Understand the Digital Audit in 5 steps

Understand the Digital Audit in 5 steps
The advantage with an audit is that they try to reveal issues that are not seen or that are managed one way or another during the day to day life of the company. In fact, in many cases the company is performing like this and an audit might seem unnecessary.

This simple fact that the weaknesses are manageable, and indeed managed, might induce inertia. But eventually the company will grow and issues will multiply, implying time losses too important or even worth, a major system failure.

An intervention will now become necessary : the urgency of the will increase the cost and might produce an unstable temporary solution. It will now be obvious that an audit is now necessary.

A digital Audit is about viewing you company as a whole, creating as many automation as possible, with a solid and safe system that you can rely on and value. This includes adopting good practices to keep a coherent system through time implying that any change will be easier to implement because of a stronger structure.

Step 1 : When should do a digital audit ?

At some point the question of the necessity of making an audit might arise. At this you might wonder when is the best timing to do so. If an early audit will allow you teams to get used to the best practices with a good and solid system, the work inherent to this decision will probably make you wait for the most strategic moment to do so.

There are few key moments when doing an audit will make a real difference. Choosing the right moment will be the cornerstone for the good evolution and stability of the company.

We can identify 5 key moments to do so :

  1.  It usually make sense to have a digital audit when your company has already few years of existence, typically when you have some legacy systems that may run down your process efficiency.
  2.  It will also be strategic to do a digital audit when you want to add uniformity between your different structures. If you have few offices across different countries and you would like to align them in a more efficient way.
  3.  Another key moment will be when you think you may have gaps in your security or when your IT department is not aligned with your strategy.
  4.  You may also want to do a digital audit if you intend to sell or acquire a company or if your clients requires it.
  5.  A good moment to choose to start an audit will be when you intend to make a major change inside the company. At this point the stability and coherence of the company will be at risk and it’s reliability might make the difference.

Step 2 : Understand the Digital Audit

What is the difference between an audit and a study ?

Your might wonder what is the difference between a Study and an Audit and which one is adapted to your needs if any.

You might say that the main difference is a matter of scale. When the study A study is specific to a particular piece of digital solution, an audit is more general and will focus on key aspect like security, infrastructure, process, software development, it organisation etc…

The study is more oriented, in a specific direction, for example if you know you will have to acquire a CRM, a study would help to understand your detailed requirement, compare solutions in the market and see how they would integrate in your company digital ecosystem.
Digital audit scope

What is done during a digital audit :

To better the audit we can divide the process in 3 main steps.

First it is important to (1) understand the company at it’s current state, with is infrastructure, it’s orientations and the field where it evolves. With a good understanding of the structure, it is now possible to (2) work on the Audit itself to identify key points to strengthen, harmonize and improve the structure. Finally (3) your company will be provided with relevant documents with detailed recommendations to implement with a scale of urgency.

Step 3 : The Audit in Details

Let’s have a deeper look to this different steps :

Understand : State of the art

The first step when an audit is done properly is to understand the company at it’s actual state. If that might seem obvious, this part is crucial as it will provide a global perspective of the company.

The bigger the company is the more layers there is and the more complex the system will be. Getting a global view of the actual state of the company means understanding :

  • The architecture of the company
  • The dependencies of the company (Consulting, Subcontractor, IT individual, Software, …)
  • The evaluation process
  • The implementation and testing procedure
  • The state of the company in terms of :
    • Digitization
    • Security
    • Network
    • Backups
    • Hardware

Then it is important to understand the orientations, needs and short to long term choices made by the company. In some cases this will help to anticipate the evolution of the company and provide more accurate recommendations, it will also orientate choices when different solutions will be available for the same issue.

Apprehend the company on its own is not relevant if the field in which it evolves is not understood as well. Because no company is completely independent, the frame must be considered when the audit is made. This mean understanding the legislation and standards to which it has to comply.

Step 4 : What Is Aimed

What goal to achieve?

The audit will provide an health assessment of the company at a specific time.

With this knowledge it will give you the opportunity identify the less costly but most effective measure to be taken.

The audit will be able to show the most urgent but also easy measure to be taken at first. This means that solutions will be classified regarding many criterium to help the company prioritize the ones it should implement first.

The kind of criterium can be :

  • The risk if the measure is not taken or implemented later on
  • The cost of implementation
  • The difficulty to implement
  • The necessity
  • The return on investment

The Audit will grant your company an overview of it’s health from a global and external perspective and should help you to take the most appropriate decisions.

It will also ensure you that the data is safe, reliable and untampered.

Last but not least, the audit will give your company the best practices to get the most out of your IT structure.

Step 5 : What you get and what you pay

What you get

Now that you know what are the goals targeted by the audit you might wonder what you are going to concretely get when the work is done.

There are few deliverable that you should get to help you do the best choices with a smooth implementation.

We can distinguish 6 mains deliverable :

  1. A digital audit scoring by category to get an efficient overview of the global state of your company digitally speaking.
    Digital audit deliverables
  2. A risk list by category (Security – Infrastructure – Team – Process – Software). This will allow you to apprehend if your company faces potential security breach and the urgency to take measure accordingly.
  3. Along with the IT organization goes the Infrastructure diagrams. This diagram will show you your IT hardware infrastructure, including the servers, firewall, networking devices, inter-company connections, broadband, AD domains, GPOs etc…
  4. IT Organization diagram. This diagram is a good way to have a better understanding of the architecture of your company from an IT perspective. This will help you identify inconsistencies that could arise in the future.
  5. A corrective action list with estimated cost and time. This list will help you anticipate the work that will need to be done. It will also help you budget and prioritize.
  6. Workflow diagram across systems. This diagram will help you see if there are gap in your process, if some flow could be digitized (for example add a portal for client to fill info rather than send them a form to fill and type in their reply in your ERP. Also helps to review if some integration could be missing.
  7. A digital audit scoring by category to get an efficient overview of the global state of your company digitally speaking.

Confidentiality :

As an audit implies to dive deeply into the company it goes without saying that anonymity is a key element during the whole process.

Any information gathered during the audit is solely used to create the audit itself and to help for the implementation of those measures. Any information will be confined into this scope. No information will be used, sell or shared with a third-party.

Cost & ROI

Evaluating the cost of an audit is can be complex because many variables will impact it. This price will closely relate on

  • On the structure itself. For instance multi country will be much harder to understand and to analyses than a single office.
  • On the complexity of the application you are looking to implement. For example a simple CRM, a complex ERP or custom made application.
  • On the size of the company and the type of business. It is often the case that a factory will require more time than a trading office.

For those reasons giving a fixed price or even a range of prices would be irrelevant and misleading.

What is important to understand is that an audit has no point if it is not followed by measures and implementation to fix and adapt the company. This measure will rely on the recommendation made by the audit. It is the whole point of the audit to be a facilitator for implementation, therefore the return on investment should be considered after this second process.

The Audit is suppose to make sense on the long run, reducing risks, improving automation, providing exploitable data and so on. It’s whole purpose is to make your company more coherent and more fluent, reducing costs (automation, data…) or avoiding them (security failure…). This is why it is important to underline that even if the initial cost might not induce direct profit, the final goal is a good return on investment.

To reduce those costs, some companies like Sagit Solutions will propose to refund the full cost of the audit of the company choose them to do the implementation.

That way the company hiring is not paying for the audit but also wins a lot of time because doing the audit implies a profound understanding of the company. As in many cases the cost of the implementation is closely (if not only) related to the time spent, this can be a strategic choice to do.

To conclude about the Digital Audit

The Audit will help you better understand your own company, it will give you an overview of its strength and weaknesses while providing you the keys to get the best of it. It is a road map to help you think the long term and take the decisions and orientations that suits your actual state.

The audit should not be taken lightly as you will then have to take measures to implement the changes recommended. While you will not have to implement all these changes, doing an audit without using the advice is a waste of money. This is because a company is always in motion, evolving and changing all the time, therefore those recommendations might not be relevant one year later.

Investing in an audit is the first step to reliability, and consequently, to perennity.