IT Audit: Better Prevent Than Cure. Business Processes Audit

IT Audit: Better Prevent Than Cure. Business Processes Audit

Umbrella IT

Business-processes: there is always room for perfection.

No doubt, it will be of interest and advantage for you to look at your familiar business-processes through someone’s eyes. From this article you will learn what the business processes audit is, whether you really need it and what will you get as a result of the audit.

What is the difference between an IT audit of business processes and a conventional audit?

The traditional audit is aimed at checking business process for conformity with the standards and specification requirements.

We, as the IT business processes auditors, check whether the processes run smoothly, resources usage is sustainable, and the client is actually satisfied. Then, based on the findings we suggest own solutions to optimize your business-processes: as a result, you receive the ready-to-use set of tools and the detailed manual that will help you to save time and resources through automation of the processes.


We may single out several situations when such IT audit should be considered:

  • the company is going through some sufficiently quiet period: process run smoothly, profits are stable, and clients are satisfied with the quality. You plan no significant changes and/or business extension but have time enough to look at the business processes from outside. Then, it’s high time to conduct the audit in order to:
  • check whether any of your current business-processes may appear to become a weak point in the nearest future, and get the tool to strengthen those weak points;
  • while you have time for that, determine what new channels for increasing profit/efficiency are hidden within the processes used, how they can be opened and applied in an efficient manner.

We often get accustomed to the business-processes and feel comfortable being confident that the conventional approach will surely work. The idea of any changes required causes discomfort and negation.

For this very reason, the clients (who could never think of any eventual failure) often run to us panicking, when the situation comes to a boil, and the urgent solution is required.

In fact, you would not wait for a severe toothache to spoil your life, but rather visit the dentist regularly. Or it would never cross your mind to wait till your car falls to pieces in the middle of the highway - you prefer to have it inspected from the technical point of view on a regular basis. The same refers to the business processes. They need preventive measures as well.

  • the company experiences regular missteps, deadlines for projects/tasks are not always or practically never met, clients are systematically unsatisfied with the outcome, profits are irregular. You are aware of the fact, that some process (or more than one) fails, but cannot define which one.
  • it may happen that you know exactly which process is the bottleneck of your business. But you have no single idea of the way to remedy the situation, and need someone reliable, who can support you and be entrusted with searching for a solution; or your ideas are ready, but you need someone to check everything and fulfill them in a quality manner and under reasonable time limits.
  • probably, you extend your business, and the company is at the transition phase: scope of work is increasing, the staff is growing, products and/or services portfolio is extending. The previously used processes are actually satisfactory, but cannot cope with a new flow and volume. And you have to find out promptly, in what way they can be optimized.


  • first of all, we study the subject to be audited, i.e. business processes used
  • we collect general company information: specific field, products and/or services offered, staff, any internal documents, and procedures, whether they are successfully used in practice;
  • we examine manuals, documents, profit and loss reports, etc., in order to go deep into the current strategy and not only adjust the processes but to find specific levers to improve efficiency and profit.

For example:

We often have the cases, when our clients spend too much money on hosting, and not always reasonably.  We will help to determine which expenses are excessive and will explain how they can be avoided.

  • we conduct interviews and brainstorms with the employees to find out whether there are any problems, whether everyone is aware of them, and what is the way to manage the problems;
  • we check whether any complaints are received from the clients;
  • if the processes are stable and established, we check emergency procedures (simulate the situations when the employees have to deviate from standard patterns).
  • we analyze the information collected and define bottlenecks within such processes
  • based on the documents and data received, we build the diagrams to see whether there is any certain system employed, or the process runs in a random way;
  • we analyze to what extent the processes depend on people who perform them: whether experience and knowledge are transferred (for example, in case an employee  resigns/is fired: whether the information is transferred, to whom and in what form);
  • we define poorly organized processes, which involve too much time and more people than actually required;
  • we analyze the processes and determine the bottlenecks.
  • we suggest variants aimed to unblock the bottlenecks (optimize and automate the processes)
  • having defined the bottlenecks, we think over the possible variants to eliminate them due to automation or due to changing management approach;
  • we set priorities: which processes are to be handled with special care now, and which ones shall be taken into account for the future;
  • we prepare a detailed report of the business process audit on the results received specifying the suggested variants for optimization and automation.


After the check is completed, you have presented the detailed report with the results of the business process audit specifying the following:

  • list of bottlenecks within the processes;
  • recommendation related to the possible ways to improve the situation through optimization and/or automation;
  • risk assessment of the processes used.


In theory, things sound rather formal, and obviously, you would prefer to find out the practical effect of the complete procedure.

We are not going to make you bored with long speculations, but rather offer you some examples.


time for change audit

Background: there is an IT company. Headhunting had never been its key activity, they just had HR Department to search for the candidates for the company’s vacancies. But at some point business started growing, the number of employees was increasing, and recruitment requirements stiffened, accordingly.

At that time the issue grew pressing: more candidates were required, the department was extended, and the process became irregular and nontransparent (sometimes the department staff invited the same candidate twice for the interview, and the data were simply lost). As result the recruitment efficiency dropped to the lowest level and not less important, the company reputation suffered.

That was at that moment when the company made a decision to have the business processes audited in order to find out the way to optimize the department activity.

Audit findings: the audit has shown that the current process runs as follows:

  • the department members use a separate job seekers base (Excel table), and the candidates funnel is kept in CRM. Accordingly, when a candidate for a definite vacancy is searched for, the suitable candidates are transferred from the base to the funnel manually;
  • for the purpose of checking information on the candidate, every link to social and/or professional network profiles are also to be tried manually;
  • after the candidate is handled in the funnel, the data often remain in the funnel without being transferred to the base (forgotten, not done on time). Consequently, the base becomes irrelevant, and cannot be relied upon.

Conclusion: the most challenging bottleneck in the process is updating the candidate base. The applied funnel tool suits for the current vacancy handling, but there is no tool designed to connect the funnel and the candidate base and to ensure their automatic synchronization.

Solution suggested: to develop the relevant script/plugin. The tool covers the following:

  • common candidate base (the current base is automatically transferred to a new one);
  • easy candidate search through the base by several filters and adding into the funnel immediately after the search;
  • the complete candidate history inside of the funnel is assigned to the candidate in the base and saved even after exiting the funnel; history of HR personnel contacts with the candidate is also saved;
  • the funnel possess the same functions that the HR staff is used to, including stages for working with the candidate and possibility to add notes at any stage;
  • Chrome browser extension that allows collecting automatically the complete candidate information from the social network page and adding it to the base with one button click.


case 2 audit

Background: a marketing agency cooperates with a large number of companies and prepares for them mail for mass distribution. The task requires significant time. And as marketing mailouts are usually aimed at the specific date or period, deadlines are often failed.

The company is aware of the existing problems and, probably, of their nature, but cannot identify and eliminate them. This means, the current challenges are addressed using some temporary measures, and no comprehensive solution is found.

Audit findings: the audit has resulted in the conclusion, that especially much time costs creating design and layout for the mail templates. The process runs as follows:

  • the first to start the job is the designer, whose task is to combine and bring to the same style all mail components;
  • then, the mail is passed to a layout designer, who creates the responsive HTML page with styles according to the design;
  • after that, the mail template comes to a marketing expert to be filled with the content and transferred to some special mailing service.

The fact is, that the procedure is not so simple in itself. And if we consider the human factor and add time for introducing any eventual changes in the course of the working process, it is no wonder that the team has not always succeeded in meeting deadlines.

Conclusion: the issue is that too many people are engaged in the mail creating process. Though the work done is not always of unique nature (mail is executed in accordance with the corporate style and have similar structure), it appears that the valuable time is spent for the task to be fulfilled by each chain participant, for communication between people, for correcting the layout, if things do not comply with the wishes of marketing experts.

Solution suggested: to automate the process and develop the tool allowing the marketing expert (who has no idea of the layout design) to create quickly and easily the ready-made mail templates using the visual editor. The tool itself already considers every requirement (responsivity, browser requirements). By way of bonus, the same system can distribute the mails, so that there is no need to transfer the template to some other service, as MailChimp.

Why could not any already existing solutions be used in this case? The reason is, they do not offer any differentiation by companies and by access rights for the agency employees in charge for this or that company.


case 3 audit

Background: the audit was requested by the company, engaged in recruiting workers for construction projects. The issue arose due to regular negative feedback from the customers. In addition, every customer was complaining about his or her own reasons: quality of works, attitude to duties, permanent failure to meet deadlines. The company did not succeed in finding the cross point for the claims at the internal level. Accordingly, no solution was found.

Audit findings: through communication with clients and inspection of the sites it was cleared out, that the construction activities run slowly because many workers are simply out, late or regularly leave their working places.

Conclusion: the company needs a tool to monitor worker’s presence on site avoiding any human factor influence.

Solution suggested: to create an application to monitor working place presence. The solution is based on using the BEACON device having a limited radius that is constantly scanning the space within the radius and exchange information with other devices via Bluetooth.

That’s simple like this - the BEACON device is placed at the working place, and the worker has the app installed on the mobile device. As far as the worker remains within the operating radius of the device, the working time counter is on. And everyone is paid for the actual working time, accordingly.

As you see, in these cases the practical and reasonable solution was found and offered due to the timely audit. Do you want to see your story on the list of the stories that continue happily? Then, contact Umbrella IT right now – we will check the things, find the solution and assist you in implementing it!


Message us

Whatsapp logo