IT audit – where to take a closer look

IT audit. A very dry topic. And a complex one at that. Many companies have IT contracts with service providers where infrastructure and services are outsourced. Audits are often included in these contracts. Some companies try to manage this themselves. The reality is that if it has been outsourced, it often goes unnoticed. Internally, many think that everything is kept up to date anyway. And the consequences can be disastrous. Why is this so important? And what is often found? Here is an overview.

However, knowledge of IT and automation processes is also becoming increasingly important for the creation of meaningful management reports. This gives you insight and certainty about the way IT systems are set up and organized. This information also helps you to make forecasts and decisions. IT is therefore crucial for the security, continuity and reputation of your company.

In short: it provides security. Security that nothing gets out. That the processes run smoothly and are coordinated. And that any measures that become necessary are identified and resolved at an early stage. Before major problems arise, of course.

During an IT audit, the current status of the entire IT system is recorded, analyzed and evaluated:

• You create an inventory of the entire IT landscape with precise documentation.
• You identify weak points and security risks for the company in the individual areas and in the interfaces.
• This is followed by a detailed evaluation: assessment of potential risks, recommendations for optimizing IT systems, possible savings options and closing security gaps where necessary.

Databases (instances, versions, size, backup concept)

Windows Active Directory: active domains, domain levels, groups & roles, password changes at employee level

Customized applications: CRM, accounting, databases, backups

Data storage: Concept, drives or servers Access authorizations. Local, user-specific data

Backup / data backup (concept, check backup content & intervals, storage location)

Server systems,

Number and specification of devices (printers, PC systems…)

User authorizations

Concept, hosting, active mail accounts, mail distribution list, mail archiving

Antispam configuration and effectiveness

IT network (all network components)

Network structure (physical network, WLAN, VPN connections)

Firewall (configuration, system updates, active firewall rules and VPN connections)

Internet access (speed, pricing model)

Overview of IP addresses used

Server systems (hardware and software)

Access system (status and security, e.g. of the server room and IT systems)

Emergency power supply (function and configuration)

Server systems

Operating systems, Office software, security software, other software and status of licenses

Every area of the company is recorded and analyzed. Not only as a separate element, but also in interaction with subsequent applications/systems. This enables us to identify risks and weaknesses. Sometimes even before they cause problems and become expensive.

At the end of such an audit, you should have clarity about all necessary immediate measures (listed by priority). In addition, preventive measures should be proposed to decision-makers.

An IT audit ensures that the systems and technologies used are functioning correctly. This is time-consuming and should be done thoroughly. That is why a service provider is often commissioned for this. This allows an assessment to be made with a neutral eye. However, an IT audit also has another purpose: it checks that the software and IT systems used are in line with the company’s business objectives. That’s why we rely on cooperation with you for IT audits. This is the only way to achieve a satisfactory result. Still have questions? Simply contact us without obligation!