Blog / A 5-Step Systems Audit for SMBs
A good technology audit starts with a strong foundation.
Technology audits can be complicated and time-consuming, so much so that some small-to-medium businesses may find them difficult to justify, especially if resources and budgets are particularly tight. Nevertheless, while it may not make sense for you to invest in a technology innovation audit, pretty much every organization can make use of a basic systems audit to help cut costs and uncover unknown security risks. To get you started, here’s a basic five-step audit you can use as the backbone when conducting your own audits.
A 5-Step Systems Audit
There are five essential steps to completing a comprehensive systems audit.
- It all starts with the hardware—Might as well start with the obvious, right? All the software and applications on the web won’t do you any good if you can’t interface with them. Just remember that an audit is more than just taking inventory. Include each piece of equipment’s model number, serial number, purchase date and receipt if available, and office location. You may also want to note any personnel responsible for the device, but this is optional depending on the particulars of your organization.
- Review software in use—Once you’ve got a comprehensive inventory of your IT hardware, it’s time to start dealing with the digital side of the systems audit. We’re talking of course about all the software currently in use by your business, and all aspects of it as well. That means digging up license agreements and purchase receipts, as well as comparing versions of each application you use against those that are available to ensure only the latest iteration are in use. You should also make note of personal software that hasn’t been approved or covered by use policies that should be removed, as well as any applications that are no longer supported but still in use by your team so you can make plans to transition to a regularly-updated and secure alternative.
- Security is essential—We always recommend letting qualified experts handle your cybersecurity (a comprehensive security audit is part of our onboarding process for all new clients), but for those of you who aren’t part of the TRINUS family, conducting a security sweep of your network and every connected device is absolutely critical to any systems audit. Be sure to check for bots or malware (ransomware in particular), as well as ensuring security software and firewalls are working and up-to-date. Finally, don’t forget the physical aspects of cybersecurity; make sure office cameras and security doors are working and your system can’t be physically compromised from the outside.
- Backups for when security fails—No matter how tight your security, there’s always a chance it could fail. Not only are hackers a wily bunch that shouldn’t be underestimated, but human error and socially-engineered attacks will always be a problem. That’s why your systems audit should include evaluation of your backups and restoration processes. General recommendations for minimum backup requirements include ensuring that backups are stored remotely in case of flood, fire, tornadoes, or other natural disasters, and that your backups be automatically verified. However, these are just minimum criteria; you’re really best off keeping a backup both in a remote cloud and a local but external storage system.
- Document management and printers—Reconfiguring paper-driven processes to take advantage of digital tools can be a significant source of cost-savings, so make sure to ensure your document management systems are serving you properly and minimizing pointless paperwork that can otherwise be offloaded. This is particularly true for printers and their endless problems, and procurement departments. Auditing your document management processes to minimize reliance on the miserable toner-driven tyrants of the office is often a boon to the bottom-line as well as your ease of mind.
Please remember that this 5-step audit is by no means a one-size-fits-all solution, and is just one of the many types of technology audits available. If you’d like assistance with your own systems audit, or have questions about how other technology audits can help you, contact a TRINUS IT expert today.
The TRINUS Team