The 7-Step Technology Audit

Column: The Bleeding Edge

 Exclusive Online Content - August 2011

As technology is increasingly woven into the fabric of business management and operations, it becomes more necessary to evaluate technology utilization and prepare for management an assessment of the threats and opportunities available.

In the area of threats, there is the risk involved in an inadequate backup and document archiving system. Weak policies regarding employee use of company computers can leave the network vulnerable to viruses. Unauthorized use of software — especially unauthorized software installed by employees — could subject the company to thousands or even millions of dollars in fines for copyright infringement. And these are just the obvious threats.

Opportunities also abound, in reducing software licensing costs. In replacing expensive laptops with tablets or netbook computers. In consolidating printing operations. In productivity gains through additional training.

So what comprises a technology audit? There are seven basic steps:

1. Conduct a security sweep of the network and every device attached to it. Check for malware and bots. Confirm that security software is installed and functioning properly. Evaluate the firewall system. Also, check the physical security to ensure that the system cannot be compromised from the outside, and that servers are properly mounted, cooled and redundantly powered.
2.  Audit the software in use by the company. Every piece of software. Check purchase receipts, licensing agreements and the version(s) in use versus the current version of the software. Remove personal software that does not have a business purpose at each workstation. If the software is no longer in production, check alternatives to recommend. Survey for additional software that may be needed, and evaluate the alternatives for management to consider. Why is it necessary to use the most current version of each software package? Because of security vulnerabilities.
3. Audit the hardware in use by the company. Make sure that technology is being used appropriately for each task. For example, in one large corporation, it took thousands of dollars in time and materials to prepare materials for each Board of Directors meeting. A one-time investment in tablet PCs for each Board Member eliminated more than 90 percent of these costs. Especially, check to ensure that the choices of computers are standardized on non-proprietary platforms to reduce costs, and that hardware selection is made on the basis of financial sense and ease of use, not simply on the personal preferences of the IT department. Also, log every piece of equipment, its location, model number, serial number, person responsible for the hardware, purchase date and a copy of the receipt. This will reduce theft issues, and can assist in replacement of the oldest and most obsolete hardware.
4. Audit the backup systems. The major culprits here are the total lack of a backup system or the use of obsolete tape systems. The criteria are that backups should be stored in a remote location (in case of tornado, fire or flood), that they provide for automatic verification of the backup, and that the retrieval and restore operations are uncomplicated. The best bet? Local backups (raid or external storage system), with a secondary backup at a storage facility or in the Cloud.
5. Audit the document management system. This is the simplest cost-savings opportunity for any company, but it can be complicated. It may require a change in email systems, a change in document management software and hardware, and even a change in company procedures. Some departments will be more resistant to use of electronic systems because they have traditionally been paper-document driven — the legal department and procurement are examples.
6. Conduct a printer audit. For most companies, printers are a financial black hole. Printers are purchased with little justification. Models and brands proliferate. No one tracks the cost of printer cartridges. Each department stocks its own replacement cartridges. It is a mess, and it is costly. Look for ways to consolidate printer types. Assess whether the company is paying the lowest amount for cartridges. If you want deeper information on the printer audit, I have written and blogged about it in this publication over the past few years.
7. Ensure the company has a strategic technology plan. The cost of hardware and software is so integral to the corporate bottom line that it cannot be allowed to happen haphazardly. There should be a five-year strategic plan, and that plan should flow into annual tactical plans. The plan should be written, and shared with department heads and senior management.