Question: “AUDIT OF AN IT FACILITY/SITE”
1. List 5 overall audit goals for this audit
2. Describe the scope of the audit i.e. how big, broad, and deep the audit will be in terms of topics to be audited.
3. List 5 Critical success factors that you consider essential for management of this IT facility to be considered “effective/successful”.
4. List 5 “things that could go wrong” with the overall management of an IT facility.
5. List 5 “Key performance indicators (KPI’s) that will help guide you in determining how well the IT site is being managed.
6. For the specific part of the audit that deals with “Standards for appointing Individual Department Managers at this facility”, list 5 specific audit program steps that you will do to accomplish your audit.
1. IT audits are an important part in ensuring the IT
infrastructure is in place and ready for any issues that may come
up.
Following steps can be done while doing an IT audit.
1. Establish the objectives and scope of audit.
2. Prepare audit plan to achieve the objectives.
3. Consolidate and gather information on the relevant IT controls
and evaluate them.
4. Perform audit tests, using various tools and techniques, where
appropriate.
5. Report on the IT audit findings.
The major goals while doing an IT audit are:
1. Evaluate the process, system and practices that are in the
organization with regards to data security
2. Identify the risks to information and help in methods to reduce
the same
3. Ensure all systems and process are within the regulated
framework for IT best practices
4. Determine inefficiencies in IT systems and associated
management.
5. Ensure all documentation and licensing are proper for software
and hardware components.
2. The IT audit process for facility and data center will be
limited to the following areas:
• The data center where infrastructure is maintained
• The networking and server room
• Licensing of software and hardware
• Risk assessment of processes
• Data security and theft checks
• Load management checks
3. For an IT facility to be considered effective and successful
following areas should be in place:
• Proper documentation and formalities with regards to the
government and regulatory bodies
• Risk mitigation plans
• Working Disaster recovery plans and systems
• No data theft/data loss occurrences
• Less dependency on physical infrastructure and more on cloud
based servers
4. Few things that can go wrong with management of IT facility
are:
• Improper handling of equipment’s in data center
• Incorrect tagging on network cables, servers, monitors and
network switches
• In effective disaster recovery mode
• Untrained employees to manage the IT infrastructure
• Non identification of Important Data leak sources
• No policies or outdated policies
• No routine vulnerability/ penetration tests
• No centralized issue log management and solution database
5. Few KPI`s that will help me guide the audit are:
• IT system downtime less than 5% in 1 year
• Less than 100 incidents of IT system failure in past year
• Low recurrence of older issues
• More than 99% license updated and non-pirated
• Faster data processing compared to previous year
6. It is vital that the employees who manage the infrastructure
should be well trained and capable for handling the system. To
ensure that they are up to the industry standards following checks
can be done:
• Educational background check
• ITIL / Network management certification check
• Past experience check
• Simulation of IT hack/data leak and check the response
• Situational awareness of the manager
Get Answers For Free
Most questions answered within 1 hours.