Understanding the Organization and its Environment
CCS’s understanding of the organization it is auditing is imperative for assessing the company’s potential risk and for determining the scope of the audit. CCS’s understanding should include information on the nature of the company, management, governance, business objectives, and business processes.
Business Needs Definition
CCS’s audit team will conduct meetings with the client’s key management to identify business needs and expectations as they relate to the company’s IT systems. From the information gathered in this meeting CCS’s audit team will fully understand what the client’s management expects from its information systems and will later be able to compare those expectations to what the systems in place can actually deliver. This is a key task as all following technical work will refer back to this session to ensure that IT is in-line with management’s stated objectives.
The nature of the audit (i.e. hardware, software or security) will determine the focus of the detailed review of an organisation’s IT systems. However, regardless of the type of audit the review will tie back to the management objectives from the business needs definition. CCS will take a risk-based approach to the audit that will enable CCS to execute an audit which will consider all potential weaknesses and/or absence of controls and determine whether this may lead to a significant deficiency, or material risk to CCS’s client.
After evaluating the results of an audit CCS consultants will provide the customer with recommended changes to their IT systems that have been identified as “Immediate Action Required”. The items will be areas where the audit has illuminated areas that present significant deficiency or material risk, based on the business needs definition. CCS will also provide a “Suggested Actions List”. This list will include actions that may not present an immediate risk to the organization, but could present risks in the future, or don’t meet best practices and should be corrected.
Documentation will be ongoing through the entire audit process. Once systems are all in a position where they are ‘meeting the defined business needs’ and are configured and operating in line with ‘IT best practices’, the system will be properly documented in a detailed manner. Additionally, a management report outlining all the findings will be compiled and presented to the customer.
CCS hardware audits focus on the networking, telephony, server and storage infrastructure within an organization as they are all critical to most organization’s business. The goal is to confirm that none of the infrastructure has been deemed end of life (EOL), or end of support (EOS) by the manufacturer and that the firmware is up-to-date on all hardware components. CCS will also confirm whether or not any hardware has a valid vendor support contract associated with it. While they are not usually considered critical systems, hardware can be expanded to include workstation and peripherals in addition to the company’s core equipment. This service is included on a semi-annual basis to CCS premier-level Tech Care customer as part of their annual maintenance agreement.
CCS software audits are designed primarily to help companies get a handle on the software licenses they own and how they are being used within their organization. During a software audit CCS consultants audit the software types within an organization, the release of software being utilised, the quantities owned and any upgrade entitlements the company may take advantage of. As with hardware audits, CCS will also verify that the software is up-to-date and getting updated regularly, as well as confirming the software solution being utilized is associated with a valid support contract.
Most security solutions include both hardware and software components. CCS’s security audits include all of the activities from our hardware and software audits. With security audits CCS consultants focus on architecture and the strength of the IT security solutions protecting the organization.