Auditing

Suitability, Viability, Sustainability & Value

Our understanding and experience of building networks of all sizes, from small single offices to multi-branch networks and telecoms infrastructure, place us well to audit and review corporate IT networks.

Key to any review is understanding the suitability, viability and sustainability of the current network and IT infrastructure and considering how these fit with both current and future needs.  We look to advise on this from the perspective of value for money, physical asset analysis and review of software and tools used.

We also look to advise on how well investment has been spent to date, where investment may be needed in the short, medium and long term and where systems and processes could be used to reduce spending.  In particular, we look at the cost-benefit analysis for outsourcing elements of IT services/provision (such as cloud provision or contract support agreements) and the value being gained from historic investment.  Suggestions around efficiencies and systems that could be used to increase productivity can also be included.

Audit Areas

Network

The heart of any IT provision is the network.  Our experienced network engineers look at the current network provision, assessing its capacity, longevity and flexibility for future needs.

With more business solutions becoming cloud-based and remote access to both operational and secure content becoming expected, we also assess how this may need to influence future investment and where the current hardware and assets can be further leveraged.

We also look in depth at the support systems in place and assess both the likelihood and impact of outages.  This information can be used to form a progressive IT plan, ensuring that infrastructure is always on.

Financial Assets & Inventory

With larger ticket items, tracking and identifying what assets an organisation owns and determining their current financial value is an important task.  Where an asset register has not been maintained, verifying this and the hardware and software supplied by external agencies can be daunting.  We work through purchase history to either verify or create an asset registry, determining current values and states of maintenance.

As part of this, we identify risks where spending may be required to replace old or missing hardware in the short to medium term.  We also look to identify ‘missing’ assets through tracking purchase history and try to account for these.

Disaster Recovery

For most business, IT disaster recovery is, or should be, a key document.  The provision of services to staff and customers when access to working space becomes unavailable (eg through fire) needs to be laid out in a practised and easy-to-follow plan, so as to have minimal impact on the business at a difficult time.  Likewise, plans for recovering or auditing data should the need arise need to be quick and efficient to reduce the loss of productivity or running up of costs.

We can work either to build and implement the support systems needed for your IT disaster recovery plan or test and evaluate your current plan, looking for areas to be streamlined and at feasibility for deployment.

A disaster recovery plan should cover everything from a single server failure to the loss of a supplier to complete system loss.  We look at what systems and procedures are in place for this, and where needed we help to refine and implement a plan.

Skills

The skills of the people, either internally employed or externally contracted, who maintain and monitor your IT infrastructure will have an impact not only on the value you get from it and the stability of it, but also on the longevity of your investment.

We work to identify strengths and weaknesses within the total skills base and look at ways it can be enhanced and supported (often through training) to better leverage the resources you have.

Where there is reliance on external contractors, we assess the value for money you are getting from contracts against your requirements.

Security & GDPR

We look at the security of your network and the data stored on devices both internally and externally within your organisation.  We assess the measures used to protect your data and to prevent malicious access or harmful software being installed.  With the increased requirements placed on businesses by GDPR, we assess how the data you hold is affected and what protections are put in place to adhere to the legal guidelines.

Security can be a burdensome and expensive problem for businesses of all sizes, particularly given the current economic uncertainty, so we take a pragmatic approach to what is practical, necessary and justifiable spend.

Compliance & Assurance

For organisations working in sectors where there are particular compliance standards in place (such as PCI), we act as independent auditors to provide reports on assurance and conformity.  By generating a series of tests against which to validate compliance, we provide certainty of compliance to businesses and independent reporting to certification bodies.  These tests are designed so that they can be reused regularly, and by internal resources, to help maintain compliance.