What Does An IT Audit Include?
Our IT audit involves detailed testing of your IT environment, which includes, but is not limited to the following key areas:
IT MANAGEMENT
- Initial review of all of your documented IT policies and procedures, identifying any shortfalls and gaps that need to be addressed.
- Assessment of all warranties on hardware and software, identifying any assets that are currently not covered.
- Review of the current server capacities and any that are at risk from malfunction based on age/usage/type.
- Assessment of whether current IT management ensures compliance with IT best practice and regulations (e.g. Data Breach legislation 2018).
IT SECURITY
- Assessment of your current IT security set up, including any risks identified.
- Review of your current Wi-Fi options and their specific security set up.
- Assessment of the current firewall security in place.
- Assessment of the current anti-virus software being utilised.
- Assessment of current security passwords being utilised, with a review of the password lockout/expiration policies.
- Expose weaknesses caused by current software, hardware, networking & security configurations.
- Investigate any know or discovered recent security incidents (i.e. virus infection, successful unauthorised access).
- Analyse workstation environment (desktops/laptops) for business risks.
IT CONFIGURATION
- Assessment of user rights access of all IT platforms, including assessments of administrator access.
- Review controls in place to secure user accounts and enforce security best practice.
- Review the controls for the process of requesting, accessing or changing IT access.
IT BACKUP & DISASTER RECOVERY
The back-up systems and strategy for any site is highly critical and deserves significant and regular attention.
The strategy should be made of multiple layers and offer confidence to the organisation that recovery from minor/major disasters is possible via the regular testing of those layers and the systems involved.
Our IT back-up and disaster recovery audit will include the following testing:
- Review of the current back-up systems, including an assessment whether the systems implemented are sufficient in today’s high-risk cyber fraud environment.
- Identify gaps in your data protection strategy – systems/data not being protected.
- Review of the frequency and detail of disaster recovery testing currently employed.
- Level of encryption implemented for back-ups.
- Depth/History – how long back-ups are maintained before they are deleted.
IT Health Check Process
Whilst each IT audit is unique, generally speaking, our IT health checks follow the following steps:
Step 1: Review documented IT policies and procedures.
This can include backup procedures and disaster recovery, password protection, network configurations and schematics.
Step 2: Obtain Administrator Logins
Our expert IT managers will start by getting access to the all the relevant IT systems and software.
Step 3: Management Planning Meeting
This is an opportunity for you to raise and discuss any particular areas of concern prior to the start of your IT audit.
Step 4: On-Site Audit Testing
On completion of the first 3 steps, we can then start the IT audit process. Typically this can be completed in 2-3 days.
Step 5: IT Audit Report Draft
We will produce a draft report highlighting our key findings and recommendations. This can usually be completed within a week of our on-site audit.
Step 6: Delivery Of Audit Report
You will then receive a copy of the audit report for internal review and discussion. We pride ourselves on ensuring they are written in plain English, avoiding as much technical jargon as possible.
Step 7: Face to Face Meeting
We will then arrange a convenient time to meet with you to discuss the findings of the audit and agree an action plan.
IT Health Check Report
Our IT Audit Report will highlight all risks that are identified as part of our IT Audit, in an easy to read, jargon-free format. Each IT risk identified is assessed by a series of risk ratings.
Each risk is then expanded to identify the IT observation, the risk to your organisation and our recommendations.
There is also an opportunity for the management team to respond to each risk, and assign time frames for corrective actions.
If you choose to have a follow-up IT audit conducted at some point in the future, this report can act as a reference point to assess progress.