i
IT AUDIT - Audit of IT infrastructure and IT systems

IT Audit


Check, evaluate and reduce IT costs

IT Audit is a set of procedures aimed at studying and evaluating Company IT infrastructure and business applications, utilization efficiency and compliance the set requirements. The result of the audit is a report that contains a detailed and reliable information about the state of IT - in processes and infrastructure.

The purpose of an IT audit is to show how things really are with IT in your companies.

Free of charge when concluding a contract for IT Outsourcing*



IT audit is the process of obtaining objective data on the current state of IT systems, assessment of actions and events occurring in it, establishing the level of their compliance with a certain criterion (internal standards of the enterprise, requirements of national and international standards) and providing the results to the customer in the form recommendations.

Audit steps:

  • Agreement with the Customer on the objectives and content of the audit;
  • Collecting objective information about the current state;
  • Evaluation and analysis of the information received;
  • Presenting audit results and recommendations for optimization;
  • Control over the implementation of recommendations.

The negative consequences of having gaps in the functioning of IT can lead to serious consequences: loss of confidence on the part of counterparties, financial losses, loss of a license or complete shutdown of the business. Regular IT audits are essential and important event.

An IT audit will help you solve many problems and provide answers to questions regarding the functioning of the IT infrastructure:

  • How to build an information system?
  • What needs to be done first?
  • How to properly manage and monitor?
  • Does existing IT support your business strategy?
  • Identification of information risks and impact on business processes of the enterprise?
  • How to minimize existing risks?
  • How to reduce IT ownership costs?
  • How to optimize IT investments?
  • How to optimize the use of existing IT resources?
  • How to minimize risks in case of unforeseen situations?

It is important not to confuse IT Audit with "IT Consulting" ! These two concepts are often confused. Because of this, business sometimes does not can understand what kind of service he needs now. IT audit looks for existing and potential mistakes, "IT Consulting" works with the achievement of strategic and tactical goals within digital transformation. With one caveat: "IT Consulting" looks at achieving business goals through the lens of information technology.




IT rendering views audit


Depending on the challenges facing IT and business, we are approached for the following types of audit:

Comprehensive IT audit


In an IT audit, information systems used by the company are checked: security, communications with the external environment, the corporate network for their compliance with business processes, etc. Wherein IT risks are analyzed and evaluated.

We provide an expert assessment of the state of IT. Comprehensive IT Audit, includes:

  • Infrastructure audit
  • Software Audit

A comprehensive IT infrastructure audit will help you understand:

  • Whether the result is in line with the IT costs the company incurs. Discover, how optimal are the settings and how efficient is the IC architecture.
  • Assess the competence of the IT team, how correct and cost-effective decisions are accepted by IT professionals. Do they perform their duties in good faith?

The difference between a complex audit and a specialized one:

  • During a comprehensive IT audit, specialists check all the objects of the IT infrastructure, evaluate their performance and create a list of recommendations to eliminate the detected problems.
  • During specialized IT audits, all objects are checked in one of the areas (IS, operation of business-critical services, etc.).

The cost of a comprehensive IT audit is calculated individually and depends on the number of analyzed objects.

IT infrastructure audit


IT infrastructure audit includes:

  • audit of servers, network equipment and data storage systems;
  • audit of parametric data on volumes and load distribution;
  • audit system performance level;
  • Audit redundancy and fault tolerance methods.

System architecture should always take into account the relationship between the applications used and equipment. Each software vendor has recommendations and requirements for equipment is completely different.

Each application has its own set of monitoring metrics: processing power, processor latency, disk array response time, etc.

Audit of basic information security processes


The basic information security processes include:

Access management process - the purpose of the process is to eliminate the following risks: control of access to resources of unauthorized users, control of excessive access rights for enterprise users (for example, administrator rights for a business-puser).

The Software Security Updates Management Process is the purpose of the process exclusion of the following risks: unavailability of services/information systems and data compromise enterprises as a result of exploiting a vulnerability in software with outdated updates security.

Processes are conveniently scalable both at the level of IT infrastructure and at the level of a separate IS.


Software audit


Software audit - inventory of installed software software, determining the license purity of the installed software and determining the necessary plan actions for its legalization, support and updating. Can be done on its own event, and during a comprehensive audit of the IT infrastructure.

Given the increasing control by the state over compliance with licensed legislation and considerable fines, the company's management must be sure of the legality using the programs installed on her devices.

Software audit will allow you to make an inventory of existing software, plan and reduce your costs for purchasing software in the future, as well as insure yourself against responsibility for the use of unlicensed software.

The result of the software audit will be a package of documents that will provide comprehensive information about installed software in your organization, recommendations on the need for legalization unlicensed software, as well as analytics, on the basis of which you can create specific optimization plan.

Asset Management Systems Audit


IT assets - computer equipment, communication equipment, software collateral (software) - constitute the most important part of all assets of a legal entity.

Hardware asset management covers the management of physical components IT infrastructure (servers, computers, network equipment, etc.), throughout their life cycle from acquisition planning to decommissioning (with subsequent transfer to third parties or disposal).

Software Asset Management (Software Asset Management - SAM) is a similar group of processes focused on software assets, including licenses, versioning, and software installation endpoints.

Full accounting of IT assets is necessary for the correct conduct of financial activities. Based audit results are performed:

  • developing an asset management improvement program
  • Development and implementation of an asset management system

IT audit classification, allows you to define the purpose, object and type of audit


  • Documentary IT audit - checking the compliance of the IT block companies documents, records, data and assessment of the degree of formalization of the company's IT unit. Documentary audit the regulatory framework of the IT block allows you to find many shortcomings at a preliminary stage technological and management processes
  • IT audit of compliance - carried out when there are regulatory requirements for the state of the object being checked and quality criteria are established. IT compliance audit in more of a technological nature, focusing on execution technical specifications, job descriptions, operation schedules, maintenance regulations, safety rules.
  • Risk-based IT audit - differs from the previous two in that to the functions of control and analysis added identification and risk assessment. Risk oriented the audit is based on methods for studying potential threats, assessing the magnitude of a possible damage and the degree of probability of a negative scenario for the timely identification and elimination of risk factors.
  • IT block development audit - based on information obtained from three early stages of an IT audit. Helps to develop effective corrective solutions, skillfully to organize and effectively implement is not an easy task. Therefore, it is also important control. This area of ​​IT audit is an integral part of the implementation of the strategy development of the company in the conditions of turbulent changes in external and internal technological, economic, social factors. IT unit development audit is a good tool implementation of strategic plans for the natural development of the company, associated with both requests business, and with the requirements of standards.

*When concluding a contract for subscription service of computers (IT-Outsourcing) at the "Professional" tariff, a free service "Express it-audit" is provided. Express IT audit is carried out in order to assess the complexity of the IT infrastructure, search for problem areas, assessing the optimal use of equipment and the correct functioning.