Every year, as an IT professional, I have to do an IT audit on my own systems, and these audits are very similar to those I carry out on a regular basis for customers. They’re not very interesting, but nevertheless they are an important part of keeping a system running as smoothly as possible. Not only do you have a complete record of everything, but you also are generating a “user manual” that will help others solve problems if there are any issues. Here are a few tips on creating your own IT audit checklist. You can use your audit later on for troubleshooting.
1 – Cataloging Equipment
This might sound tedious, but it’s really important to know about every item you have in your inventory. When something goes wrong you will have information at your very fingertips that will help to get it replaced or repaired. Along with serial numbers, model numbers and a description, you should also note down the age of the item and when it’s warranty runs out. If you have time, also note down warranty information such as where to send it and which phone number to call should there be a problem. Sometimes if a piece of equipment fails you might need to get it replaced as quickly as possible, and by having the information to hand you can save yourself some valuable time. Also, make a note of the item’s value too.
2 – How is Your Network Comprised?
You might know exactly how your network is set up, but does anyone else? One of the purposes of an IT audit is to have an official record of exactly how a system works, just for those times when a real emergency arises, and the usual people aren’t about. Some things you might want to think about noting down are IP addresses of your main servers, printers, and any other important device that has a static IP. Locations of computer and servers also help for troubleshooting purposes. You might also want to describe in your audit how your DHCP server (Dynamic Host Configuration Protocol) is set up to lease IP addresses. What is the lease time, and what are the pool of IP addresses you’ve assigned for devices logging into the network? For more information on IP addresses and TCP/IP in general, take a look at this course from Udemy.
3 – Wireless Networks
Most companies operate a wireless network these days, and if you’re carrying out an IT audit on your system, you shouldn’t neglect to write down everything you can about your wireless configuration. For example, you might want to include such items as the number of wireless transmitters you have and where they are situated. What mode are they set to, and what type of encryption do they use? You should also include the relevant passwords needed to access the wireless network, and whether there is a “guest” mode for those who need limited access. You could also include the approximate range of your wireless network. This is especially important if your wireless network extends outside any buildings.
4 – Firewalls and Security
If you have a network with many computers connected to the Internet, then you’ll know how important it is to have a firewall in place. In your IT audit, you should write down the configuration of your firewall, including any ports or services that are open. For example, you may have opened a tunnel through your firewall to accommodate a mail server, or a VPN (virtual private network). These ports should be noted down in your IT audit for future reference. It might also be a good idea to mention any particular security plans you have in force. For example, you might allow your marketing department access to YouTube and Facebook so they can edit corporate social media sites. (Find out more about social media networking here) However, you may not want your sales and accounts departments to access these sites as they could be a distraction. If you have such a setup, this should be mentioned in your IT audit.
5 – MAC Addresses
Managing a network is a relatively simple process if you have information at your fingertips, and once of the most useful pieces of information I’ve discovered is a MAC address. You’ll probably know that a MAC address is a physical address of a network card that is very difficult to be changed (unlike an IP address). Therefore you can use MAC addresses to set up all kinds of security features around your network. Unfortunately, MAC addresses are a long series of letter and numbers (a hexadecimal number), and don’t really mean anything on their own. So it’s a good idea to keep a record of MAC addresses, along with the name of the computer that they coincide with. You won’t believe how invaluable this information can be, not only for security, but also for troubleshooting purposes. So during your IT audit, if you haven’t already got a list of all your MAC addresses, take the time to note them down. This blog entry tells you about other things you can do with a MAC address, and how to find them on your device.
Servers deserve a special mention in any IT audit, because they are literally the backbone of any computer system. What servers do you have? Where are they located? And most importantly, what do they do? Many servers operate as a backup to other servers, so if you have this kind of setup you should perhaps mention what happens when one particular server stops working. Does another server pickup the slack? An example of this is a domain server, this will generally control your network’s domain, but you can also have any number of domain servers that will do the same job if your primary server is down. The same goes for mail servers (exchange). Make a note of all the servers and their primary and secondary roles. What equipment do they have? What are their data capacities? Do they operate RAID controllers and multiple drives? Put down anything you think is relevant.
7 – Software
Finally – one thing you mustn’t forget in your IT audit is the software on your system. This must include every piece of software and the license codes. It might also be a good idea to keep a record of version numbers in case you need them. I’ve found this to be a particularly good idea to keep track of which computers need their software to be upgraded. Make a note of every computer, and the operating system it’s running. Include the service pack version too if you can. Also keep a note of every piece of commercial software that’s on that computer. Don’t forget your servers too, you’ll need to keep those up to date as well. This is particularly important if you run per-seat licenses that are managed from a central server. Lastly, if you have any services that run “in the cloud”, your audit should mention licenses and login details for these too. Cloud and virtual computing is of course a whole different topic, you can find out more about it here.
So there you have it – a very brief idea of what an IT audit should contain. The basic rule of thumb here is to add as much detail as you can. I’ve found with all sizes of computer systems, whether they are small with one or two workstations, or large with many hundreds of terminals, the more information you have the better. It saves you time, and consequently it saves you money too. Find out more about this at Udemy with some excellent courses on networks and network engineering.