Starting FY20-21 with an IT audit is a great way for you to plan for the year ahead.
June is often the month where we do a lot of planning – goal setting, budgeting, looking at our strategies and putting together a ‘roadmap’ of sorts for the year ahead. Including an IT audit in this planning phase of the year is important for businesses and organisations because it allows you to review the strength of your business from a technology point of view. It allows you to assess whether your hardware, software, systems and processes are suitable for the year ahead, or whether you need to consider upgrading or transitioning to new tech.
In this article, we are giving you some pointers on conducting IT audits for your organisation – where to start, what to focus on and how to progress after the audit is complete.
Focus on Problems:
Although it’s easy to get side-tracked by things like blockchain technology, virtual reality customer engagement, or what kind of computers your organisation should use, this is not the purpose of an IT audit. Focusing on the solution before the problem is even properly identified can result in a total waste of resources. IT auditors should come in with clean hands and a clear mind. Identifying solutions is the purpose of an IT roadmap, which we’ll get to later.
Instead of asking what technology your team wants, ask them what is holding them back, and discuss any problems they’re encountering in their day-to-day duties. Are they able to communicate with donors and customers efficiently? How does information integrate from one piece of hardware to another? Can your team directly follow up on tasks? These are the questions that need to be asked.
Communicate with your team:
Have you hired any new staff or volunteers recently? If possible, find someone who’s fresh from another organisation, or someone who has just gone through the hurdles of learning your system. These are the people you need to be asking critical questions because they’re in a position to give you the most useful and honest answers possible. Identifying efficiency problems, security concerns and painful user experiences can become a lot more difficult when asking seasoned employees that haven’t experienced anything else. Naturally, if you’ve got an internal IT manager in your organisation, they’re an invaluable resource to source information from, too.
Types of Risks to Evaluate:
Efficiency risks are where your technology – including hardware, software, infrastructure or customer engagement tools – are potentially holding you back. If your team struggles to use your interface efficiently, if they can’t properly log and track tasks, or if they can’t communicate effectively with customers, you should be asking why. As software advances, older revisions are prone to security risks. Likewise, if you’re updating to the latest software on devices that are five years old, some performance issues are bound to arise. Efficiency risks can usually be identified by talking to your staff, as mentioned above.
Consider your network security, staff accessibility and any trending security concerns currently on the rise. Risks to assess include:
- What kind of sensitive information do you hold on donors and customers? How is this handled?
- Could an accidental data leak occur via email or a lost device?
- Are you able to detect data breaches? When was the last time you tested your security?
- What are the technical specifics of your network? Could you mitigate denial of service attack?
- What monitoring, if any, is performed on staff devices?
- Are your organisation’s password protocols sufficient? Do your staff use multi-factor authentication?
We’ve published another article on some of the potential ways to reduce downtime arising from service attacks, data breaches and poor network performance.
With every technology audit, your organisation needs to re-evaluate its compliance with existing and forecasted regulatory framework.
- Is your data security compliant with the NDB (notifiable data breach) scheme?
- Does your organisation target overseas donors? If yes, is your website GDPR compliant?
- Are you compliant with privacy legislation, e.g. Privacy Act 1988 (Cth)? Who in your team is privy to customer information?
These are all questions that should be asked as part of your technology audit. As technology advances and more data is harvested from donors and customers, there are regular legislative constraints that get imposed on commercial and not-for-profit organisations. Many of them you may not even be aware of. For example, in December last year, the Access and Assistance Bill was passed, requiring comapanies to provide access to encrypted communications if requested by the government.
If this is the first audit you’ve run in four or five years, you might have identified some serious flaws in your system that need addressing. Instead of updating a piece of software here and there, you might have identified a fatal flaw that requires a complete upgrade of your systems. In such a scenario, it’s important to consider options available on the market, how new software and hardware will integrate, as well as the timing of each of the upgrades. This is where an IT roadmap comes in. IT roadmaps allow you to plan things out ahead of time and develop a truly holistic approach to prevent cost and time overruns.
Where to From Here?
Unsure on how to even start an IT audit? That’s where we come in. humanIT have extensive experience in auditing IT systems within the not-for-profit sector and continually stay on top of new trends in the industry. We strive to improve efficiency, ease of use, data security and regulatory compliance for our clients. Once a technology audit is conducted, our team can develop an IT roadmap, take care of system upgrades and training, and even provide regular maintenance and support to keep your NFP organisation running smoothly. Start the new year right and get in touch with us to discuss any technology concerns you have with our friendly team of experts.