Canadian IT Blog

How should Canadian businesses write IT systems assessment documents?

Written by Team CITI | November 25, 2018

At CITI, we start every project by completing a systems assessment document. IT systems assessment documents allow us to clearly focus on the IT issues we are being asked to solve for Canadian businesses. The assessment document is simply the document that captures all aspects of an assessment we are about to perform whether it is on a program, a process, a system or another business function. The assessment is a great way for us to identify current IT issues, identify weaknesses or inefficiencies, and capitalize on opportunities for improvement. Effective organizations regularly perform internal assessments in order to understand the health or maturity of various business functions.

 

Formal Standards

 

It is important for us to capture and document our findings, analysis and recommendations in a standardized way. Failure to document properly might result in something being overlooked or the organization losing the ability to capitalize on an opportunity for improvement. Assessment documents can also be archived and used at a later date for lessons learned or for baselines. Preparation of the assessment document provides a methodical way to proceed with the assessment and the best opportunity to highlight vulnerabilities, identify efficiencies, improve business functions and add value to your organization.

 

The format and content of IT assessment documents will vary by organization, but all will share some key common components. Without a complete and standardized thorough assessment, key lessons, areas of improvement, strengths and learning points may be missed, forgotten or otherwise slip through the cracks. The assessment document should include the following:

 

1. Assessment Purpose

 

This section should provide a description of the purpose of the assessment, which is to identify and capture the current state of affairs. It is important to include how the assessment is expected to benefit the organization by way of opportunities or improvements.

 

2. Description

 

This section should provide a description of what is being assessed. The assessment may be for a process, program, business function or system. Include details about every aspect of the current state of affairs.

 

3. Analysis

 

This section should describe how the assessment will be conducted and what aspects of the process, program, function or system, if any, will be examined. Clarify whether any particular areas are to be specifically assessed, or if it is a general assessment for the overall program. For example, describe how you might monitor the process through its lifecycle to identify where efficiencies and improvements could be gained.

 

4. Discoveries

 

This section should describe and enumerate all the discoveries made as a result of the assessment. It is also where we identify assets and configurations. It is helpful to include a network diagram. Discoveries should be ranked in order of significance. Think of discoveries as findings or results. Each discovery should contain enough detail so that people not involved with the program being assessed will still have a general understanding of the discovery and why it is important.

 

 

5. Recommendations for Improvement

 

During every assessment of a process, program, function or system, the assessors should keep opportunities for improvement on top of mind. Continuous improvement is the goal of all successful businesses. However small, all opportunities for improvement should be listed.

 

 

6. Impact

 

Describe how the recommendations, if adopted, will impact the way people do things. Who will have to do something differently? This section should describe what the impact is and who will be affected.

 

 

7. Current Performance Level

 

This section should describe the current performance level of the program, process, function or system being assessed. Include comments from people who use the current program. If metrics are available they should be included in this section.

 

8. Maturity

 

How old is the current process or state of affairs, when was it last updated and how frequently is it used? Do you have enough data to recommend changes? Effectiveness and maturity often go hand in hand. An assessment provides an opportunity to identify how mature a program is and this section should provide an explanation of that maturity level.

 

9. Opportunities

 

The identification of opportunities involves identifying the assets, configurations, applications (and how they are used), your IT vision and IT alignment. We may do interviews with key stakeholders to identify areas of concern and opportunities:

 

  • How do you feel about your IT?

  • What kinds of problems do you have?

  • Do you see IT as a driver or enabler?

  • How does IT influence your business?

  • What have you purchased that you're not really using?

  • In which areas does staff need training to increase efficiency?

 

Based on that, there are 3 different degrees of severity or levels of engagement: basic, intermediate and advanced. This section includes:

  1. Systematic automated and manual discoveries about your IT infrastructure

  2. What kind of services you have, including cloud services (most companies don’t have enough security software, which is common)

  3. In the analysis, we audit hardware from new Macs in boxes to old, unused systems in closets

  4. We look at how your computers communicate with each other

 

Reporting Phase

 

Once the assessment has been completed we transition into reporting mode. In the reporting phase, we will compile an IT asset listing of all the hardware and software services that you own. This is quite useful for management purposes, because it is often a long time since businesses have done an inventory. We will also catalogue all warranty expiry dates.

 

1. Network Diagram

 

The report is supported by a network diagram. The network diagram lists key components of your IT infrastructure in a 1-page conceptual overview of your network.

 

2. Findings and Recommendations Report

 

The findings and recommendations report is a grid-based document that presents each concern and opportunity in the discovery and analysis phases. Short-term findings and recommendations are prioritized. We may designate priorities. For example, if you don’t have security software, it will likely lead to security and privacy breaches. Security software will prevent or drastically reduce privacy breaches on staff computers.