Audit Checklist for IT Department

Use this Audit Checklist for the IT Department to evaluate your IT processes, ensuring efficiency, security, and compliance with organizational standards.

Audit Checklist for IT Department



Anti-Virus Software

1. Is security software installed and active on all devices?


Photo Comment

2. Is security software updated regularly?


Photo Comment

3. Are patches installed and configured properly immediately after an incident?


Photo Comment
Network Firewall

1. Is the network firewall installed and active?


Photo Comment

2. Is the network firewall updated regularly?


Photo Comment

3. Is an intrusion detection and prevention system (IDS/IPS) included in the security software?


Photo Comment
Hardware

1. Do all devices have password-protected screen locks?


Photo Comment

2. Do all devices meet minimum hardware requirements for security programs to run properly?


Photo Comment

3. Are owned devices inventoried and tracked?


Photo Comment
Passwords

1. Are passwords encrypted?


Photo Comment

2. Do passwords require alphabetic, numeric, and symbolic characters?


Photo Comment

3. Must passwords be changed every 3 months?


Photo Comment

4. Do accounts lock after a set number of invalid login attempts?


Photo Comment

5. Are group passwords not permitted?


Photo Comment
Accounts

1. Are dormant accounts removed after deactivation?


Photo Comment

2. Is account information transmitted via encrypted format only?


Photo Comment

3. Are admin privileges granted on an as-needed basis?


Photo Comment
Physical Security

1. Do all company properties have locks on all windows and doors?


Photo Comment

2. Do all company properties have full security camera coverage at the office?


Photo Comment

3. Is mobile hardware locked and checked in and out for use?


Photo Comment

4. Do mobile devices have remote wipe software installed in case of theft?


Photo Comment

5. Do remote employees' home networks meet minimum security requirements?


Photo Comment
Alerts

1. Is there an alert for unauthorized system access?


Photo Comment

2. Is there an alert for unplanned system modifications?


Photo Comment

3. Is there an alert for system or physical security intrusion?


Photo Comment

4. Are alerts monitored 24/7?


Photo Comment
Employee Requirements

1. Are background checks required for system access?


Photo Comment

2. Must employees acknowledge and sign a security policy agreement before receiving access to secure systems?


Photo Comment

3. Must employees participate in annual security awareness and training?


Photo Comment
Disaster Recovery And Incident Response

1. Is the business emergency plan documented, updated regularly, and disseminated with all employees, third-party vendors, and partners?


Photo Comment

2. Do employees undergo emergency response training annually?


Photo Comment

3. Is the emergency chain of command clear, and are emergency roles well-defined?


Photo Comment
Document Disposal

1. Are all sensitive physical documents shredded when no longer needed?


Photo Comment

2. Are shredded documents stored in a locked container and disposed of professionally?


Photo Comment

3. Are all devices factory reset before changing users or being thrown out/sold/donated?


Photo Comment
Backups

1. Is critical data backed up daily?


Photo Comment

2. Are backups checked and validated regularly?


Photo Comment

3. Are files backed up in 2+ separate places?


Photo Comment
Security Protocols

1. Is documentation formalized and updated regularly and after system modifications and security events?


Photo Comment

2. Is documentation disseminated to all employees, third-party vendors, and partners?


Photo Comment
IT Logs

1. Are IT logs secured to prohibit tampering?


Photo Comment

2. Is IT logs reviewed at least once per week?


Photo Comment

3. Are IT logs retained for at least 6 months?


Photo Comment
Incident Reports

1. Are incident descriptions, times, and dates recorded?


Photo Comment

2. Are causes and solutions recorded, and procedures updated if necessary?


Photo Comment

3. Is the business impact assessed for each incident?


Photo Comment
Outages

1. Are outage frequency (planned and unplanned), mean time to resolve, mean time between failures, total infrastructure downtime, total system downtime, and downtime by service regularly monitored?


Photo Comment
Storage And Utilization

1. Is RAM utilization regularly monitored?


Photo Comment

2. Is hard drive storage utilization regularly monitored?


Photo Comment

3. Is cloud storage utilization regularly monitored?


Photo Comment
Network Performance

1. Are upload and download speeds regularly monitored?


Photo Comment

2. Is network latency regularly monitored?


Photo Comment
Cost

1. Are total IT expenses, IT expenses per employee, cost per user, and cost per unit asset regularly reviewed?


Photo Comment
Systems Development

1. Is there a review process for determining system development needs?


Photo Comment

2. Are system design and development procedures adequate, well-documented, and followed?


Photo Comment

3. Are approvals required at appropriate stages in the development process?


Photo Comment

4. Are data entry documents accurate and comprehensive?


Photo Comment
Testing

1. Are tests comprehensive and sufficiently rigorous?


Photo Comment

2. Is system and program testing implemented correctly?


Photo Comment
Implementation

1. Are there review procedures for program implementation?


Photo Comment

2. Is the implementation process documented, and standards are followed?


Photo Comment

3. Are changes properly approved?


Photo Comment

4. Are appropriate controls in place to maintain security during and after implementation?


Photo Comment

5. Is the post-implementation review process documented, and standards are followed?


Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Seeing is Believing

Get a live demo customized to your unique needs, or get started with a 14-day FREE trial.

linkedin linkedin