«We want to scale our system. But if we do, the cost of equipment will increase significantly.» This is one of the concerns from which an audit can begin in the IT sphere. We’ll tell you why you might need an audit and what to pay attention to if you order one.
What is an IT audit?
An IT audit is a tool that helps to find weak points in a system and understand what and how to change things for better performance. In practice, it means that experts analyze the state of programs, products, applications — everything. And, based on the results, they prepare a report with their recommendations. This is similar to a medical check-up.
The customer decides what exactly to investigate and why. For example, one can order an analysis of the operation of all systems or only one. What precisely is checked is also decided by the customer. There are no strict rules.
When it makes sense to ask for an audit
There is no universal advice when a company should conduct an audit. Everyone decides for themselves. In our experience, people more often apply for expertise in the following cases:
- There is an obvious problem
- It’s unclear whether something is worth investing in
- The client wants to check if the business is using the best solutions
- A migration or other change is planned
There is an obvious problem, but it is not clear exactly where it is or how to fix it. For example, new developments take too long or require more resources than the potential economic effect from them.
It is unclear whether it’s worth investing money or whether it’s possible to reuse existing resources. For example, a company uses six servers, but not at full capacity, but so that there is headroom in case of a peak load.
The volume of tasks to be handled by the system increases and additional capacity is needed. The question arises: is it worth increasing the load on the servers and risking a possible peak, or is it safer to pay extra for new services?
An audit helps find a solution. It’s quite possible that it will be feasible to free up capacity for those working with the service at the expense of other technologies. For example, switching to the Go language.
There’s a task to check whether the business is using the best solutions and getting the most out of them. Let’s say there is a task regarding work with certain devices, but so far it’s not functioning properly. You need to understand what the problem might be.
A migration or other change is planned, such as an upgrade or scaling. In order not to lose money and suspend work, it’s beneficial to understand in advance what needs to change, what to take into account, and so on.
For example, the database that the company uses is no longer being maintained or developed, so you will have to use a different solution. Or a move to a different codebase: something was written in one language, and it’s outdated.
A tip from Orbitsoft: when precisely an audit comes in handy
- The owner plans to sell the business, and one of the components is an IT system
- The company is preparing to enter the stock market
- There’s a directive sto assess the maximum capacity of the system
What central issues audits address
Audit can cover two areas. One is related to solving problems, the second is the evaluation of proposals, plans, general status, and everything related to the future.
Examples of tasks for an IT audit
|Problems and risks||Evaluation of solutions and plans|
|Scaling||A plan for infrastructure migration to cloud storage|
|Expensive system development and support||Modernization of outdated equipment stock|
|The system does not bring expected income||Outsource part of infrastructure support and maintenance processes|
Things we can check as part of audit
The areas involved in an audit depend on the customer’s wishes. For example, if one is ready to give access to storage systems, experts will be able to test ithem. If not, then they can check them superficially or not at all.
Examples: what can be examined as part of audit
|Computing infrastructure||Telecommunication infrastructure||Engineering systems|
|Servers||Corporate data transmission network||Basic infrastructure services|
|Data storage systems and data storage network||Local computing network||Information Security|
|Backup system||Video communication|
What does audit look like?
The audit can be in two formats — remote or in-person. If the task is to check the systems, experts usually work online. In this case, there’s no need to find space for people to work, issue passes, etc. And when it is needed, you only need grant access to the systems. In-person audits are rare.
Regardless of the format, the audit goes through the same steps. Here’s how the OrbitSoft team does it.
General audit scheme from OrbitSoft
- Discussion and reaching agreement on conditions
- What problem we are solving
- Goals and tasks of the audit
- What exactly experts are investigating
- What criteria experts will use during evaluations
- What access will be needed and how to arrange it
- Whether a client needs any recommendations based on the results of the analysis
- Suggestions for the report
- Interviews with the customer’s team: IT specialists, their internal clients — employees who are involved in the work and who use IT solutions
- Exploring of practices and solutions that are related to the topic of the audit
- System analysis
- Project deployment
- Report preparation
- Discussion of the results and recommendations with the customer
What a company receives as a result of the audit
Based on the audit results, the company gets a detailed report and recommendations on what they need to do, how they should implement these actions, and when they should them. The type and format of the report can be standardized or customized for a specific business and tasks.
- At Digital mainly shows ads from Yandex and Google — other banner networks, which in turn show ads from other networks.
- The site has Adfox and settings for header-bidding connected, and requests for bids are being made. There is probably a hidden auction via Adfox is taking place.
- The sizes of ad slots are not fixed and banners are displayed in several sizes or their combinations. The width of the site is flexible, which causes incidents during impressions, for example, a 720px banner may not fit and is cut off at the edges.
- The site has a huge number of scripts with confusing logic. Some of these are probably not used, but they do affect performance.
A part from an Orbitsoft report as a result of ad solutions analysis
In addition to the audit itself, experts prepare recommendations and help with implementing changes. For example, the Orbitsoft team can draw up a vulnerability remediation plan, help with software implementation, or with developing needed algorithms.
|What can be in a report||Examples|
|Architecture||A list of errors |
A list with the elements that don’t adhere to modern standards
|Fault tolerance||Peak load criteria for determining the moment when the system will fail |
What breakdowns will disable the system
A list of incorrect software settings
|Performance||Download statistics |
Parameters of system resources utilization Overload level
|Software relevance||Versions of microcodes, system software, and so on |
Compliance with best solutions in the market
|Monitoring||Coverage of monitoring systems |
List of metrics for analysis
Comparison of collected metrics and those that still need to be collected
Quality of observation of failures response
|Operation||Operating conditions and how they comply with standards |
Physical and other depreciation
Examples of Orbitsoft audit projects
An advertising agency from Berlin, which works in the European market
Owner of a Russian service
- 02Problems or tasks
System scalability is very expensive
The system is not working at full capacity
The owner was planning to sell the business.
Potential buyers asked to show the results of an IT platform security audit of the service
The report must be from an independent expert
We found problems in the statistics processing and ads display
We identified bottlenecks in requests processing that took too long to complete and led to memory leaks
We offered algorithms and ready-made libraries for problems solving
We found a system vulnerability and suggested solutions on how to eliminate it
We provided the results of load testing and a report on system’s fault tolerance check