Whether you’d like to carry out an IT audit of your SME yourself, or whether you’d like to call in a service provider to do it for you (consulting firm, freelancer…), this article will be useful. In the first case, we’ll give you a method and concrete examples for carrying out the audit yourself. In the second case, it’s important to know the basics before subcontracting to a service provider.
If you had only one thing to remember from this article :
An IT or digital audit is a methodical approach to understanding and analyzing the existing information system and user satisfaction. This analysis enables us to put forward recommendations that will enable the company to take full advantage of digital technology. A good audit requires :
- Completeness
- Meeting the right people
- Don’t take sides
- Don’t look for solutions too soon
- Employee communication and change management
An SME IT audit is then followed by the construction of a transformation roadmap and its implementation.
The fundamentals of a small business IT audit
What is a digital audit?
An IT audit or IS (information system) audit is a methodical approach to assessing several aspects of a company’s digital tools. There are 5 levels of analysis:
- Level 1 – Network and Telecoms: This covers the study of Internet access, wi-fi and network analysis.
- Level 2 – Hosting, interconnections and user equipment: This covers the hosting of the company’s various applications and software (public or private cloud, onsite or outsourced servers, etc.), as well as the interactions between the various software (possible sources of multiple entries). Hardwares such as computers, telephones, printers, etc. are also analyzed.
- Level 3 – Collaborative work: This represents the level of satisfaction with collaborative uses such as e-mail, diary, document sharing, video, chat…
- Level 4 – Core business: This is a study of the functional satisfaction of the various business software applications used throughout the SME value chain, such as customer management, accounting, HR, production planning and purchasing software…
- IT Function Level: Represents all the elements that enable the IT function to function, such as teams, partners, expenses, budgets, IS processes and activities.
Each level is interdependent. Indeed, it’s like a restaurant: without water and gas, it’s difficult to serve customers, and without level 1, it’s difficult to use the software and do your job.
This study is essentially based on user satisfaction, usage, tool performance, quality of service and security.
What are the objectives of an SME IT audit?
- For each tool (software and equipment), assess performance, user satisfaction and safety levels
- Identify findings, sub-optimizations, risks and vulnerabilities
- Propose recommendations. And on this basis, design a transformation roadmap.
You can’t build a house without a plan, and in the same way, the audit is the phase that enables you to design the plans for your future information system.
Why carry out an IT audit for your SME?
Understanding how things work today
- Identify and examine functional and operational problems, such as bottlenecks, repetitive tasks, inefficiencies, complex sequences and non-value-added tasks.
- Quantifying IS costs
- Detect sensitive points and potential risks.
- Ensurealignment of existing processes with organizational and strategic objectives
Collectively building an improved version
- Unambiguous, uniform understanding of future operations for all parties concerned.
- Clear identification of the needs to be met in the search for solutions and software.
- Informed decision-making
- A change management tool to persuade and convince.
- Collect key data to monitor and evaluate target performance.
Durability of the information system
- IS compliance and control
- Monitoring user satisfaction
- Easy duplication of an IS for a new site or a merger.
- Improved communication and collaboration between teams, making it easier for them to understand each other’s tasks, responsibilities and interactions.
- Training made easy
- Opportunities forinnovation and continuous improvement.
What are the benefits of an IT audit?
Understand, improve and manage IT costs
The SMB IT audit provides a comprehensive overview of the cost of digital tools. We then identify sub-optimal cost centers and replace them with appropriate solutions.
Implementing best practices
practices
Protecting your data and IT assets is essential if you are to benefit from the digital age. With a secure and flexible architecture , you’ll be able to implement new IT uses.
Take advantage of the best software on the market
Finding the right software is no easy task. Indeed, the landscape of solutions has never been so nebulous. During your SME IT audit, an IS architect will be able to recommend the best software for your needs and budget.
Gaining in performance and outperforming the competition
A high-performance, customized information system will reduce costs and eliminate non-value-added software tasks (such as multiple entries, the use of convoluted, non-ergonomic software, lack of interconnection between software…).
What are the different types of IT audit or studies possible during an audit?
Choosing the right IT audit for your SME is like going to a restaurant: there are many possible menus. It’s up to you to choose what makes the most sense for you, given the budget and time you have available.
It is of course possible to carry out a digital audit yourself, but using a service provider is often more efficient.
IT/digital audit (recommended)
It’s an audit that examines all levels of your IS and how it works, including your employees. Unlike other IS audits, it is based on employee satisfaction and the company’s business needs. Infrastructure, security, hardware and software are then analyzed from this angle, leading to recommendations that meet the strategic challenges facing the SME.
Highlights:
- Study of the challenges and strategic orientations to define an IT strategy
- Anlyses of employees’ expectations and business needs to find appropriate, ergonomic and effective solutions to their frustrations
- Better acceptance of digital transformation by teams thanks to change management
- Optimal infrastructure and safety adapted to the strategy (it’s not optimal to have a Ferrari when driving in a city).
Technical and security audit
As the name implies, this is an audit that will only study a company’s infrastructure, hosting and equipment, without taking into account business challenges and requirements. It’s an expert audit for experts. All IT equipment (networks, switches, servers, computers, etc.) will be assessed. Performance and robustness recommendations will be made.
The key words:
- Preventing computer breakdowns
- Network performance
- IS security by following ANSSI-approved methodologies. It identifies system risks and vulnerabilities
In general, these audits are not sufficiently aligned with a company’s business needs. Certain choices are costly and degrade the experience of business staff.
Organizational audit of the IT function
This is an audit that focuses on the functioning of the IT function within a company. The consultants will analyze IT processes and activities (governance, relations with business lines, project management, procedures, documentation, etc.), teams and equipment, partners and costs/budgets.
The key words:
- Streamlining and structuring teams
- Identifying needs for skills upgrading
It’s also possible to do all 3 at the same time! But you’ll understand that it won’t be the same effort.
How does an IT or digital audit work?
Presentation and brief description of the stages
Step 0 – Planning
Together with the parties involved, the project manager plans the various stages of the SME IT audit: objectives, scope, expectations, analysis grid, deliverables, timetable, etc.
Step 1 – Launch
At a kick-off meeting, the stakeholders organize the interviews, workshops and visits, provide all the documentation to be read, validate the interview guides and, if necessary, validate a questionnaire.
Step 2.1 – Individual interviews or workshops
The project manager will organize one-to-one interviews with key contributors, or themed group workshops. Prepared questions will be asked to gather qualitative information.
Step 2.2 – Site visits
The project manager will visit key locations to audit equipment and network performance. The visit can also be used to monitor the company’s value chain activities
Step 2.3 – Online questionnaire
If more quantitative information is required, data can be collected via an online questionnaire. In addition, this allows us to hear from more employees and start driving change.
Stage 3 – Analysis
The project manager will analyze all the information collected in order to identify findings, problems, risks and even highlight best practices.
Step 4 – Recommendations and report
For each problem, a recommended solution is found. All findings and recommendations are formalized in a report and presented to stakeholders at a meeting.
Step 5 – Building the roadmap
Each recommendation is then broken down into work packages and sized in terms of time and budget. All projects are listed on a calendar.
Points of attention during an IT audit
Be exhaustive.
Holes can lead to nasty surprises later on in your project.
Meet the right people. Sometimes it’s more useful to meet with a line manager than with your manager to find out exactly how a department works.
Don’t direct your questions.
Open-ended, closed or semi-closed questions are designed to understand, not to validate beliefs.
At this stage, it’s not advisable to look for solutions or software. It’s too early, as needs are still general. To choose now would be to close doors and miss out on the best solution.
And this is perhaps the most important point. The audit is also the first change management tool. Being sympathetic, listening and teaching will only be beneficial for the rest of the project (especially if it involves major organizational changes).
Examples of deliverables
Now you know all about small business IT audits. Now it’s your turn! See you soon for more content!
Leave a Reply