Your SlideShare is downloading. ×
×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Technology Audit

299

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
299
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  1. TECHNOLOGY AUDIT
  2. Technology Audit (TA) is an eye-opening innovation from Inspace. TA enables organization leadersunderstand the present IT utilization levels in their organization or business. In terms of importance,TA occupies equal status with Accounting Audits conducted in organizations. TA focuses on threeimportant areas Viz. Business functionality, Ease of Use and Security. It also addresses the threesensitive areas of information/data availability, confidentiality and integrity. The Audit process followsa structured 3 tier methodology. TIER 1: HIGH LEVEL ~ Understanding Vision, Mission and the Business goals of the customer A high level mapping of the current IT deployment in relation to thebusiness objectives ~ Observation and plotting of Possible Gaps between the Business objectives and IT deploy- ~ ment TIER 2: LOW LEVEL DEEP DIVE AUDIT ~ Detailed study of deployed hardware, software, connectivity, power, security, MIS, and usability by end users. Identifying process coverage, data integrity, productivity improvements, reporting frequency ~ andadequacy, training adequacy, and system availability. TIER 3: THE CAPSTONE Audit Findings Report: ~ Gap analysis ~ IT Infrastructure Analysis and recommendations ~ Business Flow Chart – Outline ~ Data backup Analysis and recommendations ~ Key Users knowledge and utilization of various software ~ Softw are License Status and recommendations ~ Core Software utilization TechnologyAudit 1
  3. ~ IT security / Vulner ability Analysis~ Recommendations pertaining to technology upgrade / downgrade~ Training requirements and plan of actionTA SPECTRUM COVERS:~ Power Infrastructure Audit~ Networking Infrastructure Audit~ Server & Backup Infrastructure Audit~ Desktop & Laptop Infrastructure Audit~ Gener ation of Asset (Hardware & Software) Document & Physical Outlay~ Software Licensing Audit~ General Data Security Audit~ Infrastructure Maintenance Audit~ Core Applications Audit~ Internet/Intranet Connectivity Audit~ Communication Audit (Data/Voice/Video)~ Key Users Technology Utilization AuditTechnology Audit recommendations sets the direction for organizations to optimize Return ofInvestment (ROI) on IT. The success of TA is that it does not recommend investing more on IT;rather it helps in getting more out of existing IT investments. Technology Audit recommendationshinge on the following benefits:~ Productivity benefits~ Security benefits~ Cost-saving benefits~ Relationship benefits 2 TechnologyAudit
  4. POWER AUDITThe Power Audit is aimed at ensuring the power related equipment and infrastructure pertainingto IT systems complies with standards, and whether its throughput is in line with the organizationsrequirement for power for optimal efficiency and productivity of the IT systems. Since the powercan come from several sources, the scope of the Audit may include Raw Power, UPS(Online/Offline), UPS/Inverter Batteries, Generators, Inverters, Transformers, Cabling and outlets.Other power equipment if any may be included based on their need on a case-to-case basis.The Power Audit follows a structured approach where critical parameters and readings for effect-ing optimal and sustained throughput across equipments are noted and taken as basic inputs.Wherever necessary, inputs from people involved in managing power infrastructure are also takento ensure that the data gathered is correct and current. Besides, a general inspection of the equip-ments in terms of the age, environment of the equipments and current process of maintenance isdone.Based on the data gathered and observed scenarios, the Audit team prepares the Audit report. TheAudit Report is a detailed presentation of the AS-IS scenarios which are represented as facts.Observed issues and challenges in the existing power set up and the hazards that can impact the ITsystems effective functioning and the resulting effect on business performance is also captured.The culmination of the Audit is the recommendations for corrective action and course of actionwhich is based on firm specific require Technology Audit 3
  5. NETWORK INFRASTRUCTUREAUDITThe Network Audit is a comprehensive audit where all the equipments and devices on the networkcome under the purview. The components under the audit, both active and passive, may includeData Switches, Routers, Hubs, Access Points, Repeaters, Voice Branch Exchanges, Data/VoiceCabling and I/O outlets. Networking equipment out of conventional audit scope may be includedon a case-to-case basis based on the need of the business and technology environment.The Audit follows a predefined process where critical performance parameters and metrics foreffecting optimal and sustained performance across devices and equipments are noted and takenas basic inputs. Wherever necessary, inputs from people involved in managing Network infrastruc-ture are also taken toensure that the data gathered is correct and current. Besides, a generalinspection of the devices and equip-ments in terms of the age, environ-ment of the devices andequipments, and current process ofmaintenance is done.Based on the data and informationgathered, the Audit team maps thebusiness process with the existingnetwork infrastructure to assess fitand compatibility of the infrastruc-ture to meet business objectives.The audit findings are presented inan Audit Repor t whi ch i s a detai l edpresentation of the AS-IS scenarios,observed issues and challenges inthe existing Network. Deficits andhazards that can impact effectiveup-time of networks and systems are clearly identified. The Audit recommendations focuses ontaking corrective action and course of action based on the firm specific requirements and indus-trys best practises and standards. The Audit recommendation is tightly hinged on improvingnetwork throughput and managing and maintaining high up-time. 4 Technology Audit
  6. SERVER & BACKUP INFRASTRUCTUREAUDITThe Server and Backup Audit aims at ensuring IT system exigency plans are in place to handleunexpected failures of IT systems. The other objective of the Audit is also to ascertain whether dataretrieval capability and process is in place. The Audit covers the critical IT system units such asServers, Racks, Backup devices, Data storage equipment and I/O Cables. Firm specific equipmentother the ones mentioned may be included based on business need and the situation on acase-to-case basis. Contingency plans such as Disaster Recovery (DR) and / or Business Continuity(BCP) also come under the purview of the Audit from an Infrastructure backup and readinessperspective.The Audit follows a structured process where critical nodes in the system environment for effectingoptimal and sustained performance across devices and equipments are noted and taken as basic inputs. Wherever necessary, inputs from people involved in managing Server and Backup Infrastructure are also taken to ensure that the data gathered is correct and current. Besides, a general inspection of the devices and equipments in terms of the age, environment of the devices and equipments, and current process of maintenance is done. Based on the data and informa- tion gathered, the Audit team does a State Analysis of the infrastructure and maps it to the business objectives and goals. The Audit findings are presentedin an Audit Report which is a detailed presentation of the State Analysis, observed issues andchallenges in the existing Server and Backup Infrastructure. Deficits and failure points that canimpact effective up-time of Servers and Back up Infrastructure are also clearly identified. The Auditrecommendations focuses on taking corrective action and course of action based on industry widebest practises and standards. The Audit helps System Managers and Administrators to effectivelyidentify and manage failure points and ensure maximised up-time of critical back up devices andequipment. Technology Audit 5
  7. DESKTOP & LAPTOP INFRASTRUCTURE AUDITThe purpose of the Desktop and Laptop Audit is to uncover possible leaks in the desktop andlaptop efficiencies in terms of processing time and usability which can impact overall IT Systemsoutput and people productivity. Organizations where standalone PCs and Laptops are usedwithout servers benefit from this Audit. Similarly, organizations where the number of end usersworking on PCs and laptops are high will certainly need to be audited to ensure effective function-ing. Other end user equipments, if any, may be included based on their need on a case-to-casebasis.The Audit follows a well defined process where each PC and laptop in the organization is fullychecked for optimal and sustained performance. Functional parameters of the PCs and laptops aretaken as inputs from people involved in using them. A general inspection of the PCs and laptops interms of the age, environment of the devices and equipments, and current process of maintenanceis done.The data and information gatheredforms the basis of the Audit recom-mendations. The Audit team doesan AS-IS Analysis of the PC andlaptop environment and maps it tothe productivity and efficiencyobjectives and goals of the organi-zation. The Audit findings arepresented in an Audit Report whichis a detailed presentation of theAS-IS Analysis, observed issues andchallenges in the existing PC andlaptop setup. Functional deficitsand failure points that can impacteffective up-time of PCs andlaptops are also clearly identifiedand noted. The Audit recommen-dations focuses on taking corrective action and course of action based on industry wide bestpractises and standards. This Audit helps System Managers and Administrators to effectivelyidentify and manage failure points and ensure maximised up-time of PCs and laptops. 6 Technology Audit
  8. IT ASSET ASSESSMENT AUDITThis Audit enables organizations to keep check on the IT Assets that are currently deployed in theirorganization. The audit starts with a detailed and exhaustive compilation of all IT and IT related assetscur rently deployed. The compilation contains equipment details, their physical location, quantity,associated user, with additional information. That may be available with the asset management team. Other pertinent information about the IT Assets may be called for by the Audit team and may be included in the audit on a case-to-case basis. To help identify the actual asset placement in the company, an outlay map diagram is additionally generated for each location in the organization. In some cases, a multi-city outlay may be done depending on the geo operations of the organization. The IT Asset outlay depicts the various sections, cabins, departments, building associated with the location. Textual legends assist the reader in gaining accurate information about the placements. Wherever necessary, inputs from people involved in managing the assets are obtained to ensure and validate that the data and information obtained is current and correct. In addition to the IT equipment that is deployed, a software list is generated which captures all the software packages presently installed in the audited computer systems in the organization. The detailed list provides information pertaining to the software products and its versions being currently used. Wherever necessary the asset management team is involved for getting up-to-date and correct information. Technology Audit 7
  9. SOFTWARE AUDITLicense AuditThe primary focus of this audit is to ensure that the audited organization complies with standards,policies and legal framework with respect to installing and using software. All software that iscurrently being used and installed in the computer systems come under the purview of the Audit.The software may include Operating Systems, Office Productivity Software, Accounting Software,ERP Applications and Customized software. Other software may be included in the audit on acase-to-case basis. Additionally, the audit attempts to highlight the security vulnerabilities due tousage of unlicensed software, if any. Wherever necessary, people managing the software assets areinvolved for getting upto-date and correct data and information. The data and information gathered forms the basis of the Audit recommendations. The Audit team analysis the software licenses used and maps it to the legal and security vulnerabilities of the ITsystems. Besides, its impact on businessand governance of the organization isalso analysed. The Audit findings arepresented in an Audit Report where theobserved issues and challenges in theexisting software licenses are detailed.Security deficits and failure points thatcan creep into the system environmentand which can impact smooth opera-tion of IT systems is also detailedwherever applicable. The Audit recom-mendations focuses on taking correc-tive action and course of action basedon industry wide best practises andstandards. This Audit helps S y s t emManagers and Administrators, toeffectively manage IT by adhering tolegally approved and secure use of licensed software. Core Applications Audit The objective of thisAudit is to ensure that the key users of IT systems have understood and are proficient with theapplications they are using as part of their daily operations. The audit process begins by listing thesoftware applications to be audited. To facilitate a structured approach to the audit, the core applica-tions list is grouped into four types as below: 8 TechnologyAudit
  10. ~ Office Productivity Applications – MS Office, Open Office which are used for general office purposes.~ Accounting Applications – Tally etc. which are used for office accounting purposes.~ ERP and Specialized Applications – AutoCAD, CorelDRAW, ERP, customized software which is used for specialized purposes.~ Organization Website – Link check, Enquiry Sheet, Domain Name Renewal and SEO optimization check. The first part of the Core Application Audit is done on the Office Productivity Application with the Clients key users as Auditees. The software version details and features are collected and the users knowledge level of the application features and their proficiency is audited. Similarly, the Accounting Applications, Specialized Applica- tions and the organizations website is audited. Where the web site is of importance to the organi- zation, the websites links, contacts and enquiry sheet page, domain name, renewal status, etc., are noted. Besides, a web search on sites such as Google is carried out to find out the present SEO optimization levels of the web site. This is done using relevant keywords. The data and information gathered forms the basis of the Audit Report and recommendations. TheCore Applications Audit focuses on taking corrective action and course of action based on industrywide best practises and standards. This Audit helps Key end users of core applications keep a checkon their knowledge proficiency levels in using application software and also to effectively improvetheir productivity and efficiency. Technology Audit 9
  11. GENERAL DATA SECURITY AUDITThis is a comprehensive audit that focuses on the security and safety of IT infrastructure deployedand data associated with it. The audit encompasses both Physical as well as Virtual Data security.Information with regard to Physical Access & Security, Virtual Data Access control comprising ofthe following is recorded: ~ Data Access Control ~ User Authentication System ~ Data Folder Structure / Permission ~ Storage Media Control ~ Data Leak Protection ~ Internet / Intranet / Email Security ~ Firewall Setup ~ Anti-SPAM Setup / Anti-Virus /Anti-Spyware Setup ~ Data Protection ~ Software Patch Management ~ Vulner ability Assessment ~ Gener al Assessment (fire protection,Any other security related details not mentioned above may be gathered for inclusion in the auditbased on need and on a case-to-case basis. The data and information gathered forms the basis of the Audit recommendations. The Audit team does an AS-IS Analysis of the Security environment and maps it to the organizations business process, objectives and goals of the organization. The Audit findings are presented in an Audit Report which is a detailed presentation of the AS-IS Analysis, observed issues and challenges in the existing set up. Deficits and gaps in the security features, and vulnerability and failure points that can negatively impact data and IT security are also clearly identified and noted. The Audit recommendations focuses ontaking corrective action and course of action based on industry wide best practises and standards.This Audit helps System Managers and Administrators to effectively identify and manage dataleakage and unethical data access vulnerabilities and also ensure maximised security of IT systems. 10 Technology Audit
  12. INFRASTRUCTURE MAINTENANCE AUDITThe Infrastructure maintenance audit is aimed at ensuring that the IT systems are covered appro-priately in terms of warranties, guarantees, on-call support and AMCs by the respective productvendors. Further, the audit also checks the Total Cost of Ownership (TCO) of IT Infrastructure inrelation to sustained maintenance. Data and information pertaining to all the hardware andsoftware deployed is gathered. Wherever necessary, peopleinvolved in managing IT Infrastructure are met to obtaincurrent and correct data and information. A physical verifica-tion based on the collected details is carried out on a randombasis to ensure data correctness.Once the essential information is available, a detailed report onthe observations is made. Based on the existing industry stand-ards and best practices, a recommendation report is draftedtowards the observations made. The recommendations wouldcite the corrective actions and course of action that need to be put in place in order to counter-balance the existing problems and potential issues identified.INTERNET/INTRANET CONNECTIVITY AUDITWith internet and intranet usage in organizations increasing by the day, it is increasingly impera-tive to manage these technologies with a view to gettingmaximised benefits in terms cost and quality. In this audit,details pertaining to all connectivity solutions deployed in theorganization come under the purview. The connectivitysolutions may Internet / Intranet connectivity, Virtual PrivateNetwork (VPN), Radio Frequency (RF) and Metro Area Network(MAN). Other connectivity solutions may be included based ontheir need on a case-to-case basis. All necessary and criticalparameters are noted with utmost care. Wherever necessary, theconcerned people who manage these technologies andsolutions are involved for getting up-to-date and correctinformation. The Audit Report is a compilation of the collecteddata and information. The Report would identify and highlight the existing deficits and anomaliesin deployed solution, if any. Cost and quality implications and impact on business is detailed aspart of the Report. Recommendations are made for corrective action and course of action basedon industry standards and best practices with the objective of improving efficiency and productiv-ity of the solutions and technologies deployed. Technology Audit 11
  13. COMMUNICATIONS AUDITThe Communications Audit is aimed at ensuring that the commu-nication technologies such as Data, Voice and Video deployedwithin the organization are cost effective and that it deliversoptimal value for money. During this audit, the billing details of allIT related communication solutions are taken as inputs. Thecommunications solutions may include Telephone Landlines,Mobiles, Internet connections and Videoconferencing. Othercommunication solutions may be included in the Audit based onbusiness need and on a caseto- case basis. The previous expensesincurred in the past one quarter on communication technologies are audited. Bills and Invoicespertaining to the same are scrutinized. Wherever necessary the people handling these technologiesand the decision makers for adoption of these communication solutions are also involved forgetting up-to-date and correct information.The Audit Report is a detailed presentation of the AS-IS situation and the observations. Cost andutilization anomalies, wherever present, is also highlighted as part of the report. Based on the auditfindings, the audit team presents the recommendations based on a best solutions paradigm witha clear objective to improve on cost and quality of communications solutions deployed. The recom-mendations may also include upgrade, downgrade or change of solutions to effect long termproductivity and cost savings for the business.TECHNOLOGY UTILIZATION AUDIT – QUALITATIVE This is a qualitative audit where a questionnaire is designed, prepared and sent to all the key usersof IT systems in the organization. The questionnaire is used as a medium to gather data andinformation pertaining to the technology utilization of each key user. The questionnaire carriesquestions that are objective and descriptive. The data gathered isanalysed by the audit team. Besides, the key users are interviewedon a one-on-one basis so as with the objective to elucidateinformation that may be possible to capture through thequestionnaire. The Audit Report is a compilation of the technol-ogy utilization patterns and habits of the key users. Based on thefindings, the Audit recommendation is made with a view to takecorrective steps, if any, in the way IT systems are used in theorganization thereby create avenues for positive impact onbusiness operations. 12 Technology Audit
  14. 38/96, AH Block, 4th Street, Shanthi Colony, Anna Nagar, Chennai - 600 040. India.Tel: +91-44-4353 1781 / 4353 1791 Fax: +91-2622 0430 Email: info@inspacetech.com

×