IT Audit Worksheet

Business Name and address
1. Size Evaluation
How many employees are there?
How many laptops?
Desktops?
Servers?
o
SBS _____
o
Windows NT ____
o
Windows 200x ____
Shared Network Devices:
Network Hard Drives
Shared Printers/ Multi Function Machines
_______________
_______________
_______________
_______________
_______________
_______________
Notes:
___________________________________________________________________________________________
2. Network Evaluation
Is there a network in place today?

(Y / N)
o
( Peer-to-Peer / Client-Server )
Novell, Windows NT or Windows 200x
Other ____________________________
Network Topology ( Ethernet / Token Ring / Other )

o
Speed (MB)
10
10/100
1000MB
o
Switched or Shared
Number of Switches
__________
Number of Hubs
_________
o
Wireless
Encrypted?
EAP-TLS?
WEP?
WPA?
How many WAPs?

___________
100MB
Location
___________
What type of Data Cabling?

o
CAT3
CAT5
CAT6
Fiber
Coax
Other
Are there any wide area links?
(Y / N)
o
Where do they terminate?
o
VPN?
_______________________________________________________________________________
How many routers?
_____________
o
Make / Model
_____________
o
Who Controls
_____________
Firewall
o
Make / Model
_____________
o
Who Controls
_____________
What kind of bandwidth is being used?
Dial-Up Modem
ISDN
Frame relay
T1
T3
fT1 / fT3
Cable modem
DSL
Network Information
Firewall LAN Address: _______________________
Firewall WAN Address: ______________________
Firewall Gateway: ________________________
Firewall Policies
________________________________________________________________________________________
Router LAN Address: _______________________

Router WAN Address: ______________________
Router Gateway: ________________________
Notes:
___________________________________________________________________________________________
3. Desktop Evaluation
What are your company-wide desktop standards?

o
Hardware? __________________________________________________
_______________________________________________________________________________
o
Applications? _______________________________________________
_______________________________________________________________________________
o
Operating systems?
_______________________________________________________________________________
Are there any legacy or custom applications that are redundant or obsolete?
_____________________________________________________________________________________
Are there any orphaned applications where the provider is no longer in business or
no longer supports the product?
_____________________________________________________________________________________
How does software license compliance look? Whos in charge of maintaining and
enforcing
this?_________________________________________________________________________________
Notes:
___________________________________________________________________________________________
4. Policy & Existing Vendor Evaluation
Do you have a written policy on acceptable use of IT resources such as the LAN, email and Web browsing?
Are there any EDI or similar relationships with clients or suppliers?

_____________________________________________________________________________________
What kind of documentation exists?

o
Technical?
o
End user?
o
Is it adequate?
o
Is it up to date?
o
Is a hard copy kept off site?
Notes:
___________________________________________________________________________________________
Do you currently have any hosted services or applications that managed by 3rd
party vendors? Please provide any credentials associated with any such vendors or
applications.
YES NO
Notes:
___________________________________________________________________________________________
5. Network Services / Server Evaluation
Does your company have basic file sharing?

o
Is it secure?
Printer sharing?
What about modem sharing or network-based faxing?
Is there a contact management or groupware application?
Does anyone have access to network resources while traveling? While working
from home? Which software applications?
_____________________________________________________________________________________
What applications do you not have that you would like?

_____________________________________________________________________________________
Server IP(s): ______________________
Server Hostname(s): _____________________
Terminal Services enabled: Y / N
Server Roles: ___________________________
Notes:
___________________________________________________________________________________________
6. Security Evaluation
What kind of confidential data does your company deal with?

Social security numbers?
Credit card numbers?
Proprietary research and development?
Client lists?
Payroll?
Is any sensitive data being kept locally on desktops, notebooks or PDAs?

Describe.
_____________________________________________________________________________________
Does everyone have his or her own logon account and password or is there just one
shared password? ___________________________________________
Are servers physically secured? ____________________________________

o
Who has access?
______________________________________

How often are passwords changed?
________________________________
What kinds of policies are in place to strengthen passwords?

_____________________________________________________________________________________
Is encryption used for any applications? Describe.

_____________________________________________________________________________________
Is there a formal disaster recovery plan? (Y / N)

o
How often is it tested?
___________________________________
o
Revised?
___________________________________
o
Whos in charge?
___________________________________
o
Wheres the hot site?
___________________________________
Notes:
___________________________________________________________________________________________
7. Data Protection Evaluation

Power Protection
Where are Uninterruptible Power Supplies (UPSs) being used?

_____________________________________________________________________________________
o
Are data-grade surge suppressors being used on all other devices? (Y / N)
How much battery backup run-time is available for critical systems? __________
Is UPS monitoring software utilized? ( Y / N )

o
What about e-mail alerts?
(Y/N)
When was the last time UPS units were tested for automated shutdown?
__________________________________________________________________
Notes:
___________________________________________________________________________________________
Backups
How often are full system tape backups run?

_____________________________________________________________________________________

How many sets of tapes are maintained?
_____________________________________________________________________________________
How often are tapes rotated off site?

__________________________________________________________________
When was the last time the tape backup restore capability was tested at the file
level?
_____________________________________________________________________________________
At the volume or server recovery level?

_____________________________________________________________________________________
Are verifies done daily? ( Y / N )
Are tape backups launched manually or on a preset, automated schedule?

_____________________________________________________________________________________
How is data on workstations protected?

_____________________________________________________________________________________
What about data on notebooks and PDAs?

_____________________________________________________________________________________
Notes:
___________________________________________________________________________________________
AntiVirus
What kind of antivirus software is in place?

__________________________________________________________________
How often is the engine updated? ______________________________________
What about the definition files? _______________________________________
Are the updates automated or done manually? ____________________________
Are both servers and workstations protected? ____________________________
Are the Web, proxy and e-mail servers protected? ________________________
Are users trained on protecting against virus infections? ____________________
Notes:
___________________________________________________________________________________________
8. Email & Web Presence Evaluation
Domain Names & Website
Does your company have a domain name?
Web site?
How is the Web site maintained?
Is it a static or database-driven site?
What kinds of Internet Service Provider (ISP) relationships are in place today for
Internet access, email and Web site hosting?
Notes:
___________________________________________________________________________________________
Email
Do you run email in-house or ISP-hosted? _______________________________

If in-house what software?
o
Exchange
o
Groupwise
o
Other
What version of the software do you use? _______________________________
Who maintains it now?

_____________________________________________________________________________________
Any current issues with email? Describe.

_____________________________________________________________________________________
What about SPAM ?
What email client do you use ?_________________________________________
Notes:
___________________________________________________________________________________________
9. Training Program Evaluation
What kind of computer training does the staff receive?

o
What topics?
o
How often?
o
Is there formal classroom training?
One-on-one?
Peer-based?
Self-study?
o
If so, how effective has the training been?
10. Asset Management Evaluation
Who determines hardware/software needs and writes up the specifications?

______________________________________________________________
How do you procure hardware and software?

_____________________________________________________________________________________
Who determines whether items shipped match the items requisitioned on purchase
orders?
Is hardware and software generally leased or purchased?

_________________________________________________________________
Are service agreements ordered at the time of purchase?

__________________________________________________________________
Whats the typical asset life cycle? How often is hardware refreshed?
_____________________________________________________________________________________
Who maintains the asset inventory?

__________________________________________________________________
11. Credentials
Please provide all credentials for the following, all credentials must be for Admin
level accounts:
Domain Server:
_________________
Exchange (Hosted or Local)Server:

_________________
Hosted Exchange: Server:

_________________
Website Host:
_________________
Offsite Data Backup:

_________________
Domain Server:
_________________
Firewall :
_________________
Domain Server:
_________________
User Name ____________ Password


IT Audit Worksheet

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IT Audit Worksheet

Uploaded by

Copyright:

Available Formats

Business Name and address

How many employees are there?

How many laptops?

Is there a network in place today?

Novell, Windows NT or Windows 200x

Network Topology ( Ethernet / Token Ring / Other )

How many WAPs?

What type of Data Cabling?

Firewall LAN Address: _______________________

Firewall WAN Address: ______________________

Firewall Gateway: ________________________

Router LAN Address: _______________________

What are your company-wide desktop standards?

4. Policy & Existing Vendor Evaluation

Are there any EDI or similar relationships with clients or suppliers?

What kind of documentation exists?

5. Network Services / Server Evaluation

Does your company have basic file sharing?

What about modem sharing or network-based faxing?

Is there a contact management or groupware application?

What applications do you not have that you would like?

What kind of confidential data does your company deal with?

Is any sensitive data being kept locally on desktops, notebooks or PDAs?

Are servers physically secured? ____________________________________

What kinds of policies are in place to strengthen passwords?

Is encryption used for any applications? Describe.

Is there a formal disaster recovery plan? (Y / N)

7. Data Protection Evaluation

Where are Uninterruptible Power Supplies (UPSs) being used?

Is UPS monitoring software utilized? ( Y / N )

How often are full system tape backups run?

How often are tapes rotated off site?

At the volume or server recovery level?

Are verifies done daily? ( Y / N )

Are tape backups launched manually or on a preset, automated schedule?

How is data on workstations protected?

What about data on notebooks and PDAs?

What kind of antivirus software is in place?

How often is the engine updated? ______________________________________

What about the definition files? _______________________________________

Are the updates automated or done manually? ____________________________

Are both servers and workstations protected? ____________________________

Are the Web, proxy and e-mail servers protected? ________________________

Are users trained on protecting against virus infections? ____________________

8. Email & Web Presence Evaluation

Domain Names & Website

Does your company have a domain name?

How is the Web site maintained?

Is it a static or database-driven site?

Do you run email in-house or ISP-hosted? _______________________________

What version of the software do you use? _______________________________

Who maintains it now?

Any current issues with email? Describe.

What about SPAM ?

What email client do you use ?_________________________________________

9. Training Program Evaluation

What kind of computer training does the staff receive?

10. Asset Management Evaluation

Who determines hardware/software needs and writes up the specifications?

How do you procure hardware and software?

Is hardware and software generally leased or purchased?

Are service agreements ordered at the time of purchase?

Who maintains the asset inventory?

Exchange (Hosted or Local)Server: