ICL Services
Ask a question

IT Audit

ask an expert
This service is for you if:
  • you need an IT strategy or a mid-range plan for the information technology development meeting the requirements of Business to a greater extent
  • you need to analyze your Company's value chains and optimize them thanks to deeper application of information technologies
  • you are interested in return on your IT investment and higher efficiency of IT services and IT strategy of your Company in general
  • you are considering opportunities to implement innovative approaches to a data center operation: clouds, hybrid use of resources, outsourcing, innovative management methods and so on
  • you are preparing to a large-scale upgrade of your IT infrastructure, planning to build or revive your existing IT systems or IT infrastructure
  • you are planning to obtain certificates (ISO20000, ISO27001, ISAE3402, etc.) or standardize your Company's IT services
  • you want to estimate your preparedness for transition to IT outsourcing, develop a policy for your IT processes or increase the efficiency of your IT division operation
  • you want to cut your IT costs and meet all the requirements of your business
  • you want to increase the efficiency of your existing equipment and data center applications, and the return on investment in data center infrastructure
  • you want to analyze and eliminate bottlenecks related to the performance, reliability, and scalability of your infrastructure and its components
  • you want to identify potential for more efficient use of your IT infrastructure in the future.
The development of modern business is dynamic and active. Corporate managers identify new points of growth, define new targets and tasks for business development and support, while information technologies are penetrating business processes more widely and deeply. Not only are new technologies capable to ensure support and optimization of corporate business processes but also introduce new ideas into business, give additional momentum to the development of business, and create competitive advantages.

To ensure synergism between business and information technologies, IT strategy is created and updated on a continuous basis.
IT audit is always the cornerstone of an efficient IT strategy. The audit makes it possible to assess the
infrastructure condition and the level of IT service availability, evaluate the business and IT processes of a company, as well as their continuity, competencies of IT employees, design office, and the efficiency of all information systems' operation.
You can use the IT audit (IT analysis) to objectively assess the IT management system of your company, understand the development prospects of your IT infrastructure, information systems and IT services, as well as define points and methods for maximum application efficiency.

IT audit:

  • demonstrates the coverage and quality level of the informational support of your Company's key business processes;
  • demonstrates the applicability and advantages of introducing new technologies and approaches of the modern digital worlds (such as business digitalization, migration to cloud and hybrid environments, automation of business processes);
  • demonstrates how IT assets and resources can give additional qualitative vistas for business;
  • suggests how IT transformation can optimize value chains both for the business in general and a particular IT division;
  • considers the necessity to implement methodologies for IT management, IT services, applications, and an integration environment in order to obtain maximum return and profit from them;
  • demonstrate how ensure business continuity, which solutions can be used to analyze the operation of the network and IT infrastructure, business applications; identify problems with any IT application or service, determine the availability and efficiency of software transactions, forecast negative end user impact;
  • helps to decide how to fully use existing IT resources of a company and, as a result, minimize expenses when implementing large-scale modifications;
  • calculates the amount of a company's investments in its IT division, IT infrastructure, information systems and services, as well as the feasibility of the investments;
  • assists in cutting costs on information system maintenance and ownership;
  • highlights risks in the area of data protection and show how to eliminate or minimize them;
  • assists in evaluating the compliance of your IT with the best world practices and reference models applied by our major customers worldwide.
We offer the following IT audit options:


Auditing of all areas of a company's activities is included. The average duration of such an audit is 3-4 months.


Several key areas are selected, for example, audit of IT security and ITSM processes. The work is carried out from several weeks to 2 months.


IT audit of a single area, for example, IT audit of staff. Duration of the audit is several weeks.

Depending on your selected IT audit types, you can expect the following results:

Detailed recommendations on optimization of your IT infrastructure, IT architecture and IT processes

IT audit report with a detailed description of the current state of your IT infrastructure, IT architecture and IT processes, as well as recommendations on their optimization

Mid-range IT strategy

Feasibility study of the implementation and development of IT systems, IT infrastructure upgrade

Roadmaps for the development, improvement, and implementation of business applications

Terms of reference and/or individual terms of reference for the improvement and integration of information systems, selection of software solutions from a range of vendors.

IT audit areas
  1. IT infrastructure audit

    - specialized software usage
    - physical examination
    - individual interviews with IT service employees of the company

    IT infrastructure audit is logically divided in 2 parts: server infrastructure audit and client infrastructure audit

    When auditing the server IT infrastructure, we use an efficient examination methodology an a set of standard tools. As a result, we can quickly and efficiently examine IT infrastructure of a company and determine the degree of the customer's IT infrastructure compliance with business goals, assess current risks of the infrastructure impact on business and efficiency.

    Our large team of certified specialists offer our customers the most efficient methods of IT infrastructure transformation.

    During the client infrastructure survey, we:
    • analyze and assess IT assets and management processes for operating systems and software on employees' workstations;
    • compare the purchased and actually used licenses, analyze risks and develop proposals on optimization of software licensing and usage;
    • determine infrastructure readiness for transformation, implementation and migration of Office 365 and EMS cloud services, migration to a new version of the client OS (Windows 7, 8, 10), implementation of approaches and tools for mobile device management, and implementation of the BYOD concept, implementation and optimization of VDI and terminal environments;
    • analyze the efficiency of end user devices.
  1. Audit of business processes

    The audit of business processes is a procedure for identifying and isolating problem areas of a company's operation. The audit includes:
    • audit of business processes for reporting and creating the reporting structure
    • determination of transparency and efficiency of a company's processes, performance of processes by key customers and business process re-engineering, if necessary
    • description of the decision-making model of the company
    • determination of metrics, key business indicators of the company for data monetization, identification of data sources, rules for data systematization, binding and enrichment
    • identification of current business and user issues, issue categorization (from major to minor)
  1. Information security audit

    The information security audit includes examination of the current information security system of the company to objectively assess the level of its security and develop recommendations on its improvement.

    During the examination, our specialists interview key employees of the company, examine processes related to data security, scan information systems for vulnerabilities, determine information system requirements (also related to information security), determine the value of information assets and assess risks.
    In all cases, we analyze settings of information systems, DBMS and data security tools for the compliance with data security regulations.

    As a result of the Information Security Audit, the company obtains a detailed report containing information about all detected issues and vulnerabilities of information systems, infrastructure and organizational measures, as well as a list of recommendations on the improvement of the company's data security level, threat model, and other necessary documents.

  1. Audit information systems

    The audit of information systems includes examination and analysis of the existing information system of the company to assess its efficiency.

    During the audit, we analyze the compliance (partial compliance, non-compliance) of existing IT services and information systems with business processes, operational and strategic gaols of the company, actual requirements of certain divisions. We identify critical systems and services, as well as their availability and efficiency.

    As a result of the audit, we make conclusions on whether the current information systems, IT services and business applications meet the requirements of business, develop recommendations on the optimization of information systems, their future development (improvement) and integration environment implementation; calculate mid-range IT budget.

  1. Audit of IT division, ITSM processes, assets and resources

    The division audit is performed to improve the efficiency of the IT division operation, optimize IT expenses, improve the quality of IT services, re-organize IT divisions to meet the company's business tasks in compliance with the modern methodology of IT infrastructure operation.

    As a result of such an audit, we prepare the auditor's conclusion with detailed recommendations on the organization of IT service operation planning to meet the requirements of the company's business.

    Audit of processes includes 5 stages
    • approval of the audit coverage, goals, criteria, methods
    • preparation for auditing
    • audit of the company
    • examination of evidence provided by the company
    • preparation of the auditor's report
    As a result of such an audit, the company obtains:
    • the report on the audit of IT service provision process with the assessment of maturity of IT processes and management system
    • the list of identified non-compliances: regulations, standards, best practices depending on the audit criteria
    • observations: sources of improvement for the IT service management system and areas of improvement
    • practical recommendation on the elimination of non-compliances, process efficiency and maturity improvement, ensuring the compliance with the requirements of standards or best practices
    • as-is models of processes developed using the Process Mining technology to analyze traces of data that are, for example, stored in the company's ITSM system Process Mining
IT audit approaches
Depending on audit goals and specific features, we choose one of the following two audit approaches:

Baseline first – the goal of this approach is to detect and eliminate problem areas without holistic comprehension of the target state of the IT infrastructure, IT architecture, and IT processes. Typical tasks — elimination of performance bottlenecks, cutting information system maintenance and ownership costs, information system performance analysis, etc.

Target first – this approach is mainly used to ensure that IT infrastructure, IT architecture and IT processes reach a certain well-defined state. This may include preparations for certification, implementation of ITIL processes or DevOps approach, division or consolidation of IT infrastructure, implementation of a new information system or its migration to cloud, etc.

Depending on the selected approach, the number and sequence of stages vary. The main of them are as follows:
Шаг первый

Determine the company's audit goals, its business architecture, vision, business drivers, and the holistic comprehension of its position in BDAT (Business, Data, Application, Technology) domains. Identification of limitations and risks.

Шаг второй

Assessment of problem areas and probable risks. At this stage, we work on business problems and define priorities for their resolution.

Шаг третий

Then, our employees perform a more detailed IT audit: detailed analysis of identified problems and search for most efficient ways for their elimination. You can rest assured that we will offer an optimal solution since our IT company has competent auditors in various IT areas.

Шаг четвёртый

As a result of the audit, the company's chief executive is provided the IT Audit Report on all examined issues and areas.

Шаг четвёртый

We examine the existing infrastructure, perform inventory of the current system-wide software of the corporate server and client infrastructure. We analyze the the audit results, develop specific proposals and recommendations on optimizing all components of information systems and infrastructure.

Шаг четвёртый

Besides, we create a register of currently used IT solutions in the context of current business processes, evaluate their feasibility, identify bottlenecks and optimization methods. We describe the logic of interaction between various information system components when performing business tasks and evaluate the relevance of the information system structure for their solution.

Related news
Ask an Expert


— Dmitry Drozdikov
The head of data center infrastructure consulting department
Ask a Question
Contact us Callback

Thank you for contacting!

We will contact you

icl-services.com uses cookies, and by continuing browsing the website you give your consent to the use of cookies by us. Otherwise you should leave our website after reading this.