IT Infrastructure Audit – Questionnaire

IT Infrastructure Audit - Questionnaire
  • IT Infrastructure Audit – Questionnaire

  • Views 18

  • Downloads 3

  • File size 112KB
  • Author/Uploader: scokoye

Information Technology (IT) Infrastructure Audit Questionnaire

NITDA/BPP E-PROCUREMENT IT INFRASTRUCTURE AUDIT EXERCISE

Overview The purpose of this questionnaire is to gather information related to information technology infrastructure. In most modern entities, Information Technology is pervasive throughout the organization across the entire spectrum of the business and information flows. However, information about IT infrastructure and supporting IT processes needs to be gathered as essential background to a more detailed evaluation for the upcoming e-procurement project. This document is designed to facilitate collection of information necessary for understanding the IT infrastructure. Completion of this document by an auditee in advance of a meeting to discuss its content may be practical. Instructions To complete this document:  Select appropriate responses when choices are given. In addition, provide brief narrative descriptions when applicable. Flowcharts, workflow diagrams as well as policies and procedures can also be provided in support of descriptions.  Information or documentation of a sensitive nature can be discussed verbally with audit personnel rather than included in written format as a response. For these areas, please indicate your preference for discussing this information as the response.  Questions and areas that are unanswered will be addressed by audit personnel in subsequent meetings or discussions.

1

Information Technology (IT) Infrastructure Audit Questionnaire Section A: Organization and Management

Name/Position of IT Head:______________________________

Phone Number: _________________ _________________ E-mail:

_________________

1. Describe where the IT organization fit in the Ministry overall organization structure? (Attach organization chart, if available) 2. Number of IT personnel devoted to the following IT functions?        

Application Development and MaintenanceAudit Computer Operations Security Administration Help Desk/PC Support Network Administration Training Strategy and Planning Others

3. How many management level people are included in the IT function of the Ministry and what are their positions. If you have an organizational chart of the IT department available, please attach it to this questionnaire. 4. Does the Ministry utilize outside vendors for any of the following IT functions? If so, please indicate the vendor name:       

Data center management Programming Support Application System Support/Development Data Entry Network Management Remote Access Administration Others

2

Information Technology (IT) Infrastructure Audit Questionnaire Section B: Information Technology Strategy 1. Document below any issues, which are currently of importance to the IT department or will be in the coming year and beyond (e.g. e-procurement, capacity planning, new services, changes in systems etc.). Indicate if any third parties are assisting you with any projects. Issue

Comments

2. Do you have a written IT plan and strategy in place?  Yes

 No

3

Information Technology (IT) Infrastructure Audit Questionnaire Section C: Systems Configuration 1. For each multi-user system, please provide the following information:

Model of Machine Ex.

RS 6000 server

Operation System and Version AIX

V_?__

Application System(s) SAP R/3 V_?_

Primary Business / Systems Management Function(s) Procurement/Inventory Management

1 2 3 4 5 6 7 8 9 10 2. What type of network operating system(s) is used? (Check all that apply) Novell Netware Version ?

Windows server 2012

Windows Server 2003

Windows NT 4.0

Windows server 2007

LAN Manager

Other____________________________________________________________________ 3. What type of desktop (client) operating system(s) is used? (Check all that apply) Linux

Windows 10

Windows Xp

Other____________________________

Windows 7

XWINDOWS (Unix emulation)

windows 8 4. Briefly describe upcoming upgrades or migrations that are planned for any of the system configurations described above.

4

Information Technology (IT) Infrastructure Audit Questionnaire Section D: Application Environment 1. Does the Minstry have a high-level flowchart of application systems and interfaces?  Yes

 No

If yes, please attach a copy to the questionnaire. If no, please provide a brief description of significant application interfaces.

2. Describe the extent of in house report customization by IT personnel and/or end users.

3. Describe any plans the Ministry has for converting application systems or establishing automated interfaces.

4. Describe the process for keeping your internal user base trained in the key applications. If you are seeking support in this area, please also indicate in your response.

5. How does the procurement unit of the ministry capture, process and store data. 6. Is there any automation of procurement process at the moment?  Yes

 No

7. If yes to what level ie e-Tendering e-Bidding e-Award etc.

5

Information Technology (IT) Infrastructure Audit Questionnaire Section E: Internet Connectivity/EDI 1. Does the Ministry have a connection to the Internet?  Yes

 No

2. If yes, how does the Ministry access the Internet?  Type of Internet connectivity (Dialup, wired, wireless etc)  Please indicate below the Technology your ministry uses to access the internet (VSAT, Microwave, CPE, Fibre, Dongles etc)  What is the Ministry bandwidth capacity and how is it managed (ie according to departmental priority) 3. Does the Ministry have an internal network and have installed a security suite with a firewall for Internet security?  Yes

 No

If yes, please indicate the name of the Security Suite/firewall software package. 4. What is the purpose for Internet access, please indicate on each field that applies: ____________

Departmental intranet

____________

E-mail

____________

Public Enquiries / Supplier/`Contractor Inquiries

____________

Government to Business Electronic Commerce (Transactions)

____________

Government to Government Electronic Commerce (Transactions)

____________

Research (i.e., Internal employee browsing)

____________

E-Procurement

____________

Other___________________________________________

5. Please describe which of the principal application systems are made available through an Internet connection

6

Information Technology (IT) Infrastructure Audit Questionnaire 6. Does the Ministry use electronic data interchange (EDI) or electronic funds transfer (EFT)?  Yes

 No

If yes, briefly describe the type of business transactions that the technology is utilized for.

If yes, what EDI translation software is used (ie xml base)

7

Information Technology (IT) Infrastructure Audit Questionnaire Section F: Information Security 1. How is security administration organized with IT (e.g., software, people, processes)?

2. Describe what forms of access there are to key application systems (logical and physical access).

3. How many internal users in the Ministry can access key application systems?

4. Do you have any Helpdesk Resources (in-house) or external (third party) outsourced support services?  Yes

 No

8

Information Technology (IT) Infrastructure Audit Questionnaire Section G: Disaster Recovery and Business Continuity Planning

1. Does your location have a disaster recovery plan for the computer hardware and operations?  Yes  No If yes, when was it last tested? ____________________________________________________ 2. Is there a business resumption plan in place for business operations?  Yes  No If yes, when was it last tested? ____________________________________________________

Section H: System Development and Change Control Methodologies 1. Does the IT department do any significant programming or reconfigurations of systems?  Yes

 No

2. Do you have a separate development, software quality assurance, and production environment?  Yes

 No

Section I: Computer Operations

1. Briefly describe the types of transaction processing and approximate volumes. (e.g.; on-line, batch, etc). 2. Does the Ministry perform performance monitoring as well as short and long term capacity planning for the system and network infrastructure components?  Yes

 No

9