IT Audit for a Regional Occupational Health Group

by

Note on privacy: Client identifiers and sensitive details have been anonymised/redacted.

Summary for busy readers
A regional occupational health organisation operating several medical sites struggled with slow systems, unclear costs and minimal visibility. A newly appointed director requested an independent audit with a clear mandate: restore transparency, modernise core services and simplify the daily experience for non‑technical medical staff. The audit exposed systemic issues (heterogeneous workstations, weak processes, legacy infrastructure, under‑optimised inter‑site links, and wasteful contracts). We delivered a structured, phased modernisation plan that improved login times from 10–15 minutes to a few seconds, reduced unnecessary spend, and re‑established governance.

Client context

  • Sector & size: SME in occupational health (multi‑site, France).
  • Users: receptionists, secretaries, accountants, ergonomists, occupational health nurses and physicians.
  • Constraints: clinical schedules, privacy and data protection, mixed legacy systems, low digital fluency across many users.

Challenges & risks (identified during audit)

Operational pain points

  • Extremely slow user sessions (10–15 minutes before work could start).
  • Over‑complex workflows unsuitable for low digital‑fluency roles.
  • No standardisation: each workstation configured differently (local policies); changes were slow.
  • No structured procedures for onboarding, device replacement, or profile management.

Infrastructure & technical

  • Legacy servers still on the books despite being decommissioned.
  • Local workstation policies instead of Group Policies (GPO) → instability/overhead.
  • Outdated or over‑sized but under‑performing workstations.
  • Under‑optimised MPLS inter‑site connectivity.
  • Minimal network hygiene (aging switches, inconsistent Wi‑Fi, no unified monitoring).
  • Legacy Citrix deployment with poor performance.

Financial & organisational

  • Subscriptions/contracts paid for software no longer used.
  • Vendor lock‑in with incomprehensible and inflated costs.
  • Zero management visibility on needs vs. expenses.

When visibility is low, a structured IT audit is the safest first step—see IT audit for SMEs.

Audit scope

  • Core infrastructure: servers & virtualisation platform.
  • Remote desktop: Citrix environment & user‑experience engineering.
  • Endpoints: workstations and end‑user devices.
  • Network: switching, routing, Wi‑Fi, MPLS topology.
  • Software: across clinical and administrative roles.
  • Security: endpoint protection, access control, backup processes.
  • Financials: contracts, amortisation, licensing, subscriptions.
  • Processes: user lifecycle, asset management, documentation, workflows.

Delivered: a written report with recommendations, phased migrations, expected impacts and cost projections.

Recommendations & modernisation plan (phased)

  1. Remote desktop modernisation
    • Replace the legacy Citrix stack with a modern, efficient platform; tune profiles and policies.
  2. Right‑sized virtualisation platform
    • Renew the core platform to a reliable, cost‑efficient baseline.
  3. Standardised user workspaces
    • Move most roles to lightweight, secure thin/terminal clients delivering: faster boot, no local internet, minimal maintenance, higher security.
  4. Contract & cost rationalisation
    • Cancel unused subscriptions; correct amortisations for non‑existent servers; switch to a transparent maintenance provider.
  5. Network hygiene & security
    • Replace outdated switches; unify Wi‑Fi; centralise antivirus; restrict standalone access; adopt clear GPO‑based standards.
  6. Process & governance
    • Define onboarding, device replacement and change control; create a single source of truth for assets and procedures.

Outcomes

  • Massive performance gains: login times cut from 10–15 minutes to a few seconds.
  • Simplified day‑to‑day: a unified and up-to-date workspace aligned to clinical and administrative needs.
  • Higher security: controlled environment, no unsecured workstations, centralised AV and access policies.
  • Cost optimisation & transparency: major savings from cancelled subscriptions and right‑sizing; management visibility restored.
  • Happier users: complaints dropped; IT “stopped getting in the way”.

Timelines vary by scope and site constraints; results shown are this client’s.

What SMEs can reuse (checklist)

  • Start with a neutral audit to separate facts from assumptions.
  • Phase the plan: stabilise → standardise → optimise; avoid big‑bang where clinics are involved.
  • Standardise endpoints for low‑maintenance, secure workspaces.
  • Clean contracts: stop unused subscriptions; document who buys what, when and why.
  • Adopt GPO‑based baselines; keep a runbook for onboarding and replacements.
  • Tie improvements to business continuity and data‑protection goals.

Gotchas & limits

  • Legacy dependencies (specialty software) can constrain endpoint standardisation—document exceptions.
  • Inter‑site links often hide bottlenecks; test end‑to‑end with real user journeys.
  • Change fatigue in clinical teams — communicate early with clear benefits and short training.

Next steps

Need clarity, speed and lower costs without disruption?

→ Book your initial scoping call