SlideShare a Scribd company logo
AUDIT
AUDIT
TECHNOLOGY
TECHNOLOGY
1
AuditFindingsReport:
Gap analysis
IT Infrastructure Analysis and recommendations
Business Flow Chart – Outline
Data backup Analysis and recommendations
Key User's knowledge and utilization of various software
Software License Status and recommendations
Core Software utilization
TIER 1: HIGHLEVEL
~
TIER 2: LOWLEVELDEEPDIVEAUDIT
~
~
TIER 3:THECAPSTONE
~
~
~
~
~
~
~
~
~
~
TechnologyAudit
Technology Audit (TA) is an eye-opening innovation from Inspace. TA enables organization leaders
understand the present IT utilization levels in their organization or business. In terms of importance,
TA occupies equal status with Accounting Audits conducted in organizations. TA focuses on three
important areas Viz. Business functionality, Ease of Use and Security. It also addresses the three
sensitive areas of information/data availability, confidentiality and integrity. The Audit process follows
a structured 3 tier methodology.
Understanding Vision, Mission and the Business goals of the customer
A high level mapping of the current IT deployment in relation to thebusiness objectives
Observation and plotting of Possible Gaps between the Business objectives and IT deployment
Detailed study of deployed hardware, software, connectivity, power, security, MIS,
and usability by end users.
Identifying process coverage, data integrity, productivity improvements, reporting
frequency andadequacy, training adequacy, and system availability.
TechnologyAudit
2
Productivity benefits
Security benefits
Cost-saving benefits
Relationship benefits
~
~
~
~
~
~
~
TA SPECTRUM COVERS:
~
~
~
~
~
~
~
~
~
~
~
~
IT security / Vulner ability Analysis
Recommendations pertaining to technology upgrade / downgrade
Training requirements and plan of action
Power Infrastructure Audit
Networking Infrastructure Audit
Server & Backup Infrastructure Audit
Desktop & Laptop Infrastructure Audit
Generation of Asset (Hardware & Software) Document & Physical Outlay
Software Licensing Audit
General Data Security Audit
Infrastructure Maintenance Audit
Core Applications Audit
Internet/Intranet Connectivity Audit
Communication Audit (Data/Voice/Video)
Key Users' Technology Utilization Audit
Technology Audit recommendations sets the direction for organizations to optimize Return of
Investment (ROI) on IT. The success of TA is that it does not recommend investing more on IT;
rather it helps in getting more out of existing IT investments. Technology Audit recommendations
hinge on the following benefits:
Technology Audit 3
POWERAUDIT
The Power Audit is aimed at ensuring the power related equipment and infrastructure pertaining
to IT systems complies with standards, and whether its throughput is in line with the organization's
requirement for power for optimal efficiency and productivity of the IT systems. Since the power
can come from several sources, the scope of the Audit may include Raw Power, UPS
(Online/Offline), UPS/Inverter Batteries, Generators, Inverters, Transformers, Cabling and outlets.
Other power equipment if any may be included based on their need on a case-to-case basis.
The Power Audit follows a structured approach where critical parameters and readings for effect-
ing optimal and sustained throughput across equipments are noted and taken as basic inputs.
Wherever necessary, inputs from people involved in managing power infrastructure are also taken
to ensure that the data gathered is correct and current. Besides, a general inspection of the equip-
ments in terms of the age, environment of the equipments and current process of maintenance is
done.
Based on the data gathered and observed scenarios, the Audit team prepares the Audit report. The
Audit Report is a detailed presentation of the AS-IS scenarios which are represented as facts.
Observed issues and challenges in the existing power set up and the hazards that can impact the IT
system's effective functioning and the resulting effect on business performance is also captured.
The culmination of the Audit is the recommendations for corrective action and course of action
which is based on firm specific requirements and industry's best practises and standards.
TechnologyAudit
4
NETWORK INFRASTRUCTUREAUDIT
The Network Audit is a comprehensive audit where all the equipments and devices on the network
come under the purview. The components under the audit, both active and passive, may include
Data Switches, Routers, Hubs, Access Points, Repeaters, Voice Branch Exchanges, Data/Voice
Cabling and I/O outlets. Networking equipment out of conventional audit scope may be included
on a case-to-case basis based on the need of the business and technology environment.
The Audit follows a predefined process where critical performance parameters and metrics for
effecting optimal and sustained performance across devices and equipments are noted and taken
as basic inputs. Wherever necessary,
inputs from people involved in
managing Network infrastructure
are also taken toensure that the data
gathered is correct and current.
Besides, a general inspection of the
devices and equipments in terms of
the age, environment of the devices
and equipments, and current
process of maintenance is done.
Based on the data and information
gathered, the Audit team maps the
business process with the existing
network infrastructure to assess fit
and compatibility of the infrastruc-
ture to meet business objectives. The audit findings are presented in an Audit Repor t whi ch i s a
detai l ed presentation of the AS-IS scenarios, observed issues and challenges in the existing
Network. Deficits and hazards that can impact effective up-time of networks and systems are
clearly identified. The Audit recommendations focuses on taking corrective action and course of
action based on the firm specific requirements and industry's best practises and standards. The
Audit recommendation is tightly hinged on improving network throughput and managing and
maintaining high up-time.
5
SERVER & BACKUPINFRASTRUCTUREAUDIT
TechnologyAudit
The Server and Backup Audit aims at ensuring IT system exigency plans are in place to handle
unexpected failures of IT systems. The other objective of the Audit is also to ascertain whether data
retrieval capability and process is in place. The Audit covers the critical IT system units such as
Servers, Racks, Backup devices, Data storage equipment and I/O Cables. Firm specific equipment
other the ones mentioned may be included based on business need and the situation on a
case-to-case basis. Contingency plans such as Disaster Recovery (DR) and / or Business Continuity
(BCP) also come under the purview of the Audit from an Infrastructure backup and readiness
perspective.
The Audit follows a structured process where critical nodes in the system environment for effecting
optimal and sustained perfor-
mance across devices and equip-
ments are noted and taken as
basic inputs. Wherever necessary,
inputs from people involved in
managing Server and Backup
Infrastructure are also taken to
ensure that the data gathered is
correct and current. Besides, a
general inspection of the devices
and equipments in terms of the
age, environment of the devices
and equipments, and current
process of maintenance is done.
Based on the data and informa-
tion gathered, the Audit team does a State Analysis of the infrastructure and maps it to the
business objectives and goals. The Audit findings are presented in an Audit Report which is a
detailed presentation of the State Analysis, observed issues and challenges in the existing Server
and Backup Infrastructure. Deficits and failure points that can impact effective up-time of Servers
and Back up Infrastructure are also clearly identified. The Audit recommendations focuses on
taking corrective action and course of action based on industry wide best practises and standards.
The Audit helps System Managers and Administrators to effectively identify and manage failure
points and ensure maximised up-time of critical back up devices and equipment.
The purpose of the Desktop and Laptop Audit is to uncover possible leaks in the desktop and
laptop efficiencies in terms of processing time and usability which can impact overall IT System's
output and people productivity. Organizations where standalone PCs and Laptops are used
without servers benefit from this Audit. Similarly, organizations where the number of end users
working on PCs and laptops are high will certainly need to be audited to ensure effective function-
ing. Other end user equipments, if any, may be included based on their need on a case-to-case
basis.
The Audit follows a well defined process where each PC and laptop in the organization is fully
checked for optimal and sustained performance. Functional parameters of the PCs and laptops are
taken as inputs from people involved in using them. A general inspection of the PCs and laptops in
terms of the age, environment of
the devices and equipments, and
current process of maintenance is
done.
The data and information gathered
forms the basis of the Audit recom-
mendations. The Audit team does
an AS-IS Analysis of the PC and
laptop environment and maps it to
the productivity and efficiency
objectives and goals of the organi-
zation. The Audit findings are
presented in an Audit Report which
is a detailed presentation of the
AS-IS Analysis, observed issues and
challenges in the existing PC and
laptop setup. Functional deficits and failure points that can impact effective up-time of PCs and
laptops are also clearly identified and noted. The Audit recommendations focuses on taking
corrective action and course of action based on industry wide best practises and standards. This
Audit helps System Managers and Administrators to effectively identify and manage failure points
and ensure maximised up-time of PCs and laptops.
TechnologyAudit
6
DESKTOP & LAPTOP INFRASTRUCTURE AUDIT
7
ITASSETASSESSMENTAUDIT
TechnologyAudit
This Audit enables organizations to keep check on the IT Assets that are currently deployed in their
organization. The audit starts with a detailed and exhaustive compilation of all IT and IT related assets
currently deployed. The compilation contains equipment details, their physical location, quantity,
associated user, with additional informa-
tion that may be available with the asset
management team. Other pertinent
information about the IT Assets may be
called for by the Audit team and may be
included in the audit on a case-to-case
basis.
To help identify the actual asset placement
in the company, an outlay map diagram is
additionally generated for each location in
the organization. In some cases, a multi-city
outlay may be done depending on the geo
operations of the organization. The IT Asset
outlay depicts the various sections, cabins,
departments, building associated with the
location. Textual legends assist the reader
in gaining accurate information about the
placements. Wherever necessary, inputs
from people involved in managing the
assets are obtained to ensure and validate that the data and information obtained is current and
correct.
In addition to the IT equipment that is deployed, a software list is generated which captures all the
software packages presently installed in the audited computer systems in the organization. The
detailed list provides information pertaining to the software products and its versions being
currently used. Wherever necessary the asset management team is involved for getting up-to-date
and correct information.
8
SOFTW AREAUDIT
TechnologyAudit
License Audit
The primary focus of this audit is to ensure that the audited organization complies with standards,
policies and legal framework with respect to installing and using software. All software that is
currently being used and installed in the computer systems come under the purview of the Audit.
The software may include Operating Systems, Office Productivity Software, Accounting Software,
ERP Applications and Customized software. Other software may be included in the audit on a
case-to-case basis. Additionally, the audit attempts to highlight the security vulnerabilities due to
usage of unlicensed software, if any. Wherever necessary, people managing the software assets are
involved for getting upto-date and correct data and information.
The data and information gathered forms the basis of the Audit recommendations. The Audit team
analysis the software licenses used and maps it to the legal and security vulnerabilities of the IT
systems. Besides, its impact on business
and governance of the organization is also
analysed. The Audit findings are presented
in an Audit Report where the observed
issues and challenges in the existing
software licenses are detailed. Secu-
rity deficits and failure points that can
creep into the system environment and
which can impact smooth operation of IT
systems is also detailed wherever applica-
ble. The Audit recommendations focuses
on taking corrective action and course of
action based on industry wide best
practises and standards. This Audit helps S
y s t em Managers and Administrators, to
effectively manage IT by adhering to legally approved and secure use of licensed software.
Core Applications Audit
The objective of this Audit is to ensure that the key users of IT systems have understood and are
proficient with the applications they are using as part of their daily operations. The audit process
begins by listing the software applications to be audited. To facilitate a structured approach to the
audit, the core applications list is grouped into four types as below:
9
~
~
~
~
Technology Audit 9
~ Office Productivity Applications – MS Office, Open Office which are used for
general office purposes.
Accounting Applications – Tally etc. which are used for office accounting
purposes.
ERP and Specialized Applications – AutoCAD, CorelDRAW, ERP, customized
software which is used for specialized purposes.
Organization Website – Link check, Enquiry Sheet, Domain Name Renewal
and SEO optimization check.
The first part of the Core Application
Audit is done on the Office Productivity Application
with the Client's key users as Auditees. The
software version details and features are collected
and the users' knowledge level of the application
features and their proficiency is audited. Similarly,
the Accounting Applications, Specialized Applica-
tions and the organization's website is audited.
Where the web site is of importance to the organi-
zation, the website's links, contacts and enquiry
sheet page, domain name, renewal status, etc., are
noted. Besides, a web search on sites such as
Google is carried out to find out the present SEO
optimization levels of the web site. This is done
using relevant keywords.
The data and information gathered forms the basis of the Audit Report and recommendations. The
Core Applications Audit focuses on taking corrective action and course of action based on industry
wide best practises and standards. This Audit helps Key end users of core applications keep a check
on their knowledge proficiency levels in using application software and also to effectively improve
their productivity and efficiency.
TechnologyAudit
10
GENERAL DATA SECURITYAUDIT
Data Access Control
User Authentication System
DataFolder Structure/Permission
Storage Media Control
Data Leak Protection
Internet / Intranet /Email Security
Firewall Setup
Anti-SPAM Setup /Anti-Virus /Anti-Spyware Setup
Data Protection
Software Patch Management
Vulner ability Assessment
Gener al Assessment (fireprotection,
~
~
~
~
~
~
~
~
~
~
~
~
This is a comprehensive audit that focuses on the security and safety of IT infrastructure deployed
and data associated with it. The audit encompasses both Physical as well as Virtual Data security.
Information with regard to Physical Access & Security, Virtual Data Access control comprising of
the following is recorded:
Any other security related details not mentioned above may be gathered for inclusion in the audit
based on need and on a case-to-case basis. The data and information gathered forms the basis of
the Audit recommendations. The Audit team does
an AS-IS Analysis of the Security environment and
maps it to the organizations business process,
objectives and goals of the organization. The Audit
findings are presented in an Audit Report which is a
detailed presentation of the AS-IS Analysis,
observed issues and challenges in the existing set
up. Deficits and gaps in the security features, and
vulnerability and failure points that can negatively
impact data and IT security are also clearly identified
and noted. The Audit recommendations focuses on
taking corrective action and course of action based on industry wide best practises and standards.
This Audit helps System Managers and Administrators to effectively identify and manage data
leakage and unethical data access vulnerabilities and also ensure maximised security of IT systems.
The Infrastructure maintenance audit is aimed at ensuring that the IT systems are covered appro-
priately in terms of warranties, guarantees, on-call support and AMCs by the respective product
vendors. Further, the audit also checks the Total Cost of Ownership (TCO) of IT Infrastructure in
relation to sustained maintenance. Data and information pertaining to all the hardware and
software deployed is gathered. Wherever necessary, people
involved in managing IT Infrastructure are met to obtain
current and correct data and information. A physical verifica-
tion based on the collected details is carried out on a random
basis to ensure data correctness.
Once the essential information is available, a detailed report on
the observations is made. Based on the existing industry stand-
ards and best practices, a recommendation report is drafted
towards the observations made. The recommendations would
cite the corrective actions and course of action that need to be put in place in order to counter-
balance the existing problems and potential issues identified.
With internet and intranet usage in organizations increasing by the day, it is increasingly impera-
tive to manage these technologies with a view to getting
maximised benefits in terms cost and quality. In this audit,
details pertaining to all connectivity solutions deployed in the
organization come under the purview. The connectivity
solutions may Internet / Intranet connectivity, Virtual Private
Network (VPN), Radio Frequency (RF) and Metro Area Network
(MAN). Other connectivity solutions may be included based on
their need on a case-to-case basis. All necessary and critical
parameters are noted with utmost care. Wherever necessary, the
concerned people who manage these technologies and
solutions are involved for getting up-to-date and correct
information.
The Audit Report is a compilation of the collected data and information. The Report would identify
and highlight the existing deficits and anomalies in deployed solution, if any. Cost and quality
implications and impact on business is detailed as part of the Report. Recommendations are made
for corrective action and course of action based on industry standards and best practices with the
objective of improving efficiency and productivity of the solutions and technologies deployed.
11
INFRASTRUCTUREMAINTENANCEAUDIT
INTERNET/INTRANETCONNECTIVITYAUDIT
TechnologyAudit
T
12
COMMUNICATIONS AUDIT
TECHNOLOGY UTILIZATION AUDIT– QUALITATIVE
echnology Audit
The Communications Audit is aimed at ensuring that the commu-
nication technologies such as Data, Voice and Video deployed
within the organization are cost effective and that it delivers
optimal value for money. During this audit, the billing details of all
IT related communication solutions are taken as inputs. The
communications solutions may include Telephone Landlines,
Mobiles, Internet connections and Videoconferencing. Other
communication solutions may be included in the Audit based on
business need and on a caseto- case basis. The previous expenses
incurred in the past one quarter on communication technologies are audited. Bills and Invoices
pertaining to the same are scrutinized. Wherever necessary the people handling these technologies
and the decision makers for adoption of these communication solutions are also involved for
getting up-to-date and correct information.
The Audit Report is a detailed presentation of the AS-IS situation and the observations. Cost and
utilization anomalies, wherever present, is also highlighted as part of the report. Based on the audit
findings, the audit team presents the recommendations based on a 'best solutions paradigm' with
a clear objective to improve on cost and quality of communications solutions deployed. The recom-
mendations may also include upgrade, downgrade or change of solutions to effect long term
productivity and cost savings for the business.
This is a qualitative audit where a questionnaire is designed, prepared and sent to all the key users
of IT systems in the organization. The questionnaire is used as a medium to gather data and
information pertaining to the technology utilization of each key user. The questionnaire carries
questions that are objective and descriptive. The data gathered is
analysed by the audit team. Besides, the key users are interviewed
on a one-on-one basis so as with the objective to elucidate
information that may be possible to capture through the
questionnaire. The Audit Report is a compilation of the technol-
ogy utilization patterns and habits of the key users. Based on the
findings, the Audit recommendation is made with a view to take
corrective steps, if any, in the way IT systems are used in the
organization thereby create avenues for positive impact on
business operations.
Plot No. 8, Shree Avenue Complex, Near GCC Club, Mira Road(E),
Thane - 401107, Maharashtra, India

More Related Content

What's hot

Auditing in a computer environment copy
Auditing in a computer environment   copyAuditing in a computer environment   copy
Auditing in a computer environment copy
Saleh Rashid
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
Sharah Ayumi
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
Damilola Mosaku
 
Audit in computerised informaton system environment and recent development i...
Audit in computerised  informaton system environment and recent development i...Audit in computerised  informaton system environment and recent development i...
Audit in computerised informaton system environment and recent development i...
Dr. Sanjay Sawant Dessai
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Sharing Slides Training
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
Jayesh Daga
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
KugendranMani
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
Cicero Ray Rufino
 
Computer Audit an Introductory
Computer Audit an IntroductoryComputer Audit an Introductory
Computer Audit an Introductory
MNorazizi HM
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
IRJET- An Investigation into the Adoption of Computer Assisted Audit Techniqu...
IRJET- An Investigation into the Adoption of Computer Assisted Audit Techniqu...IRJET- An Investigation into the Adoption of Computer Assisted Audit Techniqu...
IRJET- An Investigation into the Adoption of Computer Assisted Audit Techniqu...
IRJET Journal
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
Ais Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesAis Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development Strategies
Sharing Slides Training
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
Kashif Rana ACCA
 
3c 2 Information Systems Audit
3c   2   Information Systems Audit3c   2   Information Systems Audit
3c 2 Information Systems Audit
Rajeswaran Muthu Venkatachalam
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
Sreekanth Narendran
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
Mulyadi Yusuf
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
seanpizzy
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisa
asrulsani09
 

What's hot (20)

Auditing in a computer environment copy
Auditing in a computer environment   copyAuditing in a computer environment   copy
Auditing in a computer environment copy
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
Audit in computerised informaton system environment and recent development i...
Audit in computerised  informaton system environment and recent development i...Audit in computerised  informaton system environment and recent development i...
Audit in computerised informaton system environment and recent development i...
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
 
Computer Audit an Introductory
Computer Audit an IntroductoryComputer Audit an Introductory
Computer Audit an Introductory
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
IRJET- An Investigation into the Adoption of Computer Assisted Audit Techniqu...
IRJET- An Investigation into the Adoption of Computer Assisted Audit Techniqu...IRJET- An Investigation into the Adoption of Computer Assisted Audit Techniqu...
IRJET- An Investigation into the Adoption of Computer Assisted Audit Techniqu...
 
Security audit
Security auditSecurity audit
Security audit
 
Ais Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesAis Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development Strategies
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
 
3c 2 Information Systems Audit
3c   2   Information Systems Audit3c   2   Information Systems Audit
3c 2 Information Systems Audit
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisa
 

Viewers also liked

Gregg Warburton – A Dedicated Professional
Gregg Warburton – A Dedicated ProfessionalGregg Warburton – A Dedicated Professional
Gregg Warburton – A Dedicated Professional
charisma12
 
La solidarité
La solidaritéLa solidarité
La solidarité
tafymar
 
Tripcon Engineering Pvt. Ltd., Anand, Bushed Chains
Tripcon Engineering Pvt. Ltd., Anand, Bushed ChainsTripcon Engineering Pvt. Ltd., Anand, Bushed Chains
Tripcon Engineering Pvt. Ltd., Anand, Bushed Chains
IndiaMART InterMESH Limited
 
Writingband9 causeseffectsandsolutions
Writingband9 causeseffectsandsolutionsWritingband9 causeseffectsandsolutions
Writingband9 causeseffectsandsolutions
Hung Nguyen Van
 
Otto cose da sapere prima di comunicare un evento a un giornale - Perugia, 15...
Otto cose da sapere prima di comunicare un evento a un giornale - Perugia, 15...Otto cose da sapere prima di comunicare un evento a un giornale - Perugia, 15...
Otto cose da sapere prima di comunicare un evento a un giornale - Perugia, 15...
Ludovico Fontana
 
9th International Public Markets Conference - Jan Cochrane-Harry
9th International Public Markets Conference - Jan Cochrane-Harry9th International Public Markets Conference - Jan Cochrane-Harry
9th International Public Markets Conference - Jan Cochrane-Harry
PPSPublicMarkets
 
Zara final presentation 420
Zara final presentation 420Zara final presentation 420
Zara final presentation 420
kathrynamalfi
 
Enzimas cardiacas
Enzimas cardiacasEnzimas cardiacas
Enzimas cardiacas
CríízTíán Angarita
 
TIM CHEN
TIM CHENTIM CHEN
TIM CHEN
Smartalk
 
Entrada salida
Entrada salidaEntrada salida
Contribuição do trabalho com o humor para o ensino de Língua Portuguesa_Revis...
Contribuição do trabalho com o humor para o ensino de Língua Portuguesa_Revis...Contribuição do trabalho com o humor para o ensino de Língua Portuguesa_Revis...
Contribuição do trabalho com o humor para o ensino de Língua Portuguesa_Revis...
Helio de Sant'Anna
 
Tesis I
Tesis ITesis I
Tesis I
olvegam
 
Emprego da Visão Computacional no contexto de AP - Cameras
Emprego da Visão Computacional  no contexto de AP - CamerasEmprego da Visão Computacional  no contexto de AP - Cameras
Emprego da Visão Computacional no contexto de AP - Cameras
pipesmythe
 
HOMBRES EN ROPA INTERIOR :
HOMBRES EN ROPA INTERIOR : HOMBRES EN ROPA INTERIOR :
HOMBRES EN ROPA INTERIOR :
Enders Morale
 
Spontaneous collaboration in mobile Peer-to-Peer Networks
Spontaneous collaboration in mobile Peer-to-Peer NetworksSpontaneous collaboration in mobile Peer-to-Peer Networks
Spontaneous collaboration in mobile Peer-to-Peer Networks
Stefan Bürger
 

Viewers also liked (17)

Gregg Warburton – A Dedicated Professional
Gregg Warburton – A Dedicated ProfessionalGregg Warburton – A Dedicated Professional
Gregg Warburton – A Dedicated Professional
 
La solidarité
La solidaritéLa solidarité
La solidarité
 
Tripcon Engineering Pvt. Ltd., Anand, Bushed Chains
Tripcon Engineering Pvt. Ltd., Anand, Bushed ChainsTripcon Engineering Pvt. Ltd., Anand, Bushed Chains
Tripcon Engineering Pvt. Ltd., Anand, Bushed Chains
 
Writingband9 causeseffectsandsolutions
Writingband9 causeseffectsandsolutionsWritingband9 causeseffectsandsolutions
Writingband9 causeseffectsandsolutions
 
Phuongnbn_Bachelor Degree
Phuongnbn_Bachelor DegreePhuongnbn_Bachelor Degree
Phuongnbn_Bachelor Degree
 
Otto cose da sapere prima di comunicare un evento a un giornale - Perugia, 15...
Otto cose da sapere prima di comunicare un evento a un giornale - Perugia, 15...Otto cose da sapere prima di comunicare un evento a un giornale - Perugia, 15...
Otto cose da sapere prima di comunicare un evento a un giornale - Perugia, 15...
 
9th International Public Markets Conference - Jan Cochrane-Harry
9th International Public Markets Conference - Jan Cochrane-Harry9th International Public Markets Conference - Jan Cochrane-Harry
9th International Public Markets Conference - Jan Cochrane-Harry
 
Zara final presentation 420
Zara final presentation 420Zara final presentation 420
Zara final presentation 420
 
Enzimas cardiacas
Enzimas cardiacasEnzimas cardiacas
Enzimas cardiacas
 
TIM CHEN
TIM CHENTIM CHEN
TIM CHEN
 
Entrada salida
Entrada salidaEntrada salida
Entrada salida
 
Contribuição do trabalho com o humor para o ensino de Língua Portuguesa_Revis...
Contribuição do trabalho com o humor para o ensino de Língua Portuguesa_Revis...Contribuição do trabalho com o humor para o ensino de Língua Portuguesa_Revis...
Contribuição do trabalho com o humor para o ensino de Língua Portuguesa_Revis...
 
Tesis I
Tesis ITesis I
Tesis I
 
Emprego da Visão Computacional no contexto de AP - Cameras
Emprego da Visão Computacional  no contexto de AP - CamerasEmprego da Visão Computacional  no contexto de AP - Cameras
Emprego da Visão Computacional no contexto de AP - Cameras
 
HOMBRES EN ROPA INTERIOR :
HOMBRES EN ROPA INTERIOR : HOMBRES EN ROPA INTERIOR :
HOMBRES EN ROPA INTERIOR :
 
Spontaneous collaboration in mobile Peer-to-Peer Networks
Spontaneous collaboration in mobile Peer-to-Peer NetworksSpontaneous collaboration in mobile Peer-to-Peer Networks
Spontaneous collaboration in mobile Peer-to-Peer Networks
 
Original
OriginalOriginal
Original
 

Similar to Technology audit presentation

Technology audit
Technology auditTechnology audit
Technology audit
Arish Roy
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
gueste080564
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computing
guestc1bca2
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
renetta
 
Business Process Modeling: An Example of Re-engineering the Enterprise
Business Process Modeling: An Example of Re-engineering the EnterpriseBusiness Process Modeling: An Example of Re-engineering the Enterprise
Business Process Modeling: An Example of Re-engineering the Enterprise
Massimo Talia
 
CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07
Thomas Danford
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS              .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS              .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
joellemurphey
 
Back Office Conference 02 10 2009
Back Office Conference 02 10 2009Back Office Conference 02 10 2009
Back Office Conference 02 10 2009
blnoeide
 
James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15
David Julian
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
Protected Harbor
 
IRJET- Vendor Management System using Machine Learning
IRJET-  	  Vendor Management System using Machine LearningIRJET-  	  Vendor Management System using Machine Learning
IRJET- Vendor Management System using Machine Learning
IRJET Journal
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
JoshJaro
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
Adetula Bunmi
 
CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
rkhasua004
 
A Framework for Dead stock Management System for in-house computer engineerin...
A Framework for Dead stock Management System for in-house computer engineerin...A Framework for Dead stock Management System for in-house computer engineerin...
A Framework for Dead stock Management System for in-house computer engineerin...
theijes
 
Icai seminar kolkata
Icai seminar kolkataIcai seminar kolkata
Icai seminar kolkata
sunil patro
 
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
Cognizant
 
IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...
IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...
IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...
IRJET Journal
 
CAAT - Data Analysis and Audit Techniques
CAAT - Data Analysis and Audit TechniquesCAAT - Data Analysis and Audit Techniques
CAAT - Data Analysis and Audit Techniques
Saurabh Rai
 

Similar to Technology audit presentation (20)

Technology audit
Technology auditTechnology audit
Technology audit
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computing
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
Business Process Modeling: An Example of Re-engineering the Enterprise
Business Process Modeling: An Example of Re-engineering the EnterpriseBusiness Process Modeling: An Example of Re-engineering the Enterprise
Business Process Modeling: An Example of Re-engineering the Enterprise
 
CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS              .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS              .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
 
Back Office Conference 02 10 2009
Back Office Conference 02 10 2009Back Office Conference 02 10 2009
Back Office Conference 02 10 2009
 
James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
 
IRJET- Vendor Management System using Machine Learning
IRJET-  	  Vendor Management System using Machine LearningIRJET-  	  Vendor Management System using Machine Learning
IRJET- Vendor Management System using Machine Learning
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
 
A Framework for Dead stock Management System for in-house computer engineerin...
A Framework for Dead stock Management System for in-house computer engineerin...A Framework for Dead stock Management System for in-house computer engineerin...
A Framework for Dead stock Management System for in-house computer engineerin...
 
Icai seminar kolkata
Icai seminar kolkataIcai seminar kolkata
Icai seminar kolkata
 
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
 
IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...
IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...
IRJET- A Survey for Block Chaining based Cyber Security System for Fiscal Dev...
 
CAAT - Data Analysis and Audit Techniques
CAAT - Data Analysis and Audit TechniquesCAAT - Data Analysis and Audit Techniques
CAAT - Data Analysis and Audit Techniques
 

More from Arish Roy

Daughters perfection
Daughters perfectionDaughters perfection
Daughters perfection
Arish Roy
 
Newsletter connect - Jan 2017
Newsletter connect - Jan 2017Newsletter connect - Jan 2017
Newsletter connect - Jan 2017
Arish Roy
 
Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016
Arish Roy
 
Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016
Arish Roy
 
Newsletter connect - Sep 2016
Newsletter connect - Sep 2016Newsletter connect - Sep 2016
Newsletter connect - Sep 2016
Arish Roy
 
Newsletter Connect - August 2016
Newsletter Connect - August 2016Newsletter Connect - August 2016
Newsletter Connect - August 2016
Arish Roy
 
Newsletter connect - July 2016
Newsletter connect - July 2016Newsletter connect - July 2016
Newsletter connect - July 2016
Arish Roy
 
Newsletter connect - June 2016
Newsletter connect - June 2016Newsletter connect - June 2016
Newsletter connect - June 2016
Arish Roy
 
Newsletter Connect - May
Newsletter Connect - MayNewsletter Connect - May
Newsletter Connect - May
Arish Roy
 
Newsletter connect - April 2016
Newsletter connect - April 2016Newsletter connect - April 2016
Newsletter connect - April 2016
Arish Roy
 
Newsletter Connect - Mar 2016
Newsletter Connect - Mar 2016Newsletter Connect - Mar 2016
Newsletter Connect - Mar 2016
Arish Roy
 
Newsletter connect - Feb 2016
Newsletter connect - Feb 2016Newsletter connect - Feb 2016
Newsletter connect - Feb 2016
Arish Roy
 
Newsletter connect - Jan 2016
Newsletter connect  - Jan 2016Newsletter connect  - Jan 2016
Newsletter connect - Jan 2016
Arish Roy
 
Newsletter connect - Nov 2015
Newsletter connect  - Nov 2015Newsletter connect  - Nov 2015
Newsletter connect - Nov 2015
Arish Roy
 
Newsletter connect - Oct 2015
Newsletter connect - Oct 2015Newsletter connect - Oct 2015
Newsletter connect - Oct 2015
Arish Roy
 
Newsletter Connect - Sep 2015
Newsletter Connect  - Sep 2015Newsletter Connect  - Sep 2015
Newsletter Connect - Sep 2015
Arish Roy
 
Newsletter Connect - August
Newsletter Connect - AugustNewsletter Connect - August
Newsletter Connect - August
Arish Roy
 
Newsletter connect - July 2015
Newsletter connect - July 2015Newsletter connect - July 2015
Newsletter connect - July 2015
Arish Roy
 
Inspace connect - June 2015
Inspace connect - June 2015Inspace connect - June 2015
Inspace connect - June 2015
Arish Roy
 
Inspace connect - May 2015
Inspace connect - May 2015Inspace connect - May 2015
Inspace connect - May 2015
Arish Roy
 

More from Arish Roy (20)

Daughters perfection
Daughters perfectionDaughters perfection
Daughters perfection
 
Newsletter connect - Jan 2017
Newsletter connect - Jan 2017Newsletter connect - Jan 2017
Newsletter connect - Jan 2017
 
Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016
 
Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016Newsletter Connect - Nov 2016
Newsletter Connect - Nov 2016
 
Newsletter connect - Sep 2016
Newsletter connect - Sep 2016Newsletter connect - Sep 2016
Newsletter connect - Sep 2016
 
Newsletter Connect - August 2016
Newsletter Connect - August 2016Newsletter Connect - August 2016
Newsletter Connect - August 2016
 
Newsletter connect - July 2016
Newsletter connect - July 2016Newsletter connect - July 2016
Newsletter connect - July 2016
 
Newsletter connect - June 2016
Newsletter connect - June 2016Newsletter connect - June 2016
Newsletter connect - June 2016
 
Newsletter Connect - May
Newsletter Connect - MayNewsletter Connect - May
Newsletter Connect - May
 
Newsletter connect - April 2016
Newsletter connect - April 2016Newsletter connect - April 2016
Newsletter connect - April 2016
 
Newsletter Connect - Mar 2016
Newsletter Connect - Mar 2016Newsletter Connect - Mar 2016
Newsletter Connect - Mar 2016
 
Newsletter connect - Feb 2016
Newsletter connect - Feb 2016Newsletter connect - Feb 2016
Newsletter connect - Feb 2016
 
Newsletter connect - Jan 2016
Newsletter connect  - Jan 2016Newsletter connect  - Jan 2016
Newsletter connect - Jan 2016
 
Newsletter connect - Nov 2015
Newsletter connect  - Nov 2015Newsletter connect  - Nov 2015
Newsletter connect - Nov 2015
 
Newsletter connect - Oct 2015
Newsletter connect - Oct 2015Newsletter connect - Oct 2015
Newsletter connect - Oct 2015
 
Newsletter Connect - Sep 2015
Newsletter Connect  - Sep 2015Newsletter Connect  - Sep 2015
Newsletter Connect - Sep 2015
 
Newsletter Connect - August
Newsletter Connect - AugustNewsletter Connect - August
Newsletter Connect - August
 
Newsletter connect - July 2015
Newsletter connect - July 2015Newsletter connect - July 2015
Newsletter connect - July 2015
 
Inspace connect - June 2015
Inspace connect - June 2015Inspace connect - June 2015
Inspace connect - June 2015
 
Inspace connect - May 2015
Inspace connect - May 2015Inspace connect - May 2015
Inspace connect - May 2015
 

Technology audit presentation

  • 2. 1 AuditFindingsReport: Gap analysis IT Infrastructure Analysis and recommendations Business Flow Chart – Outline Data backup Analysis and recommendations Key User's knowledge and utilization of various software Software License Status and recommendations Core Software utilization TIER 1: HIGHLEVEL ~ TIER 2: LOWLEVELDEEPDIVEAUDIT ~ ~ TIER 3:THECAPSTONE ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ TechnologyAudit Technology Audit (TA) is an eye-opening innovation from Inspace. TA enables organization leaders understand the present IT utilization levels in their organization or business. In terms of importance, TA occupies equal status with Accounting Audits conducted in organizations. TA focuses on three important areas Viz. Business functionality, Ease of Use and Security. It also addresses the three sensitive areas of information/data availability, confidentiality and integrity. The Audit process follows a structured 3 tier methodology. Understanding Vision, Mission and the Business goals of the customer A high level mapping of the current IT deployment in relation to thebusiness objectives Observation and plotting of Possible Gaps between the Business objectives and IT deployment Detailed study of deployed hardware, software, connectivity, power, security, MIS, and usability by end users. Identifying process coverage, data integrity, productivity improvements, reporting frequency andadequacy, training adequacy, and system availability.
  • 3. TechnologyAudit 2 Productivity benefits Security benefits Cost-saving benefits Relationship benefits ~ ~ ~ ~ ~ ~ ~ TA SPECTRUM COVERS: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ IT security / Vulner ability Analysis Recommendations pertaining to technology upgrade / downgrade Training requirements and plan of action Power Infrastructure Audit Networking Infrastructure Audit Server & Backup Infrastructure Audit Desktop & Laptop Infrastructure Audit Generation of Asset (Hardware & Software) Document & Physical Outlay Software Licensing Audit General Data Security Audit Infrastructure Maintenance Audit Core Applications Audit Internet/Intranet Connectivity Audit Communication Audit (Data/Voice/Video) Key Users' Technology Utilization Audit Technology Audit recommendations sets the direction for organizations to optimize Return of Investment (ROI) on IT. The success of TA is that it does not recommend investing more on IT; rather it helps in getting more out of existing IT investments. Technology Audit recommendations hinge on the following benefits:
  • 4. Technology Audit 3 POWERAUDIT The Power Audit is aimed at ensuring the power related equipment and infrastructure pertaining to IT systems complies with standards, and whether its throughput is in line with the organization's requirement for power for optimal efficiency and productivity of the IT systems. Since the power can come from several sources, the scope of the Audit may include Raw Power, UPS (Online/Offline), UPS/Inverter Batteries, Generators, Inverters, Transformers, Cabling and outlets. Other power equipment if any may be included based on their need on a case-to-case basis. The Power Audit follows a structured approach where critical parameters and readings for effect- ing optimal and sustained throughput across equipments are noted and taken as basic inputs. Wherever necessary, inputs from people involved in managing power infrastructure are also taken to ensure that the data gathered is correct and current. Besides, a general inspection of the equip- ments in terms of the age, environment of the equipments and current process of maintenance is done. Based on the data gathered and observed scenarios, the Audit team prepares the Audit report. The Audit Report is a detailed presentation of the AS-IS scenarios which are represented as facts. Observed issues and challenges in the existing power set up and the hazards that can impact the IT system's effective functioning and the resulting effect on business performance is also captured. The culmination of the Audit is the recommendations for corrective action and course of action which is based on firm specific requirements and industry's best practises and standards.
  • 5. TechnologyAudit 4 NETWORK INFRASTRUCTUREAUDIT The Network Audit is a comprehensive audit where all the equipments and devices on the network come under the purview. The components under the audit, both active and passive, may include Data Switches, Routers, Hubs, Access Points, Repeaters, Voice Branch Exchanges, Data/Voice Cabling and I/O outlets. Networking equipment out of conventional audit scope may be included on a case-to-case basis based on the need of the business and technology environment. The Audit follows a predefined process where critical performance parameters and metrics for effecting optimal and sustained performance across devices and equipments are noted and taken as basic inputs. Wherever necessary, inputs from people involved in managing Network infrastructure are also taken toensure that the data gathered is correct and current. Besides, a general inspection of the devices and equipments in terms of the age, environment of the devices and equipments, and current process of maintenance is done. Based on the data and information gathered, the Audit team maps the business process with the existing network infrastructure to assess fit and compatibility of the infrastruc- ture to meet business objectives. The audit findings are presented in an Audit Repor t whi ch i s a detai l ed presentation of the AS-IS scenarios, observed issues and challenges in the existing Network. Deficits and hazards that can impact effective up-time of networks and systems are clearly identified. The Audit recommendations focuses on taking corrective action and course of action based on the firm specific requirements and industry's best practises and standards. The Audit recommendation is tightly hinged on improving network throughput and managing and maintaining high up-time.
  • 6. 5 SERVER & BACKUPINFRASTRUCTUREAUDIT TechnologyAudit The Server and Backup Audit aims at ensuring IT system exigency plans are in place to handle unexpected failures of IT systems. The other objective of the Audit is also to ascertain whether data retrieval capability and process is in place. The Audit covers the critical IT system units such as Servers, Racks, Backup devices, Data storage equipment and I/O Cables. Firm specific equipment other the ones mentioned may be included based on business need and the situation on a case-to-case basis. Contingency plans such as Disaster Recovery (DR) and / or Business Continuity (BCP) also come under the purview of the Audit from an Infrastructure backup and readiness perspective. The Audit follows a structured process where critical nodes in the system environment for effecting optimal and sustained perfor- mance across devices and equip- ments are noted and taken as basic inputs. Wherever necessary, inputs from people involved in managing Server and Backup Infrastructure are also taken to ensure that the data gathered is correct and current. Besides, a general inspection of the devices and equipments in terms of the age, environment of the devices and equipments, and current process of maintenance is done. Based on the data and informa- tion gathered, the Audit team does a State Analysis of the infrastructure and maps it to the business objectives and goals. The Audit findings are presented in an Audit Report which is a detailed presentation of the State Analysis, observed issues and challenges in the existing Server and Backup Infrastructure. Deficits and failure points that can impact effective up-time of Servers and Back up Infrastructure are also clearly identified. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. The Audit helps System Managers and Administrators to effectively identify and manage failure points and ensure maximised up-time of critical back up devices and equipment.
  • 7. The purpose of the Desktop and Laptop Audit is to uncover possible leaks in the desktop and laptop efficiencies in terms of processing time and usability which can impact overall IT System's output and people productivity. Organizations where standalone PCs and Laptops are used without servers benefit from this Audit. Similarly, organizations where the number of end users working on PCs and laptops are high will certainly need to be audited to ensure effective function- ing. Other end user equipments, if any, may be included based on their need on a case-to-case basis. The Audit follows a well defined process where each PC and laptop in the organization is fully checked for optimal and sustained performance. Functional parameters of the PCs and laptops are taken as inputs from people involved in using them. A general inspection of the PCs and laptops in terms of the age, environment of the devices and equipments, and current process of maintenance is done. The data and information gathered forms the basis of the Audit recom- mendations. The Audit team does an AS-IS Analysis of the PC and laptop environment and maps it to the productivity and efficiency objectives and goals of the organi- zation. The Audit findings are presented in an Audit Report which is a detailed presentation of the AS-IS Analysis, observed issues and challenges in the existing PC and laptop setup. Functional deficits and failure points that can impact effective up-time of PCs and laptops are also clearly identified and noted. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps System Managers and Administrators to effectively identify and manage failure points and ensure maximised up-time of PCs and laptops. TechnologyAudit 6 DESKTOP & LAPTOP INFRASTRUCTURE AUDIT
  • 8. 7 ITASSETASSESSMENTAUDIT TechnologyAudit This Audit enables organizations to keep check on the IT Assets that are currently deployed in their organization. The audit starts with a detailed and exhaustive compilation of all IT and IT related assets currently deployed. The compilation contains equipment details, their physical location, quantity, associated user, with additional informa- tion that may be available with the asset management team. Other pertinent information about the IT Assets may be called for by the Audit team and may be included in the audit on a case-to-case basis. To help identify the actual asset placement in the company, an outlay map diagram is additionally generated for each location in the organization. In some cases, a multi-city outlay may be done depending on the geo operations of the organization. The IT Asset outlay depicts the various sections, cabins, departments, building associated with the location. Textual legends assist the reader in gaining accurate information about the placements. Wherever necessary, inputs from people involved in managing the assets are obtained to ensure and validate that the data and information obtained is current and correct. In addition to the IT equipment that is deployed, a software list is generated which captures all the software packages presently installed in the audited computer systems in the organization. The detailed list provides information pertaining to the software products and its versions being currently used. Wherever necessary the asset management team is involved for getting up-to-date and correct information.
  • 9. 8 SOFTW AREAUDIT TechnologyAudit License Audit The primary focus of this audit is to ensure that the audited organization complies with standards, policies and legal framework with respect to installing and using software. All software that is currently being used and installed in the computer systems come under the purview of the Audit. The software may include Operating Systems, Office Productivity Software, Accounting Software, ERP Applications and Customized software. Other software may be included in the audit on a case-to-case basis. Additionally, the audit attempts to highlight the security vulnerabilities due to usage of unlicensed software, if any. Wherever necessary, people managing the software assets are involved for getting upto-date and correct data and information. The data and information gathered forms the basis of the Audit recommendations. The Audit team analysis the software licenses used and maps it to the legal and security vulnerabilities of the IT systems. Besides, its impact on business and governance of the organization is also analysed. The Audit findings are presented in an Audit Report where the observed issues and challenges in the existing software licenses are detailed. Secu- rity deficits and failure points that can creep into the system environment and which can impact smooth operation of IT systems is also detailed wherever applica- ble. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps S y s t em Managers and Administrators, to effectively manage IT by adhering to legally approved and secure use of licensed software. Core Applications Audit The objective of this Audit is to ensure that the key users of IT systems have understood and are proficient with the applications they are using as part of their daily operations. The audit process begins by listing the software applications to be audited. To facilitate a structured approach to the audit, the core applications list is grouped into four types as below:
  • 10. 9 ~ ~ ~ ~ Technology Audit 9 ~ Office Productivity Applications – MS Office, Open Office which are used for general office purposes. Accounting Applications – Tally etc. which are used for office accounting purposes. ERP and Specialized Applications – AutoCAD, CorelDRAW, ERP, customized software which is used for specialized purposes. Organization Website – Link check, Enquiry Sheet, Domain Name Renewal and SEO optimization check. The first part of the Core Application Audit is done on the Office Productivity Application with the Client's key users as Auditees. The software version details and features are collected and the users' knowledge level of the application features and their proficiency is audited. Similarly, the Accounting Applications, Specialized Applica- tions and the organization's website is audited. Where the web site is of importance to the organi- zation, the website's links, contacts and enquiry sheet page, domain name, renewal status, etc., are noted. Besides, a web search on sites such as Google is carried out to find out the present SEO optimization levels of the web site. This is done using relevant keywords. The data and information gathered forms the basis of the Audit Report and recommendations. The Core Applications Audit focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps Key end users of core applications keep a check on their knowledge proficiency levels in using application software and also to effectively improve their productivity and efficiency.
  • 11. TechnologyAudit 10 GENERAL DATA SECURITYAUDIT Data Access Control User Authentication System DataFolder Structure/Permission Storage Media Control Data Leak Protection Internet / Intranet /Email Security Firewall Setup Anti-SPAM Setup /Anti-Virus /Anti-Spyware Setup Data Protection Software Patch Management Vulner ability Assessment Gener al Assessment (fireprotection, ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ This is a comprehensive audit that focuses on the security and safety of IT infrastructure deployed and data associated with it. The audit encompasses both Physical as well as Virtual Data security. Information with regard to Physical Access & Security, Virtual Data Access control comprising of the following is recorded: Any other security related details not mentioned above may be gathered for inclusion in the audit based on need and on a case-to-case basis. The data and information gathered forms the basis of the Audit recommendations. The Audit team does an AS-IS Analysis of the Security environment and maps it to the organizations business process, objectives and goals of the organization. The Audit findings are presented in an Audit Report which is a detailed presentation of the AS-IS Analysis, observed issues and challenges in the existing set up. Deficits and gaps in the security features, and vulnerability and failure points that can negatively impact data and IT security are also clearly identified and noted. The Audit recommendations focuses on taking corrective action and course of action based on industry wide best practises and standards. This Audit helps System Managers and Administrators to effectively identify and manage data leakage and unethical data access vulnerabilities and also ensure maximised security of IT systems.
  • 12. The Infrastructure maintenance audit is aimed at ensuring that the IT systems are covered appro- priately in terms of warranties, guarantees, on-call support and AMCs by the respective product vendors. Further, the audit also checks the Total Cost of Ownership (TCO) of IT Infrastructure in relation to sustained maintenance. Data and information pertaining to all the hardware and software deployed is gathered. Wherever necessary, people involved in managing IT Infrastructure are met to obtain current and correct data and information. A physical verifica- tion based on the collected details is carried out on a random basis to ensure data correctness. Once the essential information is available, a detailed report on the observations is made. Based on the existing industry stand- ards and best practices, a recommendation report is drafted towards the observations made. The recommendations would cite the corrective actions and course of action that need to be put in place in order to counter- balance the existing problems and potential issues identified. With internet and intranet usage in organizations increasing by the day, it is increasingly impera- tive to manage these technologies with a view to getting maximised benefits in terms cost and quality. In this audit, details pertaining to all connectivity solutions deployed in the organization come under the purview. The connectivity solutions may Internet / Intranet connectivity, Virtual Private Network (VPN), Radio Frequency (RF) and Metro Area Network (MAN). Other connectivity solutions may be included based on their need on a case-to-case basis. All necessary and critical parameters are noted with utmost care. Wherever necessary, the concerned people who manage these technologies and solutions are involved for getting up-to-date and correct information. The Audit Report is a compilation of the collected data and information. The Report would identify and highlight the existing deficits and anomalies in deployed solution, if any. Cost and quality implications and impact on business is detailed as part of the Report. Recommendations are made for corrective action and course of action based on industry standards and best practices with the objective of improving efficiency and productivity of the solutions and technologies deployed. 11 INFRASTRUCTUREMAINTENANCEAUDIT INTERNET/INTRANETCONNECTIVITYAUDIT TechnologyAudit
  • 13. T 12 COMMUNICATIONS AUDIT TECHNOLOGY UTILIZATION AUDIT– QUALITATIVE echnology Audit The Communications Audit is aimed at ensuring that the commu- nication technologies such as Data, Voice and Video deployed within the organization are cost effective and that it delivers optimal value for money. During this audit, the billing details of all IT related communication solutions are taken as inputs. The communications solutions may include Telephone Landlines, Mobiles, Internet connections and Videoconferencing. Other communication solutions may be included in the Audit based on business need and on a caseto- case basis. The previous expenses incurred in the past one quarter on communication technologies are audited. Bills and Invoices pertaining to the same are scrutinized. Wherever necessary the people handling these technologies and the decision makers for adoption of these communication solutions are also involved for getting up-to-date and correct information. The Audit Report is a detailed presentation of the AS-IS situation and the observations. Cost and utilization anomalies, wherever present, is also highlighted as part of the report. Based on the audit findings, the audit team presents the recommendations based on a 'best solutions paradigm' with a clear objective to improve on cost and quality of communications solutions deployed. The recom- mendations may also include upgrade, downgrade or change of solutions to effect long term productivity and cost savings for the business. This is a qualitative audit where a questionnaire is designed, prepared and sent to all the key users of IT systems in the organization. The questionnaire is used as a medium to gather data and information pertaining to the technology utilization of each key user. The questionnaire carries questions that are objective and descriptive. The data gathered is analysed by the audit team. Besides, the key users are interviewed on a one-on-one basis so as with the objective to elucidate information that may be possible to capture through the questionnaire. The Audit Report is a compilation of the technol- ogy utilization patterns and habits of the key users. Based on the findings, the Audit recommendation is made with a view to take corrective steps, if any, in the way IT systems are used in the organization thereby create avenues for positive impact on business operations.
  • 14. Plot No. 8, Shree Avenue Complex, Near GCC Club, Mira Road(E), Thane - 401107, Maharashtra, India