Skip to main content
$990 IT Audit

See what needs fixing
before you commit.

You already know your IT needs attention. You just don't know how bad it is or where to start. Half-day on-site assessment. Written risk report. Prioritised 90-day plan. No obligation.

Book Your IT Audit Not ready? Free IT Health Check
$990 one-off
On-site, 2-3 hours
No obligation
What We Assess

A full picture of your IT, in one visit

Our engineer spends 2 to 3 hours on-site, working through every layer of your IT environment. Not a remote scan. A hands-on assessment.

Microsoft 365

Tenant configuration, MFA status, email security, Secure Score, conditional access policies.

Endpoints

OS versions, patch status, endpoint protection, disk encryption, device compliance.

Servers and Storage

On-prem servers, Active Directory health, firmware versions, physical security.

Backup and Recovery

What is backed up, how often, immutability status, last tested restore date.

Network Infrastructure

Firewall rules, wireless security, VLANs, remote access, external port scan.

Security and Compliance

Essential Eight status, application control, IT policies, user access controls.

Book your audit
Your Risk Report

A written report you can actually act on

Not a spreadsheet dump. A clear, structured report for the person who runs the business.

1

Executive Summary

Plain-language overview of your IT posture. What is working, what is not, and what needs immediate attention.

2

Risk Findings

Every finding categorised by severity: critical, high, medium, low. You know what matters most.

3

Prioritised Recommendations

Specific, actionable recommendations in priority order. What to fix first, second, third.

4

90-Day Remediation Roadmap

A phased plan to stabilise and secure your IT environment. Week by week, with clear milestones.

CIO Tech Risk Report April 2026

Executive Summary

Risk Findings

MFA not enabled on 4 admin accounts CRITICAL
No immutable backup configuration CRITICAL
Windows 10 EOL on 12 endpoints HIGH
DMARC policy set to none MEDIUM
SPF record correctly configured GOOD

90-Day Roadmap

Week 1-2
Week 3-6
Week 7-12
See a real sample

Two sample reports. Exactly what you receive.

These are full Risk Reports built for fictional firms so you can see the format, depth, and tone before you book. Each is watermarked sample and is illustrative only.

Sample · Accounting firm PDF · 13 pages

Harbourline Advisory

A fictional 15-person public practice firm in Parramatta. 14 findings across critical, high, medium and low severity. Tax Practitioners Board and APES 325 context. Recommended tier: Business.

2 Critical 5 High 4 Medium 3 Low
Download the accounting sample
Sample · Law firm PDF · 14 pages

Ironbark Legal

A fictional 20-person firm in St Leonards with an on-premise server. 15 findings including an internet-exposed Remote Desktop port. Trust account and legal professional privilege context. Recommended tier: Business.

3 Critical 5 High 4 Medium 3 Low
Download the law firm sample

These samples are illustrative only. Your report is produced fresh from a real half-day on-site assessment.

Book your audit and get a report like this
Pricing

$990 one-off. That is it.

No retainer. No lock-in. No hidden fees. You get the full audit and written report for a single flat fee.

CIO Tech IT Audit

Everything included in the $990 fee.

  • Half-day on-site assessment. A senior CIO Tech engineer, 2 to 3 hours, in person at your office.
  • Six-area infrastructure review. Microsoft 365, endpoints, servers and storage, backup and recovery, network, security and compliance.
  • Written Risk Report. Severity-ranked findings, plain-language executive summary, delivered within 5 business days. (See sample reports above.)
  • 90-day remediation roadmap. Prioritised, week-by-week plan that any competent IT team can act on.
  • 30-minute review call. Walk through the findings together, ask questions, decide what matters most.
  • You keep the report. Hand it to your existing IT person, brief a different provider, or work through it internally. No obligation to engage CIO Tech.
$990

One-off. GST inclusive.

Book Your IT Audit

What you commit to

No managed-IT commitment required after the audit. The $990 audit is a one-off engagement. You can act on the report yourself, use a different provider, or engage CIO Tech for managed IT. Whichever path you choose, the audit ends when the report is delivered.

Fixed price, no scope creep, GST inclusive. The $990 is the entire fee. There is no hourly billing, no follow-up invoice for additional reviews, no "we found something extra" charges. If our engineer takes longer than expected on-site, that is on us, not on you.

What Happens Next

90 days to a secure baseline

If you choose to move forward with CIO Tech after the audit, your environment goes through a structured three-phase programme. No guesswork. No cutting corners.

01

Stabilise

Days 1 to 30

  • Deploy monitoring tools and EDR
  • Enforce MFA across all users
  • Establish patch cadence
  • First backup restore test
02

Harden

Days 31 to 60

  • Defender policies and M365 hardening
  • Remove legacy authentication
  • Baseline data loss prevention
  • First executive report
03

Optimise

Days 61 to 90

  • Close remaining roadmap gaps
  • Microsoft Secure Score target
  • First quarterly business review
  • Transition to ongoing operations
How It Works

Three steps to clarity

1

Book

Pick a date. We come to your premises for 2 to 3 hours. Sydney metro, same week where possible.

2

Assess

Our engineer reviews every layer: M365, endpoints, servers, backup, network, security. Hands on keyboard, not a checklist from a PDF.

3

Report

Within 5 business days, you receive your written Risk Report with findings and a 90-day remediation plan.

Is This Right For You?

The IT Audit is built for business owners

If any of these sound familiar, the audit will give you the answers you need.

You have been with the same IT provider for years and are not sure what they are actually doing

You have never had a formal IT security assessment

Your cyber insurance renewal is asking questions you cannot answer

You are growing and need to know if your IT can keep up

You are considering switching IT providers and want an independent baseline

Two professionals reviewing printed charts and data
Common Questions

Frequently asked questions

What does the $990 IT Audit include?
A half-day on-site visit by a CIO Tech engineer. We assess your Microsoft 365 environment, endpoints, servers, network, backups, and security posture. You receive a written Risk Report with findings, severity ratings, and a prioritised 90-day remediation roadmap.
How long does the audit take?
The on-site assessment takes 2 to 3 hours. Your written Risk Report is delivered within 5 business days.
Do I have to sign up for managed IT after the audit?
No. The audit is a standalone service. You keep the report whether you work with us or not. There is no obligation and no sales pitch during the visit.
When do I get the report?
Within 5 business days of the on-site assessment. It is a written document, not a slide deck. Findings, severity ratings, and a prioritised action plan you can hand to any IT provider.
What areas do you assess?
Microsoft 365 configuration, endpoint security (EDR, patching, encryption), server and network infrastructure, backup and disaster recovery, user access and identity management, and Essential Eight alignment.
What if we already have an IT provider?
The audit is provider-agnostic. You receive a written risk register and a 90-day remediation roadmap that any competent IT team can act on, ours or yours or someone else's. Many businesses use the audit as a third-party benchmark to confirm their current provider is doing what they should be, or to identify specific gaps to raise with them. There is no requirement to switch providers as a result of the audit.
What happens after the audit if we don't proceed with managed IT?
You keep the report. The remediation roadmap is yours regardless of what you decide next. You can hand it to your existing IT person, use it to brief a different provider, or work through it internally. CIO Tech does not require an ongoing engagement after the audit. The $990 audit fee is the only commitment.
How is this different from a free vulnerability scan?
A free scan is automated and looks at one slice: typically external network exposure or one cloud platform. The IT Audit is human-led and on-site. A senior engineer reviews your network, devices, servers, Microsoft 365 configuration, backup integrity, user access, physical setup, and Essential Eight alignment, then writes findings prioritised against your business context. Free scans surface vulnerabilities; the audit tells you which ones actually matter for your business and what to do first.
Do you work with our existing software?
Yes. CIO Tech supports Microsoft 365, Google Workspace, the major Australian SMB software stacks (Xero, MYOB, HandiSoft for accounting; LEAP, Affinity, ActionStep for legal; Best Practice, MedicalDirector, Cliniko for medical; Console Cloud, PropertyMe for real estate; and most line-of-business applications via AppCare). The audit assesses what you have today; we do not require you to switch any application as part of working with us.
Before Your Audit

Four things to check this week

You do not need to wait for the audit to start improving your IT posture. Here are practical steps you can take right now.

Check your admin accounts

Log in to your Microsoft 365 admin centre and check how many global admin accounts exist. If more than two have admin access, that is a risk. Every admin account should have MFA enabled.

Test a backup restore

Ask your current IT provider: when was the last time a backup was successfully restored? If they cannot answer, or if it was more than 90 days ago, that is a red flag. Untested backups are not backups.

Count your unpatched devices

Check how many laptops and desktops are more than 30 days behind on Windows updates. Unpatched devices are the most common entry point for ransomware.

Review who has MFA

Multi-factor authentication should be on every user account, not just admins. If anyone in your business logs in with just a password, that account is one phishing email away from compromise.

Not ready to book? Get a free 5-minute snapshot first.

Take the Free IT Health Check

See where your IT stands.
$990. No obligation.

You keep the report whether you work with us or not. It is yours.

Book Your IT Audit Take the Free IT Health Check