VCTO Audit Services For Construction Company

Evaluating the IT infrastructure, security and strategy stance of a construction company from an executive standpoint

The large-scale construction company operates across London, the Southwest of England, and the Midlands. With a workforce exceeding 200 employees, the company’s IT strategy is coordinated by an in-house leader and complemented by external helpdesk support.

As part of a review of the company and direction, the board initiated an IT audit as a strategic review of the current IT systems and their alignment with the company’s long-term goals.

With our depth of expertise and experience working with the construction industry, the company engaged Akita’s consultants in a VCTO capacity to review its IT infrastructure and ongoing strategy to determine if this sits in line with requirements and best practices.

VCTO Audit Process & Findings

The VCTO audit was inclusive, requiring the involvement of the IT staff member to work with our consultant and provide a detailed technical analysis of the current and prospective IT framework.

The audit’s scope extended to various aspects of IT, including security, internal infrastructure, multi-site communication, and the company’s online presence through intranet and extranet platforms. The objective was to ascertain whether the existing IT trajectory was conducive to the company’s growth and operational demands.

While the VCTO audit findings were largely satisfactory, it revealed upcoming cost items and gaps in security strategy. The organisation was found to be using Windows 10 Pro systems extensively. This, it was highlighted, is due to go end of life and thus would need to be upgraded.

The storage of user accounts in SharePoint was another area that warranted a re-evaluation to enhance data management practices and data security.

The audit also evaluated the company’s security processes. Small gaps were identified in its current Mobile Device Management (MDM) compliance. It was also recommended that the MDM solution include mobile phones, to cover both Bring Your Own Device (BYOD) and organisation-owned phones. This measure aimed to prevent outdated or insecure devices from accessing sensitive company data.

A thorough network security review was conducted, with some open network ports identified that were deemed as a security risk to the organisation’s security.

As part of the audit process, a comprehensive report was produced. Our VCTO consultant then met with the IT lead and members of the leadership to break the findings down, explaining the detail of the report and outlining where it was demeed priorities lay.

The Value Of VCTO Audit Services

The audit conducted for this construction company demonstrates the value of proactive IT governance.

For the board of the construction company, the VCTO audit provided reassurance that their IT strategy was broadly aligned with current needs but there small areas for improvement and streamlining. It also offered external validation for the IT lead at the organisation which in turn was peace of mind for the board.