The 7-Step Technology Audit

Column: The Bleeding Edge

 Exclusive Online Content - August 2011

As technology is increasingly woven into the fabric of business management and operations, it becomes more necessary to evaluate technology utilization and prepare for management an assessment of the threats and opportunities available.

In the area of threats, there is the risk involved in an inadequate backup and document archiving system. Weak policies regarding employee use of company computers can leave the network vulnerable to viruses. Unauthorized use of software — especially unauthorized software installed by employees — could subject the company to thousands or even millions of dollars in fines for copyright infringement. And these are just the obvious threats.

Opportunities also abound, in reducing software licensing costs. In replacing expensive laptops with tablets or netbook computers. In consolidating printing operations. In productivity gains through additional training.

So what comprises a technology audit? There are seven basic steps:

  1. Conduct a security sweep of the network and every device attached to it. Check for malware and bots. Confirm that security software is installed and functioning properly. Evaluate the firewall system. Also, check the physical security to ensure that the system cannot be compromised from the outside, and that servers are properly mounted, cooled and redundantly powered.
  2.  Audit the software in use by the company. Every piece of software. Check purchase receipts, licensing agreements and the version(s) in use versus the current version of the software. Remove personal software that does not have a business purpose at each workstation. If the software is no longer in production, check alternatives to recommend. Survey for additional software that may be needed, and evaluate the alternatives for management to consider. Why is it necessary to use the most current version of each software package? Because of security vulnerabilities.
  3. Audit the hardware in use by the company. Make sure that technology is being used appropriately for each task. For example, in one large corporation, it took thousands of dollars in time and materials to prepare materials for each Board of Directors meeting. A one-time investment in tablet PCs for each Board Member eliminated more than 90 percent of these costs. Especially, check to ensure that the choices of computers are standardized on non-proprietary platforms to reduce costs, and that hardware selection is made on the basis of financial sense and ease of use, not simply on the personal preferences of the IT department. Also, log every piece of equipment, its location, model number, serial number, person responsible for the hardware, purchase date and a copy of the receipt. This will reduce theft issues, and can assist in replacement of the oldest and most obsolete hardware.
  4. Audit the backup systems. The major culprits here are the total lack of a backup system or the use of obsolete tape systems. The criteria are that backups should be stored in a remote location (in case of tornado, fire or flood), that they provide for automatic verification of the backup, and that the retrieval and restore operations are uncomplicated. The best bet? Local backups (raid or external storage system), with a secondary backup at a storage facility or in the Cloud.
  5. Audit the document management system. This is the simplest cost-savings opportunity for any company, but it can be complicated. It may require a change in email systems, a change in document management software and hardware, and even a change in company procedures. Some departments will be more resistant to use of electronic systems because they have traditionally been paper-document driven — the legal department and procurement are examples.
  6. Conduct a printer audit. For most companies, printers are a financial black hole. Printers are purchased with little justification. Models and brands proliferate. No one tracks the cost of printer cartridges. Each department stocks its own replacement cartridges. It is a mess, and it is costly. Look for ways to consolidate printer types. Assess whether the company is paying the lowest amount for cartridges. If you want deeper information on the printer audit, I have written and blogged about it in this publication over the past few years.
  7. Ensure the company has a strategic technology plan. The cost of hardware and software is so integral to the corporate bottom line that it cannot be allowed to happen haphazardly. There should be a five-year strategic plan, and that plan should flow into annual tactical plans. The plan should be written, and shared with department heads and senior management.

This has been a brief — very brief — overview of a technology audit. As for learning how to conduct the audit, the easiest way is to conduct one on your own accounting firm. Just don’t be surprised to learn that your own company isn’t in as good a shape as you thought.

-- Reality Check --

Internet Site of the Month:

The Accountants & Auditors page at: http://www.bls.gov/oco/ocos001.htm.

This summary from the U.S. Bureau of Labor and Statistics makes for a fun read, but also has some interesting information for the firm’s strategic plan, including average salary information and hiring trends.

-- Dave's Hit's & Misses --

Symantec. I have stayed away from Symantec for the past few years, while they largely abandoned the small user in the quest for mega-corporate accounts. And while their software became increasingly bloated, slowing or blocking a host of other programs. But I am happy to announce that the current version addresses this problem, bringing the Norton Internet Security suite back to the forefront for personal and small business computers.

Scareware on the Mac. For decades, Mac computers have enjoyed a blissful existence outside of the mainstream. With a market share that has never really topped 13%, the Mac simply wasn’t prevalent enough for hackers and scammers to attack it. But with the growing visibility of the company and its iPad/iPhone products, that is changing. The latest assault is with scareware, the “you may have a virus and need to pay us to scan your operating system” scam that has plagued the PC world for years. Even the Mac isn’t safe anymore…

USB 3.0. It’s the newest, hottest flavor of the Universal Serial Bus, but it is slow in catching on. Though it has been in the marketplace for a year and a half now, neither manufacturers nor consumers seem particularly interested in making USB devices faster. What may trigger some movement in the area are the power reductions available, which could permit more USB devices to be used simultaneously.

eBooks. At the New York Book Fair, one of the publishing industry’s biggest tradeshows, the news was all about electronic publishing. As well it should have been, now that sales of eBooks outpace sales of the paper-bound counterparts. Don’t want to spend the bucks for a reader? Amazon.com, for one, has a free PC version of its Kindle reader software.

“Unlimited” Data Plans. Calling a data plan for a cell phone “unlimited” is a ruse that for once has me wishing the federal government would interject itself into the marketplace. While the three biggest cellular services finally abandoned this outright fraud, many of the smaller cellular vendors are still making the “unlimited” claim. The catch? Use more data than they want to pay for, and they will simply close your account. Where is the Federal trade Commission when you need them?

"Reality Check" is a compendium of ideas, products, rants and raves from the viewpoint of the author. Feel free to disagree, or to share your ideas by sending them to dave.mcclure@cpapracticeadvisor.com.

 

Loading