KORADO requested the implementation of an external IT audit, i.e. a critical evaluation of the IT center's activities, an assessment of compliance with "Best Practice" and answers to key questions in the areas of:
- IT management
- Security policy
- Application architecture
- SW tools
- Finance and asset management in IT
- Economic efficiency of IT
The requirement of the audit was to analyze the individual divisions of the company and find out whether they are in line with the main goals, business strategy and overall development of the company. An integral part was the analysis of internal platforms of operating systems with regard to their further development and evaluation of the benefits of individual SW tools. The goal was to find out what benefit they bring to the company, how they are used and whether the currently used SW tools are sufficient for the needs of the company's further development according to its strategy.
Objectives of an external IT audit
- analyze the current state of the IT department's services, infrastructure, people, roles, documentation and processes
- comparison of compliance of the IT department with the company's business plan and goals
- comparing the compliance of cyber security with the company's business plan and goals
- assess whether applications and information systems are used effectively and whether the applications used are optimal for achieving the company's business goals
- assess guidelines for the functioning of the IT department, cyber security and business continuity
- improve and further digitize the future functioning of IT departments with an emphasis on security and resilience against outages or attacks on the IT infrastructure
- analyze the security of operational technologies such as production control systems, sensors or hand-held scanners and propose improvements and digitization possibilities
- identify and describe areas that would need to be analyzed as they were not included in the project or would need deeper analysis
Strategic design of solutions for optimizing the operation of the IT department
As part of this project, the client received an overview analysis of the current state of IT focused on employees, infrastructure (software and hardware), services, processes, documentation and finances. The client received a strategic proposal of the measures necessary for the optimal operation of the IT department and their justification for each of the above-mentioned areas. Part of the analysis was an evaluation of the security policy, including a risk analysis for the needs of the insurance company.
Evaluation of the project by Korado
We value the practical and highly professional cooperation with Principal engineering as beneficial. The final report from the audit of IT activities and the presentation of the results to the top management of KORADO, a.s. were created in accordance with the objectives of the audit and provided answers to all essential questions important for the smooth running of the company. The cooperation of both parties continues in the elimination of identified discrepancies and the implementation of recommendations for the gradual improvement of IT processes.
Evaluation of the project by PRINCIPAL
Based on an expert view of the functioning of the IT department, KORADO, a.s. obtained the necessary documents for its optimization. The client was assured that nothing significant was found during the audit that could threaten the future development or functioning of the company. With the use of new technologies, the client will be able to use documents to increase competitiveness, to optimize existing infrastructure, processes and human resources. The obtained documentation will also be used for negotiations with the insurance company and may lead to a reduction in payments for cyber risk insurance.