Almost every IT system deployment or upgrade project starts with the audit of existing infrastructure, systems and operations. Audit of existing IT systems can be also performed on a regular basis to evaluate the current state of the systems.
The goal is to determine the "as is" state and to develop a solid road map to achieve the "to be" state that would be beneficial for the business. Subjects of the audit from IT and business perspective are defined by the project goals and may vary. For example, you would need to examine the infrastructure components and their relationships before you deploy or upgrade an infrastructure solution, while business application deployment would require an evaluation of business processes and regulations. Risk and threat analysis is an integral part of the new system or information security management tool deployment.
You can examine company’s hardware and software components individually or in bulk. In any case, there are several steps you have to take to collect relevant data and be able to analyze them:
The standard results of the audit process are: