The Importance of an IT Audit
If your business is going to stay ahead of the competition, you need a reliable IT department. They provide key support for businesses in every sector. However, the growing sophistication of both internal and external threats means that you must perform a good IT audit, even if you outsource your IT to another company.
94% of companies suffering from a catastrophic data loss do not survive – 43% never reopen and 51% close within two years. (UoT). An IT Audit makes a significant dent in these statistics dropping them. Don’t become one of the statistics.
Understanding IT Audits
So, what exactly is an IT audit?
An IT audit is a specific process for looking at your organisation’s technical configuration from top to bottom. Audits look at infrastructure, Disaster Recovery plans, Data security and policies.
The purpose of an IT audit is to objectively examine the operating profile, software and security and configuration that the IT system of an organisation has. It helps to identify areas where you might be weak to attacks, disaster recovery issues, or possible areas for data loss.
By examining the security and configuration of the infrastructure used by the organisation, businesses can ensure that their IT system is not only protected from data loss but is also safe and secure. Think of an IT audit like a check-up at the doctor’s office – issues are found and identified during the process.
An Audit provided by JLex Networks is presented in non-technical English, split into organisational sections, and gives high level impacts on business operations and recommendations moving forward.
What does the IT Audit Cover?
Amongst many items, these high level categories are covered:
On premise Network hardware
This covers all switching and core network equipment on site, including connectivity. Often the lifeblood of the organisation. Potential issues identified here can cause a higher likely hood off major connection outages, that will often stop an organisation in its tracks.
On premise Servers and highly available hardware.
This is an in depth coverage of physical and virtual servers on premise and covers a large number of items to ensure a major outage or irrecoverable data loss isn’t just around the corner. This section also covers all items linked to this including UPS systems, DR policies and plans, onsite and remote backup and more.
Cloud services
This sections covers all cloud services that the organisation is using, public or private. This covers in depth analysis of the configuration, license usage for cost saving and whether you are using the correct service for the workload. Cost savings are often significant and items that could cause major business outages are frequently identified.
Security and AV
This category includes in an in depth look at the currently patching policy, remove monitoring of virus threats on end user computers and infrastructure. This is often the highest cost impact when things go wrong. The Sony Wannacry hack caused Sony Pictures to cease all USA business operations for a period of over 14 days whilst their infrastructure ground to a halt. This was caused by a combination of poor AV management, poor and outdated patch management, and social engineering. All items that are highlighted on our audit, and items that are often neglected.
The IT Audit Process – Step-by-Step
1. The Planning Stage
A preliminary assessment is done to identify the operating environment, the structure of the company and what software or hardware is being used. This is often done onsite with the on site IT Staff or operational staff.
The IT auditor uses this information to identify auditable categories, plan for the data collection and work out timescales and objectives.
2. Process data collection
A successful IT audit process should cover all parts of your IT process. It should also outline the objectives for the audit and talk about the extent of the audit regarding duration, location, and what areas you’ll cover. Its at this stage that data on internal processes and procedures is obtained.
3. Collecting and Evaluating
Site visits will be carried out to obtain pictures, infrastructure information and identify hardware that is not managed. A remote software scan will also identify all equipment on each logical network and provide a landscape that we can map the data against.
4. Reporting Findings
The Audit findings are written into a comprehensive bound document. This document is split into organisational sections, similar to above, and gives a high level non-technical overview, and low level technical information on each section. Each section gives a grading from A to F, and an overview of what needs to be updated and its impact on the business.
The findings will often then be filtered back into a change management or consultation process to enact these changes. We often carry out these IT Audits for other businesses that have onsite IT resources or a managed support service with a third party. These Audits are used in the latter to ensure that the company is meeting their requirements and to ensure no large holes exist in the configuration.
Final Thoughts
Any IT infrastructure you rely on needs to be audited, whether it’s the in-house team, outsourced IT, cloud service or a mixture. You need to perform regular audits to identify potential major weak points that are unidentified and prevent major outages before they affect your bottom line. 7 out of 10 small businesses that experience a major data loss go out of business within a year! (Source)
For more information on IT audits or to see how JLex can help with yours, contact us today.