Almost every IT system deployment or upgrade project starts with the audit of existing infrastructure, systems and operations. Audit of existing IT systems can be also performed on a regular basis to evaluate the current state of the systems.
The goal is to determine the "as is" state and to develop a solid road map to achieve the "to be" state that would be beneficial for the business. Subjects of the audit from IT and business perspective are defined by the project goals and may vary. For example, you would need to examine the infrastructure components and their relationships before you deploy or upgrade an infrastructure solution, while business application deployment would require an evaluation of business processes and regulations. Risk and threat analysis is an integral part of the new system or information security management tool deployment.
You can examine company’s hardware and software components individually or in bulk. In any case, there are several steps you have to take to collect relevant data and be able to analyze them:
- Analyze the organizational structure and regulatory documents of the company
- Interview members of Business, IT and Security departments
- Perform a tools-aided IT assets analysis
The standard results of the audit process are:
- A report on the "as is" state of IT systems, hardware, core and application systems, applications and processes
- Recommendations on system deployment or optimization as well as operations efficiency, organizational and technical recommendations
- The final outcome of the audit is a road map plan (i.e. draft scope of work) that should align with the needs of IT and Business departments and justify the importance of forthcoming changes