$990 IT Audit

See what needs fixing
before you commit.

You already know your IT needs attention. You just don't know how bad it is or where to start. Half-day on-site assessment. Written risk report. Prioritised 90-day plan. No obligation.

Book Your IT Audit Not ready? Free IT Health Check
$990 one-off
On-site, 2-3 hours
No obligation
What We Assess

A full picture of your IT, in one visit

Our engineer spends 2 to 3 hours on-site, working through every layer of your IT environment. Not a remote scan. A hands-on assessment.

Microsoft 365

Tenant configuration, MFA status, email security, Secure Score, conditional access policies.

Endpoints

OS versions, patch status, endpoint protection, disk encryption, device compliance.

Servers and Storage

On-prem servers, Active Directory health, firmware versions, physical security.

Backup and Recovery

What is backed up, how often, immutability status, last tested restore date.

Network Infrastructure

Firewall rules, wireless security, VLANs, remote access, external port scan.

Security and Compliance

Essential Eight status, application control, IT policies, user access controls.

Your Risk Report

A written report you can actually act on

Not a spreadsheet dump. A clear, structured report for the person who runs the business.

1

Executive Summary

Plain-language overview of your IT posture. What is working, what is not, and what needs immediate attention.

2

Risk Findings

Every finding categorised by severity: critical, high, medium, low. You know what matters most.

3

Prioritised Recommendations

Specific, actionable recommendations in priority order. What to fix first, second, third.

4

90-Day Remediation Roadmap

A phased plan to stabilise and secure your IT environment. Week by week, with clear milestones.

CIO Tech Risk Report April 2026

Executive Summary

Risk Findings

MFA not enabled on 4 admin accounts CRITICAL
No immutable backup configuration CRITICAL
Windows 10 EOL on 12 endpoints HIGH
DMARC policy set to none MEDIUM
SPF record correctly configured GOOD

90-Day Roadmap

Week 1-2
Week 3-6
Week 7-12
Pricing

$990 one-off. That is it.

No retainer. No lock-in. No hidden fees. You get the full audit and written report for a single flat fee.

CIO Tech IT Audit

  • Half-day on-site assessment (2 to 3 hours)
  • 6 areas assessed: M365, endpoints, servers, backup, network, security
  • Written Risk Report with severity-ranked findings
  • Report delivered within 5 business days
  • No obligation to proceed with CIO Tech
$990

One-off. GST inclusive.

Book Your IT Audit
What Happens Next

90 days to a secure baseline

If you choose to move forward with CIO Tech after the audit, your environment goes through a structured three-phase programme. No guesswork. No cutting corners.

01

Stabilise

Days 1 to 30

  • Deploy monitoring tools and EDR
  • Enforce MFA across all users
  • Establish patch cadence
  • First backup restore test
02

Harden

Days 31 to 60

  • Defender policies and M365 hardening
  • Remove legacy authentication
  • Baseline data loss prevention
  • First executive report
03

Optimise

Days 61 to 90

  • Close remaining roadmap gaps
  • Microsoft Secure Score target
  • First quarterly business review
  • Transition to ongoing operations
How It Works

Three steps to clarity

1

Book

Pick a date. We come to your premises for 2 to 3 hours. Sydney metro, same week where possible.

2

Assess

Our engineer reviews every layer: M365, endpoints, servers, backup, network, security. Hands on keyboard, not a checklist from a PDF.

3

Report

Within 5 business days, you receive your written Risk Report with findings and a 90-day remediation plan.

Is This Right For You?

The IT Audit is built for business owners

If any of these sound familiar, the audit will give you the answers you need.

You have been with the same IT provider for years and are not sure what they are actually doing

You have never had a formal IT security assessment

Your cyber insurance renewal is asking questions you cannot answer

You are growing and need to know if your IT can keep up

You are considering switching IT providers and want an independent baseline

Image: Business owner reviewing IT Audit report with CIO Tech engineer
Common Questions

Frequently asked questions

What does the $990 IT Audit include?
A half-day on-site visit by a CIO Tech engineer. We assess your Microsoft 365 environment, endpoints, servers, network, backups, and security posture. You receive a written Risk Report with findings, severity ratings, and a prioritised 90-day remediation roadmap.
How long does the audit take?
The on-site assessment takes 2 to 3 hours. Your written Risk Report is delivered within 5 business days.
Do I have to sign up for managed IT after the audit?
No. The audit is a standalone service. You keep the report whether you work with us or not. There is no obligation and no sales pitch during the visit.
When do I get the report?
Within 5 business days of the on-site assessment. It is a written document, not a slide deck. Findings, severity ratings, and a prioritised action plan you can hand to any IT provider.
What areas do you assess?
Microsoft 365 configuration, endpoint security (EDR, patching, encryption), server and network infrastructure, backup and disaster recovery, user access and identity management, and Essential Eight alignment.
Before Your Audit

Four things to check this week

You do not need to wait for the audit to start improving your IT posture. Here are practical steps you can take right now.

Check your admin accounts

Log in to your Microsoft 365 admin centre and check how many global admin accounts exist. If more than two have admin access, that is a risk. Every admin account should have MFA enabled.

Test a backup restore

Ask your current IT provider: when was the last time a backup was successfully restored? If they cannot answer, or if it was more than 90 days ago, that is a red flag. Untested backups are not backups.

Count your unpatched devices

Check how many laptops and desktops are more than 30 days behind on Windows updates. Unpatched devices are the most common entry point for ransomware.

Review who has MFA

Multi-factor authentication should be on every user account, not just admins. If anyone in your business logs in with just a password, that account is one phishing email away from compromise.

See where your IT stands.
$990. No obligation.

You keep the report whether you work with us or not. It is yours.

Book Your IT Audit Take the Free IT Health Check