When a post-graduate research university became an independent institution after the dissolution of the state system, the university leadership and board needed to understand the institution’s current IT environment and IT risks. Additionally, the university auditor wanted a long-term partner to collaborate with for IT audit and advisory services.
Baker Tilly’s higher education IT audit and cybersecurity specialists conducted a university-wide IT risk assessment with three main objectives:
Baker Tilly surveyed, interviewed, and inventoried all of the IT units, the services, key applications, and data types, across the entire enterprise. Then we identified, assessed, and prioritized IT risks, and developed an IT audit plan. Our approach centered on the four aspects of IT: people, processes, technology, and governance. Finally, we developed a report for the board and leadership that was understandable and consumable without technical jargon or the need to be an IT professional.
First, the university’s leadership and board got true insight into the state of IT at the institution for the first time. This insight highlighted the total number of IT employees, and IT services across the institution, many of which we duplicative. Second, the top 15 IT risk areas identified highlighted the need to focus resources and efforts on key areas such as cybersecurity, governance, and network infrastructure. Finally, the university used the results to strategically fund network upgrades, create an IT governance function, and hire new IT and cybersecurity leaders. With these investments the university has already made progress improving IT operations and the security of systems and data.