan with your overall organisational strategy.
Phase III: Report, Recommendations & Proposal
At the conclusion of the audit our report isn’t just a set of facts and figures about your IT infrastructure that you may or may not have already known.
Our report will contain a detailed & accurate inventory data about your IT estate. You also get a clear analysis of the state of your IT including a gap analysis from best practice where applicable. We also provide a set of actionable recommendations in a ready-to-implement format. Finally, if requested, we will also provide a fully costed proposal to deliver the requisite changes to your system, including a roadmap, timeline & development plan that divides all project work up into stages as may be required to fit in with operational & budgetary constraints.
- All companies can benefit from a change in mindset and begin to utilize regular external IT audits as a way to provide a neutral, third-party opinion about the controls and safeguards in place for the IT systems that a company relies on to conduct business.Joe JablonskiVP / Principal, Cloud Technology Partners