SANLAM Assurance

The information systems (IS) architecture audit took place in the context of the departure of a Chief Information Officer (CIO) to welcome a new CIO, which presented several important advantages:

Current state assessment: The audit provides a clear, unbiased view of the current state of the company’s IS architecture. This includes an inventory of existing systems, applications, infrastructures, databases, processes and technologies.

Weakness identification: The audit identifies any weaknesses, inefficiencies, inconsistencies or vulnerabilities in the IS architecture. This can help highlight areas requiring improvement.

Documentation of best practices: The audit can document the IS architecture best practices that have been put in place. This documentation can be invaluable to the new CIO in understanding past decisions.

Alignment with strategy: The audit can assess the extent to which the current IS architecture is aligned with the company’s overall strategy. This helps identify gaps or opportunities for improvement.

Complexity of existing architecture: The company had a complex IS architecture, with numerous systems, applications, databases and integrations. The audit had to deal with this complexity.

Technological diversity: The systems and technologies used were highly diversified. The audit assessed a wide range of technologies.

Sensitive data: Information systems often contain sensitive and confidential data. The audit had to take into account data security and confidentiality issues.

Integrations and interfaces: Systems often interacted with each other via interfaces and integrations. The audit had to trace how these interactions worked.

Heterogeneous environments: IS environments were fairly heterogeneous, with physical servers and virtualized environments. The audit had to adapt to this diversity.

Age of systems: Some systems were old and obsolete, complicating the audit due to lack of documentation or current expertise.

We began by defining the audit objectives: specific aspects of IS architecture to be assessed, priorities in terms of security, compliance and operational efficiency.

We then put together a competent audit team: the audit team included professionals experienced in IS architecture audit, information security and technology project management.

We planned the audit: We drew up a detailed audit plan, including the definition of activities, necessary resources, deadlines and expected deliverables, defining a clear methodological framework for the audit.

We assessed the current IS architecture (security, performance, compliance and asset management).

We identified weaknesses and opportunities

We documented findings carefully, including technical details, recommendations and priorities.

We produced a clear and comprehensive audit report for management and the new CIO. The report included the AS IS with a summary of findings, recommendations, priorities and action plans.

This methodical, well-planned approach to IS architecture auditing enabled us to overcome technical difficulties and ensure a smooth transition between CIOs, while improving the efficiency, security and compliance of the company’s IS architecture.