IT Audit Readiness Checklist

Use this checklist to assess your organisation’s preparedness for a formal IT audit in 2024. Each item should be reviewed and validated internally or with support from your IT partner.

✅ Documentation

• System architecture diagrams and network maps are up to date
• Policies for access control, data retention, and acceptable use exist and are approved
• All critical assets are inventoried and classified

✅ Security Controls

• Multi-factor authentication (MFA) is enabled for admin and user accounts
• Antivirus/EDR tools are deployed and monitored
• Regular vulnerability scans are scheduled and reviewed

✅ Backups & Disaster Recovery

• Backups are verified regularly and tested for restore success
• Disaster recovery plan (DRP) is documented and tested annually
• Critical systems have defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)

✅ Logging & Monitoring

• Centralised logging is in place for servers and endpoints
• Alerts are configured for suspicious activity
• Audit logs are retained per compliance requirements

✅ Change Management

• Changes to systems are documented, authorised, and approved
• Version control exists for critical applications and configuration
• Roll-back procedures are documented

✅ Staff & Training

• IT staff roles and responsibilities are clearly defined
• Security awareness training is provided to all staff annually
• Access reviews are performed quarterly