IT Audit

Services
- Information security
- Services and Facilities
  - Technical Support and Maintenance of Hardware and Software
- Digital Services
- Implementation and Migration
  - Migration Of Infrastructure, Configurations, Applications, Data, And Users
  - Implementation Of IT Solutions
- IT And Digital Consulting
  - Inspection and Consultation
  - Gathering and formalizing requirements (system and business analytics)
- Managed Services
  - Workspace Administration
  - Operation of Datacenter and Cloud Infrastructure
- Software Development
- Products
  - COLIBRI (Automated Workstation)
  - SERVICE AUTOMATION TOOL
Projects
Company
- ICL Services
- History
- Persons
- Social responsibility
- News
- Video
Career
- Career
  - Career in ICL Services
    - Advantages of work in ICL Services
  - Vacancies
Contact us

This service is for you if:

You need an IT strategy or a medium-term plan for the development of information technology that more fully meets the needs of your business;
You want to analyse value chains in your company and optimize them through deeper use of IT;
You are interested in returning IT investments and higher efficiency of IT services and the company’s IT strategy on the whole;
You are considering the possibility of implementing innovative approaches in data centre activities: clouds, hybrid capacity utilization, outsourcing, innovative management methods, etc;
You are preparing for a large-scale modernization of IT infrastructure, planning to build IT systems or IT infrastructure or give a new lease of life to existing ones;
You are planning certification (ISO 20000, ISO 27001, ISAE 3402, …) or want to standardize IT services of your company;
You want to evaluate if you are ready to the transition to IT outsourcing, plan to regulate IT processes or to achieve higher efficiency of the IT department;
You want to reduce IT costs while meeting all your business needs;
You want to improve the efficiency of existing equipment and data centre applications and higher return on investment in data centre infrastructure;
You want to analyse and eliminate potential bottlenecks in the performance, reliability, and scalability of the infrastructure and its component;
You want to identify the reserves for your IT infrastructure performance improvement for further effective use.

The modern business is dynamically and actively developing. The companies’ management identifies new growth points, defines new goals and objectives in the business development and support, and information technologies penetrate the companies’ business processes more and more deeply. New technologies are ready not only to provide support and optimization for the companies’ business processes, but also to bring new ideas to the business, give an additional impetus to development, and create competitive advantages.

An IT strategy is formed and constantly updated with the purpose to create synergy between business and IT.
An effective IT strategy is always based on IT audit. It allows assessing the state of infrastructure and the level of availability of IT services, the company’s business and IT processes and their continuity, the competences of IT employees and the project office as well as the efficiency of all information systems.
IT audit (or IT analysis) is an opportunity to get an unbiased assessment of your company’s IT management system, to understand how IT infrastructure, information systems and IT services should be developed, and also to determine the points and methods of their most effective application.

IT AUDIT: WHAT IT SHOWS AND WHAT DECISIONS IT HELPS TO MAKE

shows to what extent the information support provided to your company’s key business processes is full and efficient;
shows the possibility and benefits of applying new technologies and approaches of the modern digital world (such as business digitalization, migration to cloud and hybrid environments, automation of business processes);
shows how IT assets and IT resources can provide additional quality opportunities for business;
shows how IT transformation can optimize value chains for the entire business and the IT department in particular;
assesses the need to implement IT management methodologies, IT services, applications and an integration environment in order to get the most out of them;
shows how to ensure business continuity, with which solutions you can analyse the functioning of the network, IT infrastructure and business applications, identify problems in any IT application or service, determine the availability and performance of software transactions, predict negative impact on the end user;
helps decide how to maximize the use of existing IT capabilities of the company, thereby minimizing costs when implementing large-scale changes;
finds out how much the company invests in the IT department, IT infrastructure, information systems and services, and whether this amount is justified;
helps reduce the cost of maintenance and ownership of information systems;
highlights the risks in the field of information security and tells you how to eliminate or minimize them;>
helps assess the conformity of your IT with the global best practices and reference models used by our large customers around the world.

We offer the following IT audit options:

FULL-SERVICE

Auditing of all areas of a company's activities is included. The average duration of such an audit is 3-4 months.

SELECTIVE

Several key areas are selected, for example, audit of IT security and ITSM processes. The work is carried out from several weeks to 2 months.

EXPRESS

IT audit of a single area, for example, IT audit of staff. Duration of the audit is several weeks.

Depending on your selected IT audit types, you can expect the following results:

Detailed recommendations on optimization of your IT infrastructure, IT architecture and IT processes

IT audit report with a detailed description of the current state of your IT infrastructure, IT architecture and IT processes, as well as recommendations on their optimization

Mid-range IT strategy

Feasibility study of the implementation and development of IT systems, IT infrastructure upgrade

Roadmaps for the development, improvement, and implementation of business applications

Terms of reference and/or individual terms of reference for the improvement and integration of information systems, selection of software solutions from a range of vendors.

IT audit areas

IT infrastructure audit

- specialized software usage
- physical examination
- individual interviews with IT service employees of the company

IT infrastructure audit is logically divided in 2 parts: server infrastructure audit and client infrastructure audit

When auditing the server IT infrastructure, we use an efficient examination methodology an a set of standard tools. As a result, we can quickly and efficiently examine IT infrastructure of a company and determine the degree of the customer's IT infrastructure compliance with business goals, assess current risks of the infrastructure impact on business and efficiency.

Our large team of certified specialists offer our customers the most efficient methods of IT infrastructure transformation.

During the client infrastructure survey, we:
- analyze and assess IT assets and management processes for operating systems and software on employees' workstations;
- compare the purchased and actually used licenses, analyze risks and develop proposals on optimization of software licensing and usage;
- determine infrastructure readiness for transformation, implementation and migration of Office 365 and EMS cloud services, migration to a new version of the client OS (Windows 7, 8, 10), implementation of approaches and tools for mobile device management, and implementation of the BYOD concept, implementation and optimization of VDI and terminal environments;
- analyze the efficiency of end user devices.

Audit of business processes

The audit of business processes is a procedure for identifying and isolating problem areas of a company's operation. The audit includes:
- audit of business processes for reporting and creating the reporting structure
- determination of transparency and efficiency of a company's processes, performance of processes by key customers and business process re-engineering, if necessary
- description of the decision-making model of the company
- determination of metrics, key business indicators of the company for data monetization, identification of data sources, rules for data systematization, binding and enrichment
- identification of current business and user issues, issue categorization (from major to minor)

Information security audit

The information security audit includes examination of the current information security system of the company to objectively assess the level of its security and develop recommendations on its improvement.

During the examination, our specialists interview key employees of the company, examine processes related to data security, scan information systems for vulnerabilities, determine information system requirements (also related to information security), determine the value of information assets and assess risks.
In all cases, we analyze settings of information systems, DBMS and data security tools for the compliance with data security regulations.

As a result of the Information Security Audit, the company obtains a detailed report containing information about all detected issues and vulnerabilities of information systems, infrastructure and organizational measures, as well as a list of recommendations on the improvement of the company's data security level, threat model, and other necessary documents.

Learn More

Audit information systems

The audit of information systems includes examination and analysis of the existing information system of the company to assess its efficiency.

During the audit, we analyze the compliance (partial compliance, non-compliance) of existing IT services and information systems with business processes, operational and strategic gaols of the company, actual requirements of certain divisions. We identify critical systems and services, as well as their availability and efficiency.

As a result of the audit, we make conclusions on whether the current information systems, IT services and business applications meet the requirements of business, develop recommendations on the optimization of information systems, their future development (improvement) and integration environment implementation; calculate mid-range IT budget.

Learn More

Audit of IT division, ITSM processes, assets and resources

The division audit is performed to improve the efficiency of the IT division operation, optimize IT expenses, improve the quality of IT services, re-organize IT divisions to meet the company's business tasks in compliance with the modern methodology of IT infrastructure operation.

As a result of such an audit, we prepare the auditor's conclusion with detailed recommendations on the organization of IT service operation planning to meet the requirements of the company's business.

Audit of processes includes 5 stages
- approval of the audit coverage, goals, criteria, methods
- preparation for auditing
- audit of the company
- examination of evidence provided by the company
- preparation of the auditor's report
As a result of such an audit, the company obtains:
- the report on the audit of IT service provision process with the assessment of maturity of IT processes and management system
- the list of identified non-compliances: regulations, standards, best practices depending on the audit criteria
- observations: sources of improvement for the IT service management system and areas of improvement
- practical recommendation on the elimination of non-compliances, process efficiency and maturity improvement, ensuring the compliance with the requirements of standards or best practices
- as-is models of processes developed using the Process Mining technology to analyze traces of data that are, for example, stored in the company's ITSM system Process Mining

IT audit approaches

Depending on audit goals and specific features, we choose one of the following two audit approaches:

Baseline first – the goal of this approach is to detect and eliminate problem areas without holistic comprehension of the target state of the IT infrastructure, IT architecture, and IT processes. Typical tasks — elimination of performance bottlenecks, cutting information system maintenance and ownership costs, information system performance analysis, etc.

Target first – this approach is mainly used to ensure that IT infrastructure, IT architecture and IT processes reach a certain well-defined state. This may include preparations for certification, implementation of ITIL processes or DevOps approach, division or consolidation of IT infrastructure, implementation of a new information system or its migration to cloud, etc.

Depending on the selected approach, the number and sequence of stages vary. The main of them are as follows:

Determine the company's audit goals, its business architecture, vision, business drivers, and the holistic comprehension of its position in BDAT (Business, Data, Application, Technology) domains. Identification of limitations and risks.

Assessment of problem areas and probable risks. At this stage, we work on business problems and define priorities for their resolution.

Then, our employees perform a more detailed IT audit: detailed analysis of identified problems and search for most efficient ways for their elimination. You can rest assured that we will offer an optimal solution since our IT company has competent auditors in various IT areas.

As a result of the audit, the company's chief executive is provided the IT Audit Report on all examined issues and areas.

We examine the existing infrastructure, perform inventory of the current system-wide software of the corporate server and client infrastructure. We analyze the the audit results, develop specific proposals and recommendations on optimizing all components of information systems and infrastructure.

Besides, we create a register of currently used IT solutions in the context of current business processes, evaluate their feasibility, identify bottlenecks and optimization methods. We describe the logic of interaction between various information system components when performing business tasks and evaluate the relevance of the information system structure for their solution.