The Objective of IT Applications and Infrastructure Audit is to help organizations assess the capability, maturity and fitness for use of their IT assets, applications and processes.

The Audit covers the following areas

  • IT Organization and Management
  • IT Applications
  • IT Infrastructure
  • Policies and Procedures

IT Organization and Management

  • Evaluation of current organization structure, Roles and responsibility matrix, Details about Governance mechanisms
  • SWOT Analysis

IT Applications

  • Mission critical and backend application Inventory and Vendor Management
  • Application Business Value covering Functional Requirement Vs Compliance, Business Criticality, and Strategic Alignment
  • Technical and Non Functional Requirements covering Product Viability, Technical Architecture, User Experience, Configurability/ Scalability, Dev Tools Availability, Training and Documentation, Integration Mechanism, Application Performance
  • Application Development, Release, Deployment, Maintenance and Support Processes as applicable

IT Infrastructure

  • Evaluation of hardware, network capacity vs utilization vs requirement
  • Evaluation of Data Centre (DC) Network, Compute, Storage, Performance and Security
  • Network bandwidth usage and performance physical/ logical architecture for High Availability (HA) and Disaster Recovery (DR) across Production, Quality Assurance, Development environments with modes and patterns of Deployment
  • Verify software used on server side, database, end user computing / security
  • Methodologies & tools for monitoring/ billing/ provisioning IT Infra and sample reports for monitoring of the IT Infra
  • Details on the infra performance such as transactions, peak load, server usage, internet bandwidth usage
  • Details of IT Asset Management , Software and Hardware asset inventory
  • Details of the vendors supporting the infrastructure

Policies, Procedures, Risk and Compliance

  • Documented policies, procedures, adoption/adherence, audits undertaken and sample reports
  • Mitigation plan and implementation plan for the non - compliances observed during the audit
  • Software asset inventory with details of number of licenses software asset management audit reports
  • Review Procedures: Change Mgmt., IT system development, Maintenance and Support
  • Details about IT system accident recovery measures, DRP and BCP in place, DR Locations and sample mock drill reports