How to Run an IT Process Audit in 5 Steps

An IT process audit is one of the most valuable interventions a consulting team can perform for a struggling delivery organisation. Yet most companies avoid it — either because they don't know where to start, or because they're afraid of what they'll find.

Here's a practical, 5-step framework I've used across banking, payments, and e-commerce clients.

Step 1: Define the Scope

Before anything else, agree on what's in scope. Are you auditing the entire delivery org, or just one product team? Are you looking at tools, people, processes, or all three? A clear scope prevents audit fatigue and keeps the findings actionable.

Step 2: Document the Current State

Gather artifacts: team structures, backlogs, sprint reports, velocity charts, incident logs, and definition of done. Interview key roles — PM, PO, BA, TL, QA. Look for gaps between what people say they do and what the data shows.

Step 3: Apply a Framework

Map your findings against a recognised framework — PRINCE2, Scrum, or ITILv4 depending on the context. This gives you a neutral baseline for comparison and makes your recommendations harder to dismiss as subjective.

Step 4: Prioritise the Gaps

Not every gap needs fixing immediately. Use an impact/effort matrix to prioritise. Quick wins build trust. Long-term changes need a roadmap.

Step 5: Build the Action Plan

Deliver a clear, written action plan with owners, timelines, and success metrics. A 90-day roadmap is usually the right horizon — short enough to be credible, long enough to show results.

This is the framework behind every IT Process Audit I deliver. The details vary, but the structure holds.