2. Technology Audit (TA) is an eye-opening innovation from Inspace. TA enables organization leaders
understand the present IT utilization levels in their organization or business. In terms of importance, TA
occupies equal status with Accounting Audits conducted in organizations. TA focuses on three
important areas Viz. Business functionality, Ease of Use and Security. It also addresses the three sensitive
areas of information/data availability, confidentiality and integrity. The Audit process follows a
structured 3 tier methodology.
TIER 1: HIGH LEVEL
~ Understanding Vision, Mission and the Business goals of the customer
~ A high level mapping of the current IT deployment in relation to thebusiness objectives
~ Observation and plotting of Possible Gaps between the Business objectives and IT deployment
TIER 2: LOW LEVEL DEEP DIVE AUDIT
~ Detailed study of deployed hardware, software, connectivity, power, security, MIS, and usability
by end users.
~ Identifying process coverage, data integrity, productivity improvements, reporting frequency and
adequacy, training adequacy, and system availability.
TIER 3: THE CAPSTONE
Audit Findings Report:
~ Gap analysis
~ IT Infrastructure Analysis and recommendations
~ Business Flow Chart – Outline
~ Data backup Analysis and recommendations
~ Key User's knowledge and utilization of various software
~ Software License Status and recommendations
~ Core Software utilization
Technology Audit 1
3. ~ IT security / Vulnerability Analysis
~ Recommendations pertaining to technology upgrade / downgrade
~ Training requirements and plan of action
TA SPECTRUM COVERS:
~ Power Infrastructure Audit
~ Networking Infrastructure Audit
~ Server & Backup Infrastructure Audit
~ Desktop & Laptop Infrastructure Audit
~ Generation of Asset (Hardware & Software) Document & Physical Outlay
~ Software Licensing Audit
~ General Data Security Audit
~ Infrastructure Maintenance Audit
~ Core Applications Audit
~ Internet/Intranet Connectivity Audit
~ Communication Audit (Data/Voice/Video)
~ Key Users' Technology Utilization Audit
Technology Audit recommendations sets the direction for organizations to optimize Return of
Investment (ROI) on IT. The success of TA is that it does not recommend investing more on IT; rather it
helps in getting more out of existing IT investments. Technology Audit recommendations hinge on the
following benefits:
~ Productivity benefits
~ Security benefits
~ Cost-saving benefits
~ Relationship benefits
2 Technology Audit
4. POWER AUDIT
The Power Audit is aimed at ensuring the power related equipment and infrastructure pertaining to IT
systems complies with standards, and whether its throughput is in line with the organization's
requirement for power for optimal efficiency and productivity of the IT systems. Since the power can
come from several sources, the scope of the Audit may include Raw Power, UPS (Online/Offline),
UPS/Inverter Batteries, Generators, Inverters, Transformers, Cabling and outlets. Other power equipment
if any may be included based on their need on a case-to-case basis.
The Power Audit follows a structured approach where critical parameters and readings for effecting
optimal and sustained throughput across equipments are noted and taken as basic inputs. Wherever
necessary, inputs from people involved in managing power infrastructure are also taken to ensure that
the data gathered is correct and current. Besides, a general inspection of the equipments in terms of the
age, environment of the equipments and current process of maintenance is done.
Based on the data gathered and observed scenarios, the Audit team prepares the Audit report. The Audit
Report is a detailed presentation of the AS-IS scenarios which are represented as facts. Observed issues
and challenges in the existing power set up and the hazards that can impact the IT system's effective
functioning and the resulting effect on business performance is also captured. The culmination of the
Audit is the recommendations for corrective action and course of action which is based on firm specific
requirements and industry's best practises and standards.
Technology Audit 3
5. NETWORK INFRASTRUCTURE AUDIT
The Network Audit is a comprehensive audit where all the equipments and devices on the network come
under the purview. The components under the audit, both active and passive, may include Data
Switches, Routers, Hubs, Access Points, Repeaters, Voice Branch Exchanges, Data/Voice Cabling and I/O
outlets. Networking equipment out of conventional audit scope may be included on a case-to-case basis
based on the need of the business and technology environment.
The Audit follows a predefined process where critical performance parameters and metrics for effecting
optimal and sustained performance across devices and equipments are noted and taken as basic inputs.
Wherever necessary, inputs from people involved in managing Network infrastructure are also taken to
ensure that the data gathered is
correct and current. Besides, a general
inspection of the devices and
equipments in terms of the age,
environment of the devices and
equipments, and current process of
maintenance is done.
Based on the data and information
gathered, the Audit team maps the
business process with the existing
network infrastructure to assess fit
and compatibility of the infrastructure
to meet business objectives. The audit
findings are presented in an Audit
Report which is a detailed
presentation of the AS-IS scenarios, observed issues and challenges in the existing Network. Deficits
and hazards that can impact effective up-time of networks and systems are clearly identified. The Audit
rec0mmendations focuses on taking corrective action and course of action based on the firm specific
requirements and industry's best practises and standards. The Audit recommendation is tightly hinged
on improving network throughput and managing and maintaining high up-time.
4 Technology Audit
6. SERVER & BACKUP INFRASTRUCTURE AUDIT
The Server and Backup Audit aims at ensuring IT system exigency plans are in place to handle
unexpected failures of IT systems. The other objective of the Audit is also to ascertain whether data
retrieval capability and process is in place. The Audit covers the critical IT system units such as Servers,
Racks, Backup devices, Data storage equipment and I/O Cables. Firm specific equipment other the ones
mentioned may be included based on business need and the situation on a case-to-case basis.
Contingency plans such as Disaster Recovery (DR) and / or Business Continuity (BCP) also come under
the purview of the Audit from an Infrastructure backup and readiness perspective.
The Audit follows a structured process where critical nodes in the system environment for effecting
optimal and sustained performance across devices and equipments are noted and taken as basic inputs.
Wherever necessary, inputs from
people involved in managing Server
and Backup Infrastructure are also
taken to ensure that the data
gathered is correct and current.
Besides, a general inspection of the
devices and equipments in terms of
the age, environment of the devices
and equipments, and current
process of maintenance is done.
Based on the data and information
gathered, the Audit team does a
State Analysis of the infrastructure
and maps it to the business
objectives and goals. The Audit
findings are presented in an Audit
Report which is a detailed presentation of the State Analysis, observed issues and challenges in the
existing Server and Backup Infrastructure. Deficits and failure points that can impact effective up-time of
Servers and Back up Infrastructure are also clearly identified. The Audit recommendations focuses on
taking corrective action and course of action based on industry wide best practises and standards. The
Audit helps System Managers and Administrators to effectively identify and manage failure points and
ensure maximised up-time of critical back up devices and equipment.
Technology Audit 5
7. DESKTOP & LAPTOP INFRASTRUCTURE AUDIT
The purpose of the Desktop and Laptop Audit is to uncover possible leaks in the desktop and laptop
efficiencies in terms of processing time and usability which can impact overall IT System's output and
people productivity. Organizations where standalone PCs and Laptops are used without servers benefit
from this Audit. Similarly, organizations where the number of end users working on PCs and laptops are
high will certainly need to be audited to ensure effective functioning. Other end user equipments, if any,
may be included based on their need on a case-to-case basis.
The Audit follows a well defined process where each PC and laptop in the organization is fully checked
for optimal and sustained performance. Functional parameters of the PCs and laptops are taken as
inputs from people involved in using them. A general inspection of the PCs and laptops in terms of the
age, environment of the devices and
equipments, and current process of
maintenance is done.
The data and information gathered
forms the basis of the Audit
recommendations. The Audit team
does an AS-IS Analysis of the PC and
laptop environment and maps it to
the productivity and efficiency
objectives and goals of the
organization. The Audit findings are
presented in an Audit Report which is
a detailed presentation of the AS-IS
Analysis, observed issues and
challenges in the existing PC and
laptop setup. Functional deficits and failure points that can impact effective up-time of PCs and laptops
are also clearly identified and noted. The Audit recommendations focuses on taking corrective action
and course of action based on industry wide best practises and standards. This Audit helps System
Managers and Administrators to effectively identify and manage failure points and ensure maximised
up-time of PCs and laptops.
6 Technology Audit
8. IT ASSET ASSESSMENT AUDIT
This Audit enables organizations to keep check on the IT Assets that are currently deployed in their
organization. The audit starts with a detailed and exhaustive compilation of all IT and IT related assets
currently deployed. The compilation contains equipment details, their physical location, quantity,
associated user, with additional information
that may be available with the asset
management team. Other pertinent
information about the IT Assets may be
called for by the Audit team and may be
included in the audit on a case-to-case
basis.
To help identify the actual asset placement
in the company, an outlay map diagram is
additionally generated for each location in
the organization. In some cases, a multi-city
outlay may be done depending on the geo
operations of the organization. The IT Asset
outlay depicts the various sections, cabins,
departments, building associated with the
location. Textual legends assist the reader in
gaining accurate information about the
placements. Wherever necessary, inputs
from people involved in managing the assets are obtained to ensure and validate that the data and
information obtained is current and correct.
In addition to the IT equipment that is deployed, a software list is generated which captures all the
software packages presently installed in the audited computer systems in the organization. The detailed
list provides information pertaining to the software products and its versions being currently used.
Wherever necessary the asset management team is involved for getting up-to-date and correct
information.
Technology Audit 7
9. SOFTWARE AUDIT
License Audit
The primary focus of this audit is to ensure that the audited organization complies with standards,
policies and legal framework with respect to installing and using software. All software that is currently
being used and installed in the computer systems come under the purview of the Audit. The software
may include Operating Systems, Office Productivity Software, Accounting Software, ERP Applications
and Customized software. Other software may be included in the audit on a case-to-case basis.
Additionally, the audit attempts to highlight the security vulnerabilities due to usage of unlicensed
software, if any. Wherever necessary, people managing the software assets are involved for getting up-
to-date and correct data and information.
The data and information gathered forms the basis of the Audit recommendations. The Audit team
analysis the software licenses used and maps it to the legal and security vulnerabilities of the IT systems.
Besides, its impact on business and
governance of the organization is also
analysed. The Audit findings are
presented in an Audit Report where the
observed issues and challenges in the
existing software licenses are detailed.
Security deficits and failure points that
can creep into the system environment
and which can impact smooth operation
of IT systems is also detailed wherever
applicable. The Audit recommendations
focuses on taking corrective action and
course of action based on industry wide
best practises and standards. This Audit
helps System Managers and
Administrators, to effectively manage IT by adhering to legally approved and secure use of licensed
software.
Core Applications Audit
The objective of this Audit is to ensure that the key users of IT systems have understood and are
proficient with the applications they are using as part of their daily operations. The audit process begins
by listing the software applications to be audited. To facilitate a structured approach to the audit, the
core applications list is grouped into four types as below:
8 Technology Audit
10. ~ Office Productivity Applications – MS Office, Open Office which are used for general office
purposes.
~ Accounting Applications – Tally etc. which are used for office accounting purposes.
~ ERP and Specialized Applications – AutoCAD, CorelDRAW, ERP, customized software
which is used for specialized purposes.
~ Organization Website – Link check, Enquiry Sheet, Domain Name Renewal and SEO
optimization check.
The first part of the Core Application Audit is done on the Office Productivity Application with the
Client's key users as Auditees. The software version details and features are collected and the users'
knowledge level of the application features and their
proficiency is audited. Similarly, the Accounting
Applications, Specialized Applications and the
organization's website is audited. Where the web
site is of importance to the organization, the
website's links, contacts and enquiry sheet page,
domain name, renewal status, etc., are noted.
Besides, a web search on sites such as Google is
carried out to find out the present SEO optimization
levels of the web site. This is done using relevant
keywords.
The data and information gathered forms the basis
of the Audit Report and recommendations. The Core
Applications Audit focuses on taking corrective
action and course of action based on industry wide
best practises and standards. This Audit helps Key end users of core applications keep a check on their
knowledge proficiency levels in using application software and also to effectively improve their
productivity and efficiency.
Technology Audit 9
11. GENERAL DATA SECURITY AUDIT
This is a comprehensive audit that focuses on the security and safety of IT infrastructure deployed and
data associated with it. The audit encompasses both Physical as well as Virtual Data security.
Information with regard to Physical Access & Security, Virtual Data Access control comprising of the
following is recorded:
~ Data Access Control
~ User Authentication System
~ Data Folder Structure / Permission
~ Storage Media Control
~ Data Leak Protection
~ Internet / Intranet / Email Security
~ Firewall Setup
~ Anti-SPAM Setup / Anti-Virus / Anti-Spyware Setup
~ Data Protection
~ Software Patch Management
~ Vulnerability Assessment
~ General Assessment (fire protection, burglar alarms, security personnel)
Any other security related details not mentioned above may be gathered for inclusion in the audit based
on need and on a case-to-case basis. The data and information gathered forms the basis of the Audit
recommendations. The Audit team does an AS-IS Analysis of the Security environment and maps it
to the organizations business process, objectives
and goals of the organization. The Audit findings
are presented in an Audit Report which is a detailed
presentation of the AS-IS Analysis, observed issues
and challenges in the existing set up. Deficits and
gaps in the security features, and vulnerability and
failure points that can negatively impact data and IT
security are also clearly identified and noted. The
Audit recommendations focuses on taking
corrective action and course of action based on
industry wide best practises and standards. This Audit helps System Managers and Administrators
to effectively identify and manage data leakage and unethical data access vulnerabilities and also
ensure maximised security of IT systems.
10 Technology Audit
12. INFRASTRUCTURE MAINTENANCE AUDIT
The Infrastructure maintenance audit is aimed at ensuring that the IT systems are covered appropriately
in terms of warranties, guarantees, on-call support and AMCs by the respective product vendors. Further,
the audit also checks the Total Cost of Ownership (TCO) of IT Infrastructure in relation to sustained
maintenance. Data and information pertaining to all the hardware and software deployed is gathered.
Wherever necessary, people involved in managing IT Infrastructure
are met to obtain current and correct data and information. A
physical verification based on the collected details is carried out on a
random basis to ensure data correctness.
Once the essential information is available, a detailed report on the
observations is made. Based on the existing industry standards and
best practices, a recommendation report is drafted towards the
observations made. The recommendations would cite the corrective
actions and course of action that need to be put in place in order to counter-balance the existing
problems and potential issues identified.
INTERNET/INTRANET CONNECTIVITY AUDIT
With internet and intranet usage in organizations increasing by the day, it is increasingly imperative to
manage these technologies with a view to getting maximised benefits in terms cost and quality. In this
audit, details pertaining to all connectivity solutions deployed in the
organization come under the purview. The connectivity solutions
may Internet / Intranet connectivity, Virtual Private Network (VPN),
Radio Frequency (RF) and Metro Area Network (MAN). Other
connectivity solutions may be included based on their need on a
case-to-case basis. All necessary and critical parameters are noted
with utmost care. Wherever necessary, the concerned people who
manage these technologies and solutions are involved for getting
up-to-date and correct information.
The Audit Report is a compilation of the collected data and information. The Report would identify and
highlight the existing deficits and anomalies in deployed solution, if any. Cost and quality implications
and impact on business is detailed as part of the Report. Recommendations are made for corrective
action and course of action based on industry standards and best practices with the objective of
improving efficiency and productivity of the solutions and technologies deployed.
Technology Audit 11
13. COMMUNICATIONS AUDIT
The Communications Audit is aimed at ensuring that the
communication technologies such as Data, Voice and Video deployed
within the organization are cost effective and that it delivers optimal
value for money. During this audit, the billing details of all IT related
communication solutions are taken as inputs. The communications
solutions may include Telephone Landlines, Mobiles, Internet
connections and Videoconferencing. Other communication solutions
may be included in the Audit based on business need and on a case-
to-case basis. The previous expenses incurred in the past one quarter on communication technologies
are audited. Bills and Invoices pertaining to the same are scrutinized. Wherever necessary the people
handling these technologies and the decision makers for adoption of these communication solutions
are also involved for getting up-to-date and correct information.
The Audit Report is a detailed presentation of the AS-IS situation and the observations. Cost and
utilization anomalies, wherever present, is also highlighted as part of the report. Based on the audit
findings, the audit team presents the recommendations based on a 'best solutions paradigm' with a
clear objective to improve on cost and quality of communications solutions deployed. The
recommendations may also include upgrade, downgrade or change of solutions to effect long term
productivity and cost savings for the business.
TECHNOLOGY UTILIZATION AUDIT – QUALITATIVE
This is a qualitative audit where a questionnaire is designed, prepared and sent to all the key users of IT
systems in the organization. The questionnaire is used as a medium to gather data and information
pertaining to the technology utilization of each key user. The questionnaire carries questions that are
objective and descriptive. The data gathered is analysed by the audit
team. Besides, the key users are interviewed on a one-on-one basis so
as with the objective to elucidate information that may be possible to
capture through the questionnaire. The Audit Report is a compilation
of the technology utilization patterns and habits of the key users.
Based on the findings, the Audit recommendation is made with a view
to take corrective steps, if any, in the way IT systems are used in the
organization thereby create avenues for positive impact on business
operations.
12 Technology Audit
14. 38/96, AH Block, 4th Street, Shanthi Colony, Anna Nagar, Chennai - 600 040. India.
Tel: +91-44-4353 1781 / 4353 1791 Fax: +91-2622 0430 Email: info@inspacetech.com