IT audit: tasks it solves and how to know if you need it

Using an audit from OrbitSoft as an example

IT audit: tasks it solves and how to know if you need it
Портрет эксперта
Dmitry Shimko

Data Scientist at OrbitSoft

«We want to scale our system. But if we do, the cost of equipment will increase significantly.» This is one of the concerns from which an audit can begin in the IT sphere. We’ll tell you why you might need an audit and what to pay attention to if you order one.

What is an IT audit?

An IT audit is a tool that helps to find weak points in a system and understand what and how to change things for better performance. In practice, it means that experts analyze the state of programs, products, applications — everything. And, based on the results, they prepare a report with their recommendations. This is similar to a medical check-up.

The customer decides what exactly to investigate and why. For example, one can order an analysis of the operation of all systems or only one. What precisely is checked is also decided by the customer. There are no strict rules.

An example of a request made by a client to OrbitSoft. If an audit is needed, it’s not necessary to describe everything in such detail. You can simply identify what is causing doubts and confusion.

When it makes sense to ask for an audit

There is no universal advice when a company should conduct an audit. Everyone decides for themselves. In our experience, people more often apply for expertise in the following cases:

  • There is an obvious problem
  • It’s unclear whether something is worth investing in
  • The client wants to check if the business is using the best solutions
  • A migration or other change is planned

There is an obvious problem, but it is not clear exactly where it is or how to fix it. For example, new developments take too long or require more resources than the potential economic effect from them.

It is unclear whether it’s worth investing money or whether it’s possible to reuse existing resources. For example, a company uses six servers, but not at full capacity, but so that there is headroom in case of a peak load.

The volume of tasks to be handled by the system increases and additional capacity is needed. The question arises: is it worth increasing the load on the servers and risking a possible peak, or is it safer to pay extra for new services?

An audit helps find a solution. It’s quite possible that it will be feasible to free up capacity for those working with the service at the expense of other technologies. For example, switching to the Go language.

There’s a task to check whether the business is using the best solutions and getting the most out of them. Let’s say there is a task regarding work with certain devices, but so far it’s not functioning properly. You need to understand what the problem might be.

A migration or other change is planned, such as an upgrade or scaling. In order not to lose money and suspend work, it’s beneficial to understand in advance what needs to change, what to take into account, and so on.

For example, the database that the company uses is no longer being maintained or developed, so you will have to use a different solution. Or a move to a different codebase: something was written in one language, and it’s outdated.

A tip from Orbitsoft: when precisely an audit comes in handy

  • The owner plans to sell the business, and one of the components is an IT system
  • The company is preparing to enter the stock market
  • There’s a directive sto assess the maximum capacity of the system

What central issues audits address

Audit can cover two areas. One is related to solving problems, the second is the evaluation of proposals, plans, general status, and everything related to the future.

Examples of tasks for an IT audit

Problems and risksEvaluation of solutions and plans
ScalingA plan for infrastructure migration to cloud storage
Expensive system development and supportModernization of outdated equipment stock
The system does not bring expected incomeOutsource part of infrastructure support and maintenance processes

Things we can check as part of audit

The areas involved in an audit depend on the customer’s wishes. For example, if one is ready to give access to storage systems, experts will be able to test ithem. If not, then they can check them superficially or not at all.

Examples: what can be examined as part of audit

Computing infrastructureTelecommunication infrastructureEngineering systems
ServersCorporate data transmission networkBasic infrastructure services
Data storage systems and data storage networkLocal computing networkInformation Security
Backup systemVideo communication
Archiving systemTelephony
Virtualization system

What does audit look like?

The audit can be in two formats — remote or in-person. If the task is to check the systems, experts usually work online. In this case, there’s no need to find space for people to work, issue passes, etc. And when it is needed, you only need grant access to the systems. In-person audits are rare.

Regardless of the format, the audit goes through the same steps. Here’s how the OrbitSoft team does it.

General audit scheme from OrbitSoft

  • Discussion and reaching agreement on conditions
    • What problem we are solving
    • Goals and tasks of the audit
    • What exactly experts are investigating
    • What criteria experts will use during evaluations
    • What access will be needed and how to arrange it
    • Whether a client needs any recommendations based on the results of the analysis
    • Suggestions for the report
  • Research
    • Interviews with the customer’s team: IT specialists, their internal clients — employees who are involved in the work and who use IT solutions
    • Exploring of practices and solutions that are related to the topic of the audit
  • System analysis
  • Project deployment
    • Report preparation
    • Recommendations
    • Discussion of the results and recommendations with the customer

What a company receives as a result of the audit

Based on the audit results, the company gets a detailed report and recommendations on what they need to do, how they should implement these actions, and when they should them. The type and format of the report can be standardized or customized for a specific business and tasks.

  • At Digital mainly shows ads from Yandex and Google — other banner networks, which in turn show ads from other networks.
  • The site has Adfox and settings for header-bidding connected, and requests for bids are being made. There is probably a hidden auction via Adfox is taking place.
  • The sizes of ad slots are not fixed and banners are displayed in several sizes or their combinations. The width of the site is flexible, which causes incidents during impressions, for example, a 720px banner may not fit and is cut off at the edges.
  • The site has a huge number of scripts with confusing logic. Some of these are probably not used, but they do affect performance.

A part from an Orbitsoft report as a result of ad solutions analysis

In addition to the audit itself, experts prepare recommendations and help with implementing changes. For example, the Orbitsoft team can draw up a vulnerability remediation plan, help with software implementation, or with developing needed algorithms.

What can be in a reportExamples
ArchitectureA list of errors
A list with the elements that don’t adhere to modern standards
Fault tolerancePeak load criteria for determining the moment when the system will fail
What breakdowns will disable the system
A list of incorrect software settings
PerformanceDownload statistics
Parameters of system resources utilization Overload level
Capacity shortage
Software relevanceVersions of microcodes, system software, and so on
Support resources
Compliance with best solutions in the market
MonitoringCoverage of monitoring systems
List of metrics for analysis
Comparison of collected metrics and those that still need to be collected
Quality of observation of failures response
OperationOperating conditions and how they comply with standards
Physical and other depreciation
Warranties

Examples of Orbitsoft audit projects

  • 01
    Client

    An advertising agency from Berlin, which works in the European market

    Owner of a Russian service

  • 02
    Problems or tasks

    System scalability is very expensive

    The system is not working at full capacity

    The owner was planning to sell the business.

    Potential buyers asked to show the results of an IT platform security audit of the service

    The report must be from an independent expert

  • 03
    Result

    We found problems in the statistics processing and ads display

    We identified bottlenecks in requests processing that took too long to complete and led to memory leaks

    We offered algorithms and ready-made libraries for problems solving

    We found a system vulnerability and suggested solutions on how to eliminate it

    We provided the results of load testing and a report on system’s fault tolerance check

Whatever your needs, we can help!

Tell us what problems you’re facing with your business. We look forward to hearing from you.

Получите ответ по смс

Ваше сообщение успешно отправлено!
Представьтесь пожалуйста
Укажите номер, на который придет ответ
Нажимая на кнопку, вы даете согласие
на обработку персональных данных.