How often should your business run an IT audit?

IT audit

An IT audit assesses the robustness and effectiveness of an organisation’s IT infrastructure and operations. It aims to provide assurance that your organisation’s external systems are protected and that your internal systems have no significant weaknesses, are working efficiently and are secure.

This is not a tick box exercise, but rather a practical assessment of the IT function at the centre of your business. With cyber threats continuing to rise, a business’s assets and reputation are at an increased risk. This makes a regular IT audit a necessity, as well as a legal requirement, for many businesses.

What does SDT’s IT audit entail?

Our IT audit will provide you with a comprehensive assessment of your business’s IT infrastructure. We will outline with you the scope of the audit and discuss any particular focus you may need. This ensures that the IT audit is a worthwhile and targeted exercise that provides you with any remedial changes necessary to make sure your business’s technology is secure and running efficiently.

Here’s what our IT audit involves:

External penetration testing:

  • We undertake external penetration testing and attempt to seek vulnerabilities of your internal Systems from the outside world and use tools that hackers would use to exploit these weaknesses such as web and SQL servers
  • We also assess the operating systems of those servers to establish if they are patched to the right levels
  • We then see what is visible behind the firewall and check if it’s secure to an acceptable standard

Internal testing:

  • We run a vulnerability test of your internal systems, hardware and software to check if they are patched to the correct levels and running the most up to date versions
  • Our assessment tools will check your network for any sensitive data saved on your system, such as passwords or card numbers
  • We then make a risk assessment of your potential liability if these vulnerabilities we to be attacked

You may also be interested in: 5 reasons to choose an outsourced IT managed service

Read More


  • We will check your business’s servers to see if they are set up correctly, up to date, have enough RAM available, if the drivers are up to date, and establish if best practice has been followed for the vendor (such as Microsoft)
  • We will check the storage capacity and, if appropriate, provide you with alternative storage options and structures for better sustainability and recovery time
  • We will also look at the likely business impact if your servers were to fail, such as their resilience, if they are backed up and the recovery timeline

Employee feedback

  • We will also audit the feedback from your staff on their experience with the incumbent IT support and any issues that they have faced with the business’s IT systems
  • This may involve an assessment of department specific applications to ascertain if they are working well
  • This exercise is also useful in finding out any poor habits staff may have, such as saving files locally rather than on the network, and why this is happening

IT audit report

From these tests, we will produce a comprehensive report that will explain any risks, issues and vulnerabilities found and remedial and risk management solutions.

We understand that work on resolving these issues needs to be budgeted for, which is why we will recommend a phased approach that prioritises vulnerable aspects first.

Ultimately, the aim of our IT audit is to find out if your IT systems are supporting your business by running reliably, efficiently, cost-effectively and with mitigated risk.

How often should an IT audit be run?

At the very least, organisations should have an IT audit conducted once a year. However, for larger organisations or those with a complex IT infrastructure, audits may need to be carried out on a more regular basis.

If an organisation makes significant changes to their operations, it is best practice to perform an audit on its systems to assess any new risks.

Find out more

If you would like to speak to us about an IT audit for your organisation, please contact Andrew Wayman at or call our office on +44 (0)1344 870062.