IT AUDIT OF PHYSICAL ASSETS

 

Physical Walkaround Audit Experience

Physical Walkaround Audit Experience


CRC Ltd have been conducting IT asset audits for 11 years and in that time have amassed a considerable wealth of information  and experience that is used to assist client companies in constructing their inventory data bases. The leading driver has been for license compliancy, but we are now finding that due diligence on outsourcing, mergers and acquisitions is also becoming a major factor in the need for a physical audit.

Further the ability to accurately negotiate maintenance contracts requires an up to date asset registry, and at the same time benefits the client company by producing a baseline audit.

CRC has found that there is a growing requirement to charge back to the internal business departments, the cost of the IT supplied to those departments and this also requires a manual audit trail. Lastly there is a growing requirement for Compliancy officers in a company to be able to show that more than one method of audit is being used to ensure that the company correctly knows the full IT estate, and the licensing requirements that go with it.


Discrepancies in IT Audit Figures

The reasons why for discrepancies in IT Audit figures are many and varied.  The difficulties that companies find that they have in running their change control systems are always a major factor. To ensure that change control is effectively and continuously practiced particularly in large organisations often takes more resource and time that many are prepared to commit. Without a true change control system, the asset data base very quickly becomes out of date.  Secondly the purchasing of IT assets may be in the hands of more than one department, leading to both inefficiencies and lack of co-ordination in keeping an up to date asset register.

Discrepancies in IT Audit Figures

 This is particularly the case where a company might grow by merger or acquisition, and where the purchase and procurement offices are not quickly combined. Further not all assets are on the networks, which mean that even the most advanced asset audit software cannot locate all the equipment.  This is the same problem encountered with store rooms containing either old equipment ready for disposal or new replacement equipment ready for allocation to the network. CRC has come across equipment ready for disposal that has been stored for more than two years because it was not registered in the data base and had in effect, been forgotten.

The Benefits of a Physical Walkaround IT Audit

As well as the simple construction of a baseline audit there are many other benefits that can be gained whilst a physical audit is undertaken. The audit can be a time when a new asset tag can be applied, perhaps with a bar code to aid change control operations by the use of laser scanners. FTI tags can also be added. New computer names / machine names can be applied to PC’s and it can also be a time when a modern software audit program can be run and checked on servers and PC’s. Screen sizes and the CRT / TFT attributes can be noted, external drives and printers recorded, user details entered, phone numbers checked, business departments allocated, floor port numbers found and much else. It is also a time when the client company can add value to the audit by including mobile phones, blackberries, and 3G cards.

Minimal Disruption

Many companies worry that a physical audit of their IT estate will bring major disruption to the business, and that the upset will be too great compared with the benefits.

 

CRC’s long experience means that we can now quickly and efficiently complete the largest of physical audits with the client being almost unaware that it has taken place. Careful planning by our project managers with the client company is an essential pre requisite, but given that planning little or no interference with the day to day activities is ever experienced.

Minimal Disruption

CRC has developed a software program for use on its PDA’s which includes a laser reader to ensure speedy and efficient reading and reporting on all the information required in the minimum of time and thus reducing the period that the asset is required for auditing.

Final reports can be in any format required by the client, and can be integrated with all major support / help desk programs as required. Further CRC has developed its own advanced software program, DataView, that allows multiple data streams to be compared and contrasted in a way not previously possible. In this respect, CRC are considerable ahead of the market in being able to furnish client companies the ability to handle data in a manner not previously available.

IT ASSET VISIBILITY

It is CRC’s experience that many companies struggle to track and record the movements of their IT assets. As a result, it is rare to find a company that will have a database that is accurate to within 10% of the estimated size of the IT estate.

Physical Walkaround Audit of IT Assets

As an example, a large public company involved in a hostile takeover estimated the total combined IT assets of the merged company at some 17,500 PC’s. However at the end of an eight week manual audit CRC had located and recorded close to 21,000 PC’s.


Physical Walkaround Audit of IT Assets


At the other end of the spectrum, a City Law Firm had an estimated 300 PC’s whilst CRC actually located 329.

We find some interesting comms room cabinets

We find some interesting comms room cabinets!

 

“Every organization can realize between 5% and 35% through the implementation of focused software asset practices”

Gartner