SlideShare a Scribd company logo

Technology audit

Arish Roy
Arish Roy

Technology audit

Technology
1 of 14
Download to read offline
TECHNOLOGY AUDIT
Technology Audit (TA) is an eye-opening innovation from Inspace. TA enables organization leaders understand the present IT utilization levels in their organization or business. In terms of importance, TA occupies equal status with Accounting Audits conducted in organizations. TA focuses on three important areas Viz. Business functionality, Ease of Use and Security. It also addresses the three sensitive areas of information/data availability, confidentiality and integrity. The Audit process follows a structured 3 tier methodology. TIER 1: HIGH LEVEL ~ Understanding Vision, Mission and the Business goals of the customer ~ A high level mapping of the current IT deployment in relation to thebusiness objectives ~ Observation and plotting of Possible Gaps between the Business objectives and IT deployment TIER 2: LOW LEVEL DEEP DIVE AUDIT ~ Detailed study of deployed hardware, software, connectivity, power, security, MIS, and usability by end users. ~ Identifying process coverage, data integrity, productivity improvements, reporting frequency and adequacy, training adequacy, and system availability. TIER 3: THE CAPSTONE Audit Findings Report: ~ Gap analysis ~ IT Infrastructure Analysis and recommendations ~ Business Flow Chart – Outline ~ Data backup Analysis and recommendations ~ Key User's knowledge and utilization of various software ~ Software License Status and recommendations ~ Core Software utilization Technology Audit 1
~ IT security / Vulnerability Analysis ~ Recommendations pertaining to technology upgrade / downgrade ~ Training requirements and plan of action TA SPECTRUM COVERS: ~ Power Infrastructure Audit ~ Networking Infrastructure Audit ~ Server & Backup Infrastructure Audit ~ Desktop & Laptop Infrastructure Audit ~ Generation of Asset (Hardware & Software) Document & Physical Outlay ~ Software Licensing Audit ~ General Data Security Audit ~ Infrastructure Maintenance Audit ~ Core Applications Audit ~ Internet/Intranet Connectivity Audit ~ Communication Audit (Data/Voice/Video) ~ Key Users' Technology Utilization Audit Technology Audit recommendations sets the direction for organizations to optimize Return of Investment (ROI) on IT. The success of TA is that it does not recommend investing more on IT; rather it helps in getting more out of existing IT investments. Technology Audit recommendations hinge on the following benefits: ~ Productivity benefits ~ Security benefits ~ Cost-saving benefits ~ Relationship benefits 2 Technology Audit
POWER AUDIT The Power Audit is aimed at ensuring the power related equipment and infrastructure pertaining to IT systems complies with standards, and whether its throughput is in line with the organization's requirement for power for optimal efficiency and productivity of the IT systems. Since the power can come from several sources, the scope of the Audit may include Raw Power, UPS (Online/Offline), UPS/Inverter Batteries, Generators, Inverters, Transformers, Cabling and outlets. Other power equipment if any may be included based on their need on a case-to-case basis. The Power Audit follows a structured approach where critical parameters and readings for effecting optimal and sustained throughput across equipments are noted and taken as basic inputs. Wherever necessary, inputs from people involved in managing power infrastructure are also taken to ensure that the data gathered is correct and current. Besides, a general inspection of the equipments in terms of the age, environment of the equipments and current process of maintenance is done. Based on the data gathered and observed scenarios, the Audit team prepares the Audit report. The Audit Report is a detailed presentation of the AS-IS scenarios which are represented as facts. Observed issues and challenges in the existing power set up and the hazards that can impact the IT system's effective functioning and the resulting effect on business performance is also captured. The culmination of the Audit is the recommendations for corrective action and course of action which is based on firm specific requirements and industry's best practises and standards. Technology Audit 3
NETWORK INFRASTRUCTURE AUDIT The Network Audit is a comprehensive audit where all the equipments and devices on the network come under the purview. The components under the audit, both active and passive, may include Data Switches, Routers, Hubs, Access Points, Repeaters, Voice Branch Exchanges, Data/Voice Cabling and I/O outlets. Networking equipment out of conventional audit scope may be included on a case-to-case basis based on the need of the business and technology environment. The Audit follows a predefined process where critical performance parameters and metrics for effecting optimal and sustained performance across devices and equipments are noted and taken as basic inputs. Wherever necessary, inputs from people involved in managing Network infrastructure are also taken to ensure that the data gathered is correct and current. Besides, a general inspection of the devices and equipments in terms of the age, environment of the devices and equipments, and current process of maintenance is done. Based on the data and information gathered, the Audit team maps the business process with the existing network infrastructure to assess fit and compatibility of the infrastructure to meet business objectives. The audit findings are presented in an Audit Report which is a detailed presentation of the AS-IS scenarios, observed issues and challenges in the existing Network. Deficits and hazards that can impact effective up-time of networks and systems are clearly identified. The Audit rec0mmendations focuses on taking corrective action and course of action based on the firm specific requirements and industry's best practises and standards. The Audit recommendation is tightly hinged on improving network throughput and managing and maintaining high up-time. 4 Technology Audit
SERVER & BACKUP INFRASTRUCTURE AUDIT The Server and Backup Audit aims at ensuring IT system exigency plans are in place to handle unexpected failures of IT systems. The other objective of the Audit is also to ascertain whether data retrieval capability and process is in place. The Audit covers the critical IT system units such as Servers, Racks, Backup devices, Data storage equipment and I/O Cables. Firm specific equipment other the ones mentioned may be included based on business need and the situation on a case-to-case basis. Contingency plans such as Disaster Recovery (DR) and / or Business Continuity (BCP) also come under the purview of the Audit from an Infrastructure backup and readiness perspective. The Audit follows a structured process where critical nodes in the system environment for effecting optimal and sustained performance across devices and equipments are noted and taken as basic inputs. Wherever necessary, inputs from people involved in managing Server and Backup Infrastructure are also taken to ensure that the data gathered is correct and current. Besides, a general inspection of the devices and equipments in terms of the age, environment of the devices and equipments, and current process of maintenance is done. Based on the data and information gathered, the Audit team does a State Analysis of the infrastructure and maps it to the business objectives and goals. The Audit findings are presented in an Audit Report which is a detailed presentation of the State Analysis, observed issues and challenges in the existing Server and Backup Infrastructure. Deficits and failure points that can impact effective up-time of Servers and Back up Infrastructure are also clearly identified. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. The Audit helps System Managers and Administrators to effectively identify and manage failure points and ensure maximised up-time of critical back up devices and equipment. Technology Audit 5
DESKTOP & LAPTOP INFRASTRUCTURE AUDIT The purpose of the Desktop and Laptop Audit is to uncover possible leaks in the desktop and laptop efficiencies in terms of processing time and usability which can impact overall IT System's output and people productivity. Organizations where standalone PCs and Laptops are used without servers benefit from this Audit. Similarly, organizations where the number of end users working on PCs and laptops are high will certainly need to be audited to ensure effective functioning. Other end user equipments, if any, may be included based on their need on a case-to-case basis. The Audit follows a well defined process where each PC and laptop in the organization is fully checked for optimal and sustained performance. Functional parameters of the PCs and laptops are taken as inputs from people involved in using them. A general inspection of the PCs and laptops in terms of the age, environment of the devices and equipments, and current process of maintenance is done. The data and information gathered forms the basis of the Audit recommendations. The Audit team does an AS-IS Analysis of the PC and laptop environment and maps it to the productivity and efficiency objectives and goals of the organization. The Audit findings are presented in an Audit Report which is a detailed presentation of the AS-IS Analysis, observed issues and challenges in the existing PC and laptop setup. Functional deficits and failure points that can impact effective up-time of PCs and laptops are also clearly identified and noted. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps System Managers and Administrators to effectively identify and manage failure points and ensure maximised up-time of PCs and laptops. 6 Technology Audit
IT ASSET ASSESSMENT AUDIT This Audit enables organizations to keep check on the IT Assets that are currently deployed in their organization. The audit starts with a detailed and exhaustive compilation of all IT and IT related assets currently deployed. The compilation contains equipment details, their physical location, quantity, associated user, with additional information that may be available with the asset management team. Other pertinent information about the IT Assets may be called for by the Audit team and may be included in the audit on a case-to-case basis. To help identify the actual asset placement in the company, an outlay map diagram is additionally generated for each location in the organization. In some cases, a multi-city outlay may be done depending on the geo operations of the organization. The IT Asset outlay depicts the various sections, cabins, departments, building associated with the location. Textual legends assist the reader in gaining accurate information about the placements. Wherever necessary, inputs from people involved in managing the assets are obtained to ensure and validate that the data and information obtained is current and correct. In addition to the IT equipment that is deployed, a software list is generated which captures all the software packages presently installed in the audited computer systems in the organization. The detailed list provides information pertaining to the software products and its versions being currently used. Wherever necessary the asset management team is involved for getting up-to-date and correct information. Technology Audit 7
SOFTWARE AUDIT License Audit The primary focus of this audit is to ensure that the audited organization complies with standards, policies and legal framework with respect to installing and using software. All software that is currently being used and installed in the computer systems come under the purview of the Audit. The software may include Operating Systems, Office Productivity Software, Accounting Software, ERP Applications and Customized software. Other software may be included in the audit on a case-to-case basis. Additionally, the audit attempts to highlight the security vulnerabilities due to usage of unlicensed software, if any. Wherever necessary, people managing the software assets are involved for getting up- to-date and correct data and information. The data and information gathered forms the basis of the Audit recommendations. The Audit team analysis the software licenses used and maps it to the legal and security vulnerabilities of the IT systems. Besides, its impact on business and governance of the organization is also analysed. The Audit findings are presented in an Audit Report where the observed issues and challenges in the existing software licenses are detailed. Security deficits and failure points that can creep into the system environment and which can impact smooth operation of IT systems is also detailed wherever applicable. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps System Managers and Administrators, to effectively manage IT by adhering to legally approved and secure use of licensed software. Core Applications Audit The objective of this Audit is to ensure that the key users of IT systems have understood and are proficient with the applications they are using as part of their daily operations. The audit process begins by listing the software applications to be audited. To facilitate a structured approach to the audit, the core applications list is grouped into four types as below: 8 Technology Audit
~ Office Productivity Applications – MS Office, Open Office which are used for general office purposes. ~ Accounting Applications – Tally etc. which are used for office accounting purposes. ~ ERP and Specialized Applications – AutoCAD, CorelDRAW, ERP, customized software which is used for specialized purposes. ~ Organization Website – Link check, Enquiry Sheet, Domain Name Renewal and SEO optimization check. The first part of the Core Application Audit is done on the Office Productivity Application with the Client's key users as Auditees. The software version details and features are collected and the users' knowledge level of the application features and their proficiency is audited. Similarly, the Accounting Applications, Specialized Applications and the organization's website is audited. Where the web site is of importance to the organization, the website's links, contacts and enquiry sheet page, domain name, renewal status, etc., are noted. Besides, a web search on sites such as Google is carried out to find out the present SEO optimization levels of the web site. This is done using relevant keywords. The data and information gathered forms the basis of the Audit Report and recommendations. The Core Applications Audit focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps Key end users of core applications keep a check on their knowledge proficiency levels in using application software and also to effectively improve their productivity and efficiency. Technology Audit 9
GENERAL DATA SECURITY AUDIT This is a comprehensive audit that focuses on the security and safety of IT infrastructure deployed and data associated with it. The audit encompasses both Physical as well as Virtual Data security. Information with regard to Physical Access & Security, Virtual Data Access control comprising of the following is recorded: ~ Data Access Control ~ User Authentication System ~ Data Folder Structure / Permission ~ Storage Media Control ~ Data Leak Protection ~ Internet / Intranet / Email Security ~ Firewall Setup ~ Anti-SPAM Setup / Anti-Virus / Anti-Spyware Setup ~ Data Protection ~ Software Patch Management ~ Vulnerability Assessment ~ General Assessment (fire protection, burglar alarms, security personnel) Any other security related details not mentioned above may be gathered for inclusion in the audit based on need and on a case-to-case basis. The data and information gathered forms the basis of the Audit recommendations. The Audit team does an AS-IS Analysis of the Security environment and maps it to the organizations business process, objectives and goals of the organization. The Audit findings are presented in an Audit Report which is a detailed presentation of the AS-IS Analysis, observed issues and challenges in the existing set up. Deficits and gaps in the security features, and vulnerability and failure points that can negatively impact data and IT security are also clearly identified and noted. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps System Managers and Administrators to effectively identify and manage data leakage and unethical data access vulnerabilities and also ensure maximised security of IT systems. 10 Technology Audit
INFRASTRUCTURE MAINTENANCE AUDIT The Infrastructure maintenance audit is aimed at ensuring that the IT systems are covered appropriately in terms of warranties, guarantees, on-call support and AMCs by the respective product vendors. Further, the audit also checks the Total Cost of Ownership (TCO) of IT Infrastructure in relation to sustained maintenance. Data and information pertaining to all the hardware and software deployed is gathered. Wherever necessary, people involved in managing IT Infrastructure are met to obtain current and correct data and information. A physical verification based on the collected details is carried out on a random basis to ensure data correctness. Once the essential information is available, a detailed report on the observations is made. Based on the existing industry standards and best practices, a recommendation report is drafted towards the observations made. The recommendations would cite the corrective actions and course of action that need to be put in place in order to counter-balance the existing problems and potential issues identified. INTERNET/INTRANET CONNECTIVITY AUDIT With internet and intranet usage in organizations increasing by the day, it is increasingly imperative to manage these technologies with a view to getting maximised benefits in terms cost and quality. In this audit, details pertaining to all connectivity solutions deployed in the organization come under the purview. The connectivity solutions may Internet / Intranet connectivity, Virtual Private Network (VPN), Radio Frequency (RF) and Metro Area Network (MAN). Other connectivity solutions may be included based on their need on a case-to-case basis. All necessary and critical parameters are noted with utmost care. Wherever necessary, the concerned people who manage these technologies and solutions are involved for getting up-to-date and correct information. The Audit Report is a compilation of the collected data and information. The Report would identify and highlight the existing deficits and anomalies in deployed solution, if any. Cost and quality implications and impact on business is detailed as part of the Report. Recommendations are made for corrective action and course of action based on industry standards and best practices with the objective of improving efficiency and productivity of the solutions and technologies deployed. Technology Audit 11
COMMUNICATIONS AUDIT The Communications Audit is aimed at ensuring that the communication technologies such as Data, Voice and Video deployed within the organization are cost effective and that it delivers optimal value for money. During this audit, the billing details of all IT related communication solutions are taken as inputs. The communications solutions may include Telephone Landlines, Mobiles, Internet connections and Videoconferencing. Other communication solutions may be included in the Audit based on business need and on a case- to-case basis. The previous expenses incurred in the past one quarter on communication technologies are audited. Bills and Invoices pertaining to the same are scrutinized. Wherever necessary the people handling these technologies and the decision makers for adoption of these communication solutions are also involved for getting up-to-date and correct information. The Audit Report is a detailed presentation of the AS-IS situation and the observations. Cost and utilization anomalies, wherever present, is also highlighted as part of the report. Based on the audit findings, the audit team presents the recommendations based on a 'best solutions paradigm' with a clear objective to improve on cost and quality of communications solutions deployed. The recommendations may also include upgrade, downgrade or change of solutions to effect long term productivity and cost savings for the business. TECHNOLOGY UTILIZATION AUDIT – QUALITATIVE This is a qualitative audit where a questionnaire is designed, prepared and sent to all the key users of IT systems in the organization. The questionnaire is used as a medium to gather data and information pertaining to the technology utilization of each key user. The questionnaire carries questions that are objective and descriptive. The data gathered is analysed by the audit team. Besides, the key users are interviewed on a one-on-one basis so as with the objective to elucidate information that may be possible to capture through the questionnaire. The Audit Report is a compilation of the technology utilization patterns and habits of the key users. Based on the findings, the Audit recommendation is made with a view to take corrective steps, if any, in the way IT systems are used in the organization thereby create avenues for positive impact on business operations. 12 Technology Audit
38/96, AH Block, 4th Street, Shanthi Colony, Anna Nagar, Chennai - 600 040. India. Tel: +91-44-4353 1781 / 4353 1791 Fax: +91-2622 0430 Email: info@inspacetech.com

Recommended

Technology Audit Seminar - ISTE2010
Technology Audit Seminar - ISTE2010Technology Audit Seminar - ISTE2010
Technology Audit Seminar - ISTE2010
nctplarry
 
Technology audit by Magdy El messiry
Technology audit by Magdy El messiryTechnology audit by Magdy El messiry
Technology audit by Magdy El messiry
Magdy El Messiry
 
INTEGRATION OF PEOPLE AND TECHNOLOGY
INTEGRATION OF PEOPLE AND TECHNOLOGYINTEGRATION OF PEOPLE AND TECHNOLOGY
INTEGRATION OF PEOPLE AND TECHNOLOGY
Manvik Joshi
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
360 BSI
 
Technology and Managing People Keeping the “Human” in Human Resources
Technology and Managing People Keeping the “Human” in Human Resources Technology and Managing People Keeping the “Human” in Human Resources
Technology and Managing People Keeping the “Human” in Human Resources
Jo Balucanag - Bitonio
 
Technology forcasting ch#5
Technology forcasting ch#5Technology forcasting ch#5
Technology forcasting ch#5
Yasir Abbas
 
IRJET- Speech and Hearing
IRJET- Speech and HearingIRJET- Speech and Hearing
IRJET- Speech and Hearing
IRJET Journal
 
Introduction to Technology Assessments As tool for Forecasting and evaluation...
Introduction to Technology Assessments As tool for Forecasting and evaluation...Introduction to Technology Assessments As tool for Forecasting and evaluation...
Introduction to Technology Assessments As tool for Forecasting and evaluation...
Premsankar Chakkingal
 

Recommended

Technology Audit Seminar - ISTE2010
Technology Audit Seminar - ISTE2010Technology Audit Seminar - ISTE2010
Technology Audit Seminar - ISTE2010
nctplarry
 
Technology audit by Magdy El messiry
Technology audit by Magdy El messiryTechnology audit by Magdy El messiry
Technology audit by Magdy El messiry
Magdy El Messiry
 
INTEGRATION OF PEOPLE AND TECHNOLOGY
INTEGRATION OF PEOPLE AND TECHNOLOGYINTEGRATION OF PEOPLE AND TECHNOLOGY
INTEGRATION OF PEOPLE AND TECHNOLOGY
Manvik Joshi
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
360 BSI
 
Technology and Managing People Keeping the “Human” in Human Resources
Technology and Managing People Keeping the “Human” in Human Resources Technology and Managing People Keeping the “Human” in Human Resources
Technology and Managing People Keeping the “Human” in Human Resources
Jo Balucanag - Bitonio
 
Technology forcasting ch#5
Technology forcasting ch#5Technology forcasting ch#5
Technology forcasting ch#5
Yasir Abbas
 
IRJET- Speech and Hearing
IRJET- Speech and HearingIRJET- Speech and Hearing
IRJET- Speech and Hearing
IRJET Journal
 
Introduction to Technology Assessments As tool for Forecasting and evaluation...
Introduction to Technology Assessments As tool for Forecasting and evaluation...Introduction to Technology Assessments As tool for Forecasting and evaluation...
Introduction to Technology Assessments As tool for Forecasting and evaluation...
Premsankar Chakkingal
 
Kirksey kirk
Kirksey kirkKirksey kirk
Kirksey kirk
Habtamu Tezera
 
Cybersecurity strategy-brief-to-itc final-17_apr2015
Cybersecurity strategy-brief-to-itc final-17_apr2015Cybersecurity strategy-brief-to-itc final-17_apr2015
Cybersecurity strategy-brief-to-itc final-17_apr2015
IT Strategy Group
 
MG6088 SOFTWARE PROJECT MANAGEMENT
MG6088 SOFTWARE PROJECT MANAGEMENTMG6088 SOFTWARE PROJECT MANAGEMENT
MG6088 SOFTWARE PROJECT MANAGEMENT
Kathirvel Ayyaswamy
 
Technology assessment
Technology assessmentTechnology assessment
Technology assessment
Lassonde School of Engineering
 
Capstone Final Project
Capstone Final ProjectCapstone Final Project
Capstone Final Project
chris odle
 
IRJET- A Case Study Analysis through the Implementation of Value Engineering
IRJET- A Case Study Analysis through the Implementation of Value EngineeringIRJET- A Case Study Analysis through the Implementation of Value Engineering
IRJET- A Case Study Analysis through the Implementation of Value Engineering
IRJET Journal
 
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09
Gaiani (CarnCorpAudit)
 
IRJET- Most Efficient Critical Success Factor for Construction
IRJET- Most Efficient Critical Success Factor for ConstructionIRJET- Most Efficient Critical Success Factor for Construction
IRJET- Most Efficient Critical Success Factor for Construction
IRJET Journal
 
Technology Forecasting - Monitoring and Intelligence Methods
Technology Forecasting - Monitoring and Intelligence MethodsTechnology Forecasting - Monitoring and Intelligence Methods
Technology Forecasting - Monitoring and Intelligence Methods
Mufaddal Nullwala
 
Chap6 2007 Cisa Review Course
Chap6 2007 Cisa Review CourseChap6 2007 Cisa Review Course
Chap6 2007 Cisa Review Course
Desmond Devendran
 
Schwalbe 07 projectcost
Schwalbe 07 projectcostSchwalbe 07 projectcost
Schwalbe 07 projectcost
ProjectManager247
 
Simonsen.vonnie
Simonsen.vonnieSimonsen.vonnie
Simonsen.vonnie
NASAPMC
 
Contextualized Software Configuration Management Model For Small And Medium S...
Contextualized Software Configuration Management Model For Small And Medium S...Contextualized Software Configuration Management Model For Small And Medium S...
Contextualized Software Configuration Management Model For Small And Medium S...
theijes
 
Maturity modle proposal v1 networked business quickversion
Maturity modle proposal v1 networked business quickversionMaturity modle proposal v1 networked business quickversion
Maturity modle proposal v1 networked business quickversion
Jan Kwiecien
 
Mobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedMobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons Learned
Nimonik
 
Technology forecasting
Technology forecastingTechnology forecasting
Technology forecasting
RajThakuri
 
Methods or Techniques of Technology Forecasting
Methods or Techniques of Technology ForecastingMethods or Techniques of Technology Forecasting
Methods or Techniques of Technology Forecasting
Harinadh Karimikonda
 
Running head finding job as a cyber security specialistfinding
Running head finding job as a cyber security specialistfinding Running head finding job as a cyber security specialistfinding
Running head finding job as a cyber security specialistfinding
DIPESH30
 
UM MBA Program: Technology Assessment Process
UM MBA Program: Technology Assessment ProcessUM MBA Program: Technology Assessment Process
UM MBA Program: Technology Assessment Process
William J. Brown
 
Understanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KYUnderstanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KY
Dawn Yankeelov
 
Vas India Office Older Version
Vas India Office Older VersionVas India Office Older Version
Vas India Office Older Version
one97ppt
 
Technology audit case studies final
Technology audit case studies finalTechnology audit case studies final
Technology audit case studies final
Magdy El Messiry
 

More Related Content

What's hot

Capstone Final Project
Capstone Final ProjectCapstone Final Project
Capstone Final Project
chris odle
 
Chap6 2007 Cisa Review Course
Chap6 2007 Cisa Review CourseChap6 2007 Cisa Review Course
Chap6 2007 Cisa Review Course
Desmond Devendran
 
Simonsen.vonnie
Simonsen.vonnieSimonsen.vonnie
Simonsen.vonnie
NASAPMC
 
Methods or Techniques of Technology Forecasting
Methods or Techniques of Technology ForecastingMethods or Techniques of Technology Forecasting
Methods or Techniques of Technology Forecasting
Harinadh Karimikonda
 

What's hot (20)

Kirksey kirk
Kirksey kirkKirksey kirk
Kirksey kirk
 
Cybersecurity strategy-brief-to-itc final-17_apr2015
Cybersecurity strategy-brief-to-itc final-17_apr2015Cybersecurity strategy-brief-to-itc final-17_apr2015
Cybersecurity strategy-brief-to-itc final-17_apr2015
 
MG6088 SOFTWARE PROJECT MANAGEMENT
MG6088 SOFTWARE PROJECT MANAGEMENTMG6088 SOFTWARE PROJECT MANAGEMENT
MG6088 SOFTWARE PROJECT MANAGEMENT
 
Technology assessment
Technology assessmentTechnology assessment
Technology assessment
 
Capstone Final Project
Capstone Final ProjectCapstone Final Project
Capstone Final Project
 
IRJET- A Case Study Analysis through the Implementation of Value Engineering
IRJET- A Case Study Analysis through the Implementation of Value EngineeringIRJET- A Case Study Analysis through the Implementation of Value Engineering
IRJET- A Case Study Analysis through the Implementation of Value Engineering
 
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09
 
IRJET- Most Efficient Critical Success Factor for Construction
IRJET- Most Efficient Critical Success Factor for ConstructionIRJET- Most Efficient Critical Success Factor for Construction
IRJET- Most Efficient Critical Success Factor for Construction
 
Technology Forecasting - Monitoring and Intelligence Methods
Technology Forecasting - Monitoring and Intelligence MethodsTechnology Forecasting - Monitoring and Intelligence Methods
Technology Forecasting - Monitoring and Intelligence Methods
 
Chap6 2007 Cisa Review Course
Chap6 2007 Cisa Review CourseChap6 2007 Cisa Review Course
Chap6 2007 Cisa Review Course
 
Schwalbe 07 projectcost
Schwalbe 07 projectcostSchwalbe 07 projectcost
Schwalbe 07 projectcost
 
Simonsen.vonnie
Simonsen.vonnieSimonsen.vonnie
Simonsen.vonnie
 
Contextualized Software Configuration Management Model For Small And Medium S...
Contextualized Software Configuration Management Model For Small And Medium S...Contextualized Software Configuration Management Model For Small And Medium S...
Contextualized Software Configuration Management Model For Small And Medium S...
 
Maturity modle proposal v1 networked business quickversion
Maturity modle proposal v1 networked business quickversionMaturity modle proposal v1 networked business quickversion
Maturity modle proposal v1 networked business quickversion
 
Mobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedMobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons Learned
 
Technology forecasting
Technology forecastingTechnology forecasting
Technology forecasting
 
Methods or Techniques of Technology Forecasting
Methods or Techniques of Technology ForecastingMethods or Techniques of Technology Forecasting
Methods or Techniques of Technology Forecasting
 
Running head finding job as a cyber security specialistfinding
Running head finding job as a cyber security specialistfinding Running head finding job as a cyber security specialistfinding
Running head finding job as a cyber security specialistfinding
 
UM MBA Program: Technology Assessment Process
UM MBA Program: Technology Assessment ProcessUM MBA Program: Technology Assessment Process
UM MBA Program: Technology Assessment Process
 
Understanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KYUnderstanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KY
 

Viewers also liked

Technology audit case studies final
Technology audit case studies finalTechnology audit case studies final
Technology audit case studies final
Magdy El Messiry
 
Women’s INpowerment: The First-ever Global Survey to Hear Voice, Value and Vi...
Women’s INpowerment: The First-ever Global Survey to Hear Voice, Value and Vi...Women’s INpowerment: The First-ever Global Survey to Hear Voice, Value and Vi...
Women’s INpowerment: The First-ever Global Survey to Hear Voice, Value and Vi...
Deanna Kosaraju
 
Architecture for Humanity 5 Year Strategic Plan // Yr 15 to 20
Architecture for Humanity 5 Year Strategic Plan // Yr 15 to 20Architecture for Humanity 5 Year Strategic Plan // Yr 15 to 20
Architecture for Humanity 5 Year Strategic Plan // Yr 15 to 20
Cameron Sinclair
 

Viewers also liked (8)

Vas India Office Older Version
Vas India Office Older VersionVas India Office Older Version
Vas India Office Older Version
 
Technology audit case studies final
Technology audit case studies finalTechnology audit case studies final
Technology audit case studies final
 
Women’s INpowerment: The First-ever Global Survey to Hear Voice, Value and Vi...
Women’s INpowerment: The First-ever Global Survey to Hear Voice, Value and Vi...Women’s INpowerment: The First-ever Global Survey to Hear Voice, Value and Vi...
Women’s INpowerment: The First-ever Global Survey to Hear Voice, Value and Vi...
 
Strategic plan
Strategic planStrategic plan
Strategic plan
 
Goal Setting For Business
Goal Setting For BusinessGoal Setting For Business
Goal Setting For Business
 
Architecture for Humanity 5 Year Strategic Plan // Yr 15 to 20
Architecture for Humanity 5 Year Strategic Plan // Yr 15 to 20Architecture for Humanity 5 Year Strategic Plan // Yr 15 to 20
Architecture for Humanity 5 Year Strategic Plan // Yr 15 to 20
 
Energy efficiency of industrial utilities
Energy efficiency of industrial utilitiesEnergy efficiency of industrial utilities
Energy efficiency of industrial utilities
 
Developing A Strategic Business Plan
Developing A Strategic Business PlanDeveloping A Strategic Business Plan
Developing A Strategic Business Plan
 

Similar to Technology audit

Technology Audit
Technology AuditTechnology Audit
Technology Audit
Arish Roy
 
Technology audit presentation
Technology audit presentationTechnology audit presentation
Technology audit presentation
Arish Roy
 
Oerlikon Balzers 90 Day Plan Of Action
Oerlikon Balzers 90 Day Plan Of ActionOerlikon Balzers 90 Day Plan Of Action
Oerlikon Balzers 90 Day Plan Of Action
tcollins3413
 
Fluke Connect Condition Based Maintenance
Fluke Connect Condition Based MaintenanceFluke Connect Condition Based Maintenance
Fluke Connect Condition Based Maintenance
Frederic Baudart, CMRP
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
Co c dc-best practices
Co c dc-best practicesCo c dc-best practices
Co c dc-best practices
avdsouza
 
A Framework for Dead stock Management System for in-house computer engineerin...
A Framework for Dead stock Management System for in-house computer engineerin...A Framework for Dead stock Management System for in-house computer engineerin...
A Framework for Dead stock Management System for in-house computer engineerin...
theijes
 
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field DevicesNERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
Schneider Electric
 

Similar to Technology audit (20)

Technology Audit
Technology AuditTechnology Audit
Technology Audit
 
Technology audit presentation
Technology audit presentationTechnology audit presentation
Technology audit presentation
 
Technology Audit
Technology AuditTechnology Audit
Technology Audit
 
Technology Audit | IT Audit | ERP Audit | Database Security
Technology Audit | IT Audit | ERP Audit | Database Security Technology Audit | IT Audit | ERP Audit | Database Security
Technology Audit | IT Audit | ERP Audit | Database Security
 
Inspace technologies
Inspace technologiesInspace technologies
Inspace technologies
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
 
Project Business Case and Capital Justification for Implementation of Applica...
Project Business Case and Capital Justification for Implementation of Applica...Project Business Case and Capital Justification for Implementation of Applica...
Project Business Case and Capital Justification for Implementation of Applica...
 
Oerlikon Balzers 90 Day Plan Of Action
Oerlikon Balzers 90 Day Plan Of ActionOerlikon Balzers 90 Day Plan Of Action
Oerlikon Balzers 90 Day Plan Of Action
 
Fluke Connect Condition Based Maintenance
Fluke Connect Condition Based MaintenanceFluke Connect Condition Based Maintenance
Fluke Connect Condition Based Maintenance
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...
IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...
IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...
 
Co c dc-best practices
Co c dc-best practicesCo c dc-best practices
Co c dc-best practices
 
Jason Allred Resume
Jason Allred ResumeJason Allred Resume
Jason Allred Resume
 
A Framework for Dead stock Management System for in-house computer engineerin...
A Framework for Dead stock Management System for in-house computer engineerin...A Framework for Dead stock Management System for in-house computer engineerin...
A Framework for Dead stock Management System for in-house computer engineerin...
 
CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07
 
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field DevicesNERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
 
Unit Iii
Unit IiiUnit Iii
Unit Iii
 
Ispe Article
Ispe ArticleIspe Article
Ispe Article
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4
 

More from Arish Roy

More from Arish Roy (20)

Daughters perfection
Daughters perfectionDaughters perfection
Daughters perfection
 
Newsletter connect - Jan 2017
Newsletter connect - Jan 2017Newsletter connect - Jan 2017
Newsletter connect - Jan 2017
 
Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016
 
Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016
 
Newsletter connect - Sep 2016
Newsletter connect - Sep 2016Newsletter connect - Sep 2016
Newsletter connect - Sep 2016
 
Newsletter Connect - August 2016
Newsletter Connect - August 2016Newsletter Connect - August 2016
Newsletter Connect - August 2016
 
Newsletter connect - July 2016
Newsletter connect - July 2016Newsletter connect - July 2016
Newsletter connect - July 2016
 
Newsletter connect - June 2016
Newsletter connect - June 2016Newsletter connect - June 2016
Newsletter connect - June 2016
 
Newsletter Connect - May
Newsletter Connect - MayNewsletter Connect - May
Newsletter Connect - May
 
Newsletter connect - April 2016
Newsletter connect - April 2016Newsletter connect - April 2016
Newsletter connect - April 2016
 
Newsletter Connect - Mar 2016
Newsletter Connect - Mar 2016Newsletter Connect - Mar 2016
Newsletter Connect - Mar 2016
 
Newsletter connect - Feb 2016
Newsletter connect - Feb 2016Newsletter connect - Feb 2016
Newsletter connect - Feb 2016
 
Newsletter connect - Jan 2016
Newsletter connect - Jan 2016Newsletter connect - Jan 2016
Newsletter connect - Jan 2016
 
Newsletter connect - Nov 2015
Newsletter connect - Nov 2015Newsletter connect - Nov 2015
Newsletter connect - Nov 2015
 
Newsletter connect - Oct 2015
Newsletter connect - Oct 2015Newsletter connect - Oct 2015
Newsletter connect - Oct 2015
 
Newsletter Connect - Sep 2015
Newsletter Connect - Sep 2015Newsletter Connect - Sep 2015
Newsletter Connect - Sep 2015
 
Newsletter Connect - August
Newsletter Connect - AugustNewsletter Connect - August
Newsletter Connect - August
 
Newsletter connect - July 2015
Newsletter connect - July 2015Newsletter connect - July 2015
Newsletter connect - July 2015
 
Inspace connect - June 2015
Inspace connect - June 2015Inspace connect - June 2015
Inspace connect - June 2015
 
Inspace connect - May 2015
Inspace connect - May 2015Inspace connect - May 2015
Inspace connect - May 2015
 

Recently uploaded

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 

Recently uploaded (20)

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 

Technology audit

  • 1. TECHNOLOGY AUDIT
  • 2. Technology Audit (TA) is an eye-opening innovation from Inspace. TA enables organization leaders understand the present IT utilization levels in their organization or business. In terms of importance, TA occupies equal status with Accounting Audits conducted in organizations. TA focuses on three important areas Viz. Business functionality, Ease of Use and Security. It also addresses the three sensitive areas of information/data availability, confidentiality and integrity. The Audit process follows a structured 3 tier methodology. TIER 1: HIGH LEVEL ~ Understanding Vision, Mission and the Business goals of the customer ~ A high level mapping of the current IT deployment in relation to thebusiness objectives ~ Observation and plotting of Possible Gaps between the Business objectives and IT deployment TIER 2: LOW LEVEL DEEP DIVE AUDIT ~ Detailed study of deployed hardware, software, connectivity, power, security, MIS, and usability by end users. ~ Identifying process coverage, data integrity, productivity improvements, reporting frequency and adequacy, training adequacy, and system availability. TIER 3: THE CAPSTONE Audit Findings Report: ~ Gap analysis ~ IT Infrastructure Analysis and recommendations ~ Business Flow Chart – Outline ~ Data backup Analysis and recommendations ~ Key User's knowledge and utilization of various software ~ Software License Status and recommendations ~ Core Software utilization Technology Audit 1
  • 3. ~ IT security / Vulnerability Analysis ~ Recommendations pertaining to technology upgrade / downgrade ~ Training requirements and plan of action TA SPECTRUM COVERS: ~ Power Infrastructure Audit ~ Networking Infrastructure Audit ~ Server & Backup Infrastructure Audit ~ Desktop & Laptop Infrastructure Audit ~ Generation of Asset (Hardware & Software) Document & Physical Outlay ~ Software Licensing Audit ~ General Data Security Audit ~ Infrastructure Maintenance Audit ~ Core Applications Audit ~ Internet/Intranet Connectivity Audit ~ Communication Audit (Data/Voice/Video) ~ Key Users' Technology Utilization Audit Technology Audit recommendations sets the direction for organizations to optimize Return of Investment (ROI) on IT. The success of TA is that it does not recommend investing more on IT; rather it helps in getting more out of existing IT investments. Technology Audit recommendations hinge on the following benefits: ~ Productivity benefits ~ Security benefits ~ Cost-saving benefits ~ Relationship benefits 2 Technology Audit
  • 4. POWER AUDIT The Power Audit is aimed at ensuring the power related equipment and infrastructure pertaining to IT systems complies with standards, and whether its throughput is in line with the organization's requirement for power for optimal efficiency and productivity of the IT systems. Since the power can come from several sources, the scope of the Audit may include Raw Power, UPS (Online/Offline), UPS/Inverter Batteries, Generators, Inverters, Transformers, Cabling and outlets. Other power equipment if any may be included based on their need on a case-to-case basis. The Power Audit follows a structured approach where critical parameters and readings for effecting optimal and sustained throughput across equipments are noted and taken as basic inputs. Wherever necessary, inputs from people involved in managing power infrastructure are also taken to ensure that the data gathered is correct and current. Besides, a general inspection of the equipments in terms of the age, environment of the equipments and current process of maintenance is done. Based on the data gathered and observed scenarios, the Audit team prepares the Audit report. The Audit Report is a detailed presentation of the AS-IS scenarios which are represented as facts. Observed issues and challenges in the existing power set up and the hazards that can impact the IT system's effective functioning and the resulting effect on business performance is also captured. The culmination of the Audit is the recommendations for corrective action and course of action which is based on firm specific requirements and industry's best practises and standards. Technology Audit 3
  • 5. NETWORK INFRASTRUCTURE AUDIT The Network Audit is a comprehensive audit where all the equipments and devices on the network come under the purview. The components under the audit, both active and passive, may include Data Switches, Routers, Hubs, Access Points, Repeaters, Voice Branch Exchanges, Data/Voice Cabling and I/O outlets. Networking equipment out of conventional audit scope may be included on a case-to-case basis based on the need of the business and technology environment. The Audit follows a predefined process where critical performance parameters and metrics for effecting optimal and sustained performance across devices and equipments are noted and taken as basic inputs. Wherever necessary, inputs from people involved in managing Network infrastructure are also taken to ensure that the data gathered is correct and current. Besides, a general inspection of the devices and equipments in terms of the age, environment of the devices and equipments, and current process of maintenance is done. Based on the data and information gathered, the Audit team maps the business process with the existing network infrastructure to assess fit and compatibility of the infrastructure to meet business objectives. The audit findings are presented in an Audit Report which is a detailed presentation of the AS-IS scenarios, observed issues and challenges in the existing Network. Deficits and hazards that can impact effective up-time of networks and systems are clearly identified. The Audit rec0mmendations focuses on taking corrective action and course of action based on the firm specific requirements and industry's best practises and standards. The Audit recommendation is tightly hinged on improving network throughput and managing and maintaining high up-time. 4 Technology Audit
  • 6. SERVER & BACKUP INFRASTRUCTURE AUDIT The Server and Backup Audit aims at ensuring IT system exigency plans are in place to handle unexpected failures of IT systems. The other objective of the Audit is also to ascertain whether data retrieval capability and process is in place. The Audit covers the critical IT system units such as Servers, Racks, Backup devices, Data storage equipment and I/O Cables. Firm specific equipment other the ones mentioned may be included based on business need and the situation on a case-to-case basis. Contingency plans such as Disaster Recovery (DR) and / or Business Continuity (BCP) also come under the purview of the Audit from an Infrastructure backup and readiness perspective. The Audit follows a structured process where critical nodes in the system environment for effecting optimal and sustained performance across devices and equipments are noted and taken as basic inputs. Wherever necessary, inputs from people involved in managing Server and Backup Infrastructure are also taken to ensure that the data gathered is correct and current. Besides, a general inspection of the devices and equipments in terms of the age, environment of the devices and equipments, and current process of maintenance is done. Based on the data and information gathered, the Audit team does a State Analysis of the infrastructure and maps it to the business objectives and goals. The Audit findings are presented in an Audit Report which is a detailed presentation of the State Analysis, observed issues and challenges in the existing Server and Backup Infrastructure. Deficits and failure points that can impact effective up-time of Servers and Back up Infrastructure are also clearly identified. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. The Audit helps System Managers and Administrators to effectively identify and manage failure points and ensure maximised up-time of critical back up devices and equipment. Technology Audit 5
  • 7. DESKTOP & LAPTOP INFRASTRUCTURE AUDIT The purpose of the Desktop and Laptop Audit is to uncover possible leaks in the desktop and laptop efficiencies in terms of processing time and usability which can impact overall IT System's output and people productivity. Organizations where standalone PCs and Laptops are used without servers benefit from this Audit. Similarly, organizations where the number of end users working on PCs and laptops are high will certainly need to be audited to ensure effective functioning. Other end user equipments, if any, may be included based on their need on a case-to-case basis. The Audit follows a well defined process where each PC and laptop in the organization is fully checked for optimal and sustained performance. Functional parameters of the PCs and laptops are taken as inputs from people involved in using them. A general inspection of the PCs and laptops in terms of the age, environment of the devices and equipments, and current process of maintenance is done. The data and information gathered forms the basis of the Audit recommendations. The Audit team does an AS-IS Analysis of the PC and laptop environment and maps it to the productivity and efficiency objectives and goals of the organization. The Audit findings are presented in an Audit Report which is a detailed presentation of the AS-IS Analysis, observed issues and challenges in the existing PC and laptop setup. Functional deficits and failure points that can impact effective up-time of PCs and laptops are also clearly identified and noted. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps System Managers and Administrators to effectively identify and manage failure points and ensure maximised up-time of PCs and laptops. 6 Technology Audit
  • 8. IT ASSET ASSESSMENT AUDIT This Audit enables organizations to keep check on the IT Assets that are currently deployed in their organization. The audit starts with a detailed and exhaustive compilation of all IT and IT related assets currently deployed. The compilation contains equipment details, their physical location, quantity, associated user, with additional information that may be available with the asset management team. Other pertinent information about the IT Assets may be called for by the Audit team and may be included in the audit on a case-to-case basis. To help identify the actual asset placement in the company, an outlay map diagram is additionally generated for each location in the organization. In some cases, a multi-city outlay may be done depending on the geo operations of the organization. The IT Asset outlay depicts the various sections, cabins, departments, building associated with the location. Textual legends assist the reader in gaining accurate information about the placements. Wherever necessary, inputs from people involved in managing the assets are obtained to ensure and validate that the data and information obtained is current and correct. In addition to the IT equipment that is deployed, a software list is generated which captures all the software packages presently installed in the audited computer systems in the organization. The detailed list provides information pertaining to the software products and its versions being currently used. Wherever necessary the asset management team is involved for getting up-to-date and correct information. Technology Audit 7
  • 9. SOFTWARE AUDIT License Audit The primary focus of this audit is to ensure that the audited organization complies with standards, policies and legal framework with respect to installing and using software. All software that is currently being used and installed in the computer systems come under the purview of the Audit. The software may include Operating Systems, Office Productivity Software, Accounting Software, ERP Applications and Customized software. Other software may be included in the audit on a case-to-case basis. Additionally, the audit attempts to highlight the security vulnerabilities due to usage of unlicensed software, if any. Wherever necessary, people managing the software assets are involved for getting up- to-date and correct data and information. The data and information gathered forms the basis of the Audit recommendations. The Audit team analysis the software licenses used and maps it to the legal and security vulnerabilities of the IT systems. Besides, its impact on business and governance of the organization is also analysed. The Audit findings are presented in an Audit Report where the observed issues and challenges in the existing software licenses are detailed. Security deficits and failure points that can creep into the system environment and which can impact smooth operation of IT systems is also detailed wherever applicable. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps System Managers and Administrators, to effectively manage IT by adhering to legally approved and secure use of licensed software. Core Applications Audit The objective of this Audit is to ensure that the key users of IT systems have understood and are proficient with the applications they are using as part of their daily operations. The audit process begins by listing the software applications to be audited. To facilitate a structured approach to the audit, the core applications list is grouped into four types as below: 8 Technology Audit
  • 10. ~ Office Productivity Applications – MS Office, Open Office which are used for general office purposes. ~ Accounting Applications – Tally etc. which are used for office accounting purposes. ~ ERP and Specialized Applications – AutoCAD, CorelDRAW, ERP, customized software which is used for specialized purposes. ~ Organization Website – Link check, Enquiry Sheet, Domain Name Renewal and SEO optimization check. The first part of the Core Application Audit is done on the Office Productivity Application with the Client's key users as Auditees. The software version details and features are collected and the users' knowledge level of the application features and their proficiency is audited. Similarly, the Accounting Applications, Specialized Applications and the organization's website is audited. Where the web site is of importance to the organization, the website's links, contacts and enquiry sheet page, domain name, renewal status, etc., are noted. Besides, a web search on sites such as Google is carried out to find out the present SEO optimization levels of the web site. This is done using relevant keywords. The data and information gathered forms the basis of the Audit Report and recommendations. The Core Applications Audit focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps Key end users of core applications keep a check on their knowledge proficiency levels in using application software and also to effectively improve their productivity and efficiency. Technology Audit 9
  • 11. GENERAL DATA SECURITY AUDIT This is a comprehensive audit that focuses on the security and safety of IT infrastructure deployed and data associated with it. The audit encompasses both Physical as well as Virtual Data security. Information with regard to Physical Access & Security, Virtual Data Access control comprising of the following is recorded: ~ Data Access Control ~ User Authentication System ~ Data Folder Structure / Permission ~ Storage Media Control ~ Data Leak Protection ~ Internet / Intranet / Email Security ~ Firewall Setup ~ Anti-SPAM Setup / Anti-Virus / Anti-Spyware Setup ~ Data Protection ~ Software Patch Management ~ Vulnerability Assessment ~ General Assessment (fire protection, burglar alarms, security personnel) Any other security related details not mentioned above may be gathered for inclusion in the audit based on need and on a case-to-case basis. The data and information gathered forms the basis of the Audit recommendations. The Audit team does an AS-IS Analysis of the Security environment and maps it to the organizations business process, objectives and goals of the organization. The Audit findings are presented in an Audit Report which is a detailed presentation of the AS-IS Analysis, observed issues and challenges in the existing set up. Deficits and gaps in the security features, and vulnerability and failure points that can negatively impact data and IT security are also clearly identified and noted. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps System Managers and Administrators to effectively identify and manage data leakage and unethical data access vulnerabilities and also ensure maximised security of IT systems. 10 Technology Audit
  • 12. INFRASTRUCTURE MAINTENANCE AUDIT The Infrastructure maintenance audit is aimed at ensuring that the IT systems are covered appropriately in terms of warranties, guarantees, on-call support and AMCs by the respective product vendors. Further, the audit also checks the Total Cost of Ownership (TCO) of IT Infrastructure in relation to sustained maintenance. Data and information pertaining to all the hardware and software deployed is gathered. Wherever necessary, people involved in managing IT Infrastructure are met to obtain current and correct data and information. A physical verification based on the collected details is carried out on a random basis to ensure data correctness. Once the essential information is available, a detailed report on the observations is made. Based on the existing industry standards and best practices, a recommendation report is drafted towards the observations made. The recommendations would cite the corrective actions and course of action that need to be put in place in order to counter-balance the existing problems and potential issues identified. INTERNET/INTRANET CONNECTIVITY AUDIT With internet and intranet usage in organizations increasing by the day, it is increasingly imperative to manage these technologies with a view to getting maximised benefits in terms cost and quality. In this audit, details pertaining to all connectivity solutions deployed in the organization come under the purview. The connectivity solutions may Internet / Intranet connectivity, Virtual Private Network (VPN), Radio Frequency (RF) and Metro Area Network (MAN). Other connectivity solutions may be included based on their need on a case-to-case basis. All necessary and critical parameters are noted with utmost care. Wherever necessary, the concerned people who manage these technologies and solutions are involved for getting up-to-date and correct information. The Audit Report is a compilation of the collected data and information. The Report would identify and highlight the existing deficits and anomalies in deployed solution, if any. Cost and quality implications and impact on business is detailed as part of the Report. Recommendations are made for corrective action and course of action based on industry standards and best practices with the objective of improving efficiency and productivity of the solutions and technologies deployed. Technology Audit 11
  • 13. COMMUNICATIONS AUDIT The Communications Audit is aimed at ensuring that the communication technologies such as Data, Voice and Video deployed within the organization are cost effective and that it delivers optimal value for money. During this audit, the billing details of all IT related communication solutions are taken as inputs. The communications solutions may include Telephone Landlines, Mobiles, Internet connections and Videoconferencing. Other communication solutions may be included in the Audit based on business need and on a case- to-case basis. The previous expenses incurred in the past one quarter on communication technologies are audited. Bills and Invoices pertaining to the same are scrutinized. Wherever necessary the people handling these technologies and the decision makers for adoption of these communication solutions are also involved for getting up-to-date and correct information. The Audit Report is a detailed presentation of the AS-IS situation and the observations. Cost and utilization anomalies, wherever present, is also highlighted as part of the report. Based on the audit findings, the audit team presents the recommendations based on a 'best solutions paradigm' with a clear objective to improve on cost and quality of communications solutions deployed. The recommendations may also include upgrade, downgrade or change of solutions to effect long term productivity and cost savings for the business. TECHNOLOGY UTILIZATION AUDIT – QUALITATIVE This is a qualitative audit where a questionnaire is designed, prepared and sent to all the key users of IT systems in the organization. The questionnaire is used as a medium to gather data and information pertaining to the technology utilization of each key user. The questionnaire carries questions that are objective and descriptive. The data gathered is analysed by the audit team. Besides, the key users are interviewed on a one-on-one basis so as with the objective to elucidate information that may be possible to capture through the questionnaire. The Audit Report is a compilation of the technology utilization patterns and habits of the key users. Based on the findings, the Audit recommendation is made with a view to take corrective steps, if any, in the way IT systems are used in the organization thereby create avenues for positive impact on business operations. 12 Technology Audit
  • 14. 38/96, AH Block, 4th Street, Shanthi Colony, Anna Nagar, Chennai - 600 040. India. Tel: +91-44-4353 1781 / 4353 1791 Fax: +91-2622 0430 Email: info@inspacetech.com