What is a systems assessment document
IT Services – 5 min read

How should Canadian businesses write IT systems assessment documents?

At CITI, we start every project by completing a systems assessment document. IT systems assessment documents allow us to clearly focus on the IT issues we are being asked to solve for Canadian businesses. The assessment document is simply the document that captures all aspects of an assessment we are about to perform whether it is on a program, a process, a system or another business function. The assessment is a great way for us to identify current IT issues, identify weaknesses or inefficiencies, and capitalize on opportunities for improvement. Effective organizations regularly perform internal assessments in order to understand the health or maturity of various business functions.

 

Formal Standards

 

It is important for us to capture and document our findings, analysis and recommendations in a standardized way. Failure to document properly might result in something being overlooked or the organization losing the ability to capitalize on an opportunity for improvement. Assessment documents can also be archived and used at a later date for lessons learned or for baselines. Preparation of the assessment document provides a methodical way to proceed with the assessment and the best opportunity to highlight vulnerabilities, identify efficiencies, improve business functions and add value to your organization.

 

The format and content of IT assessment documents will vary by organization, but all will share some key common components. Without a complete and standardized thorough assessment, key lessons, areas of improvement, strengths and learning points may be missed, forgotten or otherwise slip through the cracks. The assessment document should include the following:

 

1. Assessment Purpose

 

This section should provide a description of the purpose of the assessment, which is to identify and capture the current state of affairs. It is important to include how the assessment is expected to benefit the organization by way of opportunities or improvements.

 

2. Description

 

This section should provide a description of what is being assessed. The assessment may be for a process, program, business function or system. Include details about every aspect of the current state of affairs.

 

3. Analysis

 

This section should describe how the assessment will be conducted and what aspects of the process, program, function or system, if any, will be examined. Clarify whether any particular areas are to be specifically assessed, or if it is a general assessment for the overall program. For example, describe how you might monitor the process through its lifecycle to identify where efficiencies and improvements could be gained.

 

4. Discoveries

 

This section should describe and enumerate all the discoveries made as a result of the assessment. It is also where we identify assets and configurations. It is helpful to include a network diagram. Discoveries should be ranked in order of significance. Think of discoveries as findings or results. Each discovery should contain enough detail so that people not involved with the program being assessed will still have a general understanding of the discovery and why it is important.

 

 

5. Recommendations for Improvement

 

During every assessment of a process, program, function or system, the assessors should keep opportunities for improvement on top of mind. Continuous improvement is the goal of all successful businesses. However small, all opportunities for improvement should be listed.

 

 

6. Impact

 

Describe how the recommendations, if adopted, will impact the way people do things. Who will have to do something differently? This section should describe what the impact is and who will be affected.

 

 

7. Current Performance Level

 

This section should describe the current performance level of the program, process, function or system being assessed. Include comments from people who use the current program. If metrics are available they should be included in this section.

 

8. Maturity

 

How old is the current process or state of affairs, when was it last updated and how frequently is it used? Do you have enough data to recommend changes? Effectiveness and maturity often go hand in hand. An assessment provides an opportunity to identify how mature a program is and this section should provide an explanation of that maturity level.

 

9. Opportunities

 

The identification of opportunities involves identifying the assets, configurations, applications (and how they are used), your IT vision and IT alignment. We may do interviews with key stakeholders to identify areas of concern and opportunities:

 

  • How do you feel about your IT?

  • What kinds of problems do you have?

  • Do you see IT as a driver or enabler?

  • How does IT influence your business?

  • What have you purchased that you're not really using?

  • In which areas does staff need training to increase efficiency?

 

Based on that, there are 3 different degrees of severity or levels of engagement: basic, intermediate and advanced. This section includes:

  1. Systematic automated and manual discoveries about your IT infrastructure

  2. What kind of services you have, including cloud services (most companies don’t have enough security software, which is common)

  3. In the analysis, we audit hardware from new Macs in boxes to old, unused systems in closets

  4. We look at how your computers communicate with each other

 

Reporting Phase

 

Once the assessment has been completed we transition into reporting mode. In the reporting phase, we will compile an IT asset listing of all the hardware and software services that you own. This is quite useful for management purposes, because it is often a long time since businesses have done an inventory. We will also catalogue all warranty expiry dates.

 

1. Network Diagram

 

The report is supported by a network diagram. The network diagram lists key components of your IT infrastructure in a 1-page conceptual overview of your network.

 

2. Findings and Recommendations Report

 

The findings and recommendations report is a grid-based document that presents each concern and opportunity in the discovery and analysis phases. Short-term findings and recommendations are prioritized. We may designate priorities. For example, if you don’t have security software, it will likely lead to security and privacy breaches. Security software will prevent or drastically reduce privacy breaches on staff computers.

 

Learn about your IT security. Register for a free cybersecurity consultation.  Book Now Considering moving to the cloud? Find out if the cloud is right for your company.Book Now
Guide to Email Security from our Practice Safe Cyber Series Download Your Poster
Global Toronto and CreateTO City of Toronto Agencies Case Study
Learn about your IT security. Register for a free cybersecurity consultation.  Book Now
Guide to Ransomware Attacks in Canada
Considering moving to the cloud? Find out if the cloud is right for your company.Book Now
New IT Infrastructure Transforms Organization. KCI Ketchum Canada
Engage our services and get 10 hours free. It's easy to work with CITI. Become a client.Book Appointment

IT Insights from our Blog

Read more

We're here to help!

Moving to the Cloud
Cybersecurity

Is your management team asking about your IT security policies and practices? Are you worried about a cybersecurity breach? CITI’s comprehensive IT security services provide all the information your company needs to deal with current and future security situations and concerns. Learn about your IT security. Register for a free cybersecurity session.

Managed Services

There is another way to manage your IT that doesn’t require you call your IT firm. Managed IT services offer proactive care, support, monitoring and maintenance of your computer systems for a fixed monthly fee. Process-driven, less involvement, more predictable cost. Yes, Virginia, there is a way to keep your IT running smoothly that does not require you to make a call.

Pay-As-You-Go

Are you concerned about minimizing IT maintenance costs? Perhaps you’re techno savvy. Or maybe you only need an IT firm for complex IT situations. CITI can provide exactly the volume of IT services that you want and need from network troubleshooting to helping a user with a jammed printer. Our full range of services are available on a per incident basis.

Disaster Recovery

Is the stuff of your nightmares power outages? The only way to deal with a severe interruption to business operations is to plan for it. Beginning with a disaster recovery plan through implementing and maintaining failsafe, foolproof, rock-solid offsite backups, CITI has helped 100s of companies protect their most valuable asset—their data and systems.

IT Consulting

Uncertain if your company should move to the cloud? Do you have doubts about the best way to back up your data? Looking for ways to minimize your vulnerability to IT security breaches? Perhaps you’re looking for help with your annual IT budget. CITI’s IT advisory services help businesses make informed strategic and tactical decisions on information technology.

Call Us

416-603-2442