IT solutions consulting
The following is a description of IT HealthCheck. It contains the Introduction Section which provides an overview of IT HealthCheck and the IT Planning section as an example of a self-assessment area.The primary purpose of IT HealthCheck is to provide a self-assessment tool that organizations can use for determining the state of good practices and control in their IT organization.High profile problems experienced by organizations have focused attention on corporate governance issues. As a result, management is experiencing increasing pressure to maintain an effective system of internal control. There are legal requirements, fiduciary responsibilities, contractual requirements, and societal pressures. IT HealthCheck can be used to provide reasonable assurance that business objectives, supported by IT, will be achieved, and that IT risks have been identified. In short, management desires reasonable assurance of IT's contribution to business objectives, and seeks benchmarks to determine that IT operations are satisfactory and that they will continue to adapt in a timely manner to trends in their environment. IT HealthCheck can be used to provide such assurance.IT HealthCheck is for use by the IT Department and the CIO, but it can be used by other groups who want to review the IT Department such as Internal Audit and Senior Management.IT HealthCheck can also be used as a self-assessment to prepare the IT Department for an external review or certification and to present management or the IT Steering Committee with information showing the status of the IT Department's governance.Several functions within an organization may be responsible for evaluating IT. First, auditors provide independent assurance that IT is secure, is meeting the needs of the organization, and is otherwise operating in a controlled manner. Second, the users may periodically perform reviews to see that they are obtaining and properly using the IT resources that they require. Finally, the IT function may perform self-assessments to determine that they provide an efficient and effective IT resource to the organization.
IT HealthCheck is first, a framework for evaluation of an organization's information and related technology. There are six Domains included in IT HealthCheck. Planning and Organization Applications Management Delivery Management Service Management Technology Management Oversight Each of these Domains includes a number of Responsibility Areas, which define the various aspects of the domain. All together there are 28 Responsibility Areas. The Planning and Organization Domain is focused on those aspects of the IT Department that are the general management practices. It covers those Responsibility Areas of IT that affect all IT functions.
IT Planning IT Organization Human Resources Financial Management IT Economics Project Management Quality Management Risk Management Enterprise Architecture Management
The Applications Management Domain encompasses the Responsibility Areas that are concerned with the acquisition of software, either through purchase or in-house development, and the maintenance of the software and data through its life cycle. Application Acquisition Application Maintenance Data Management
The Delivery Management Domain is concerned with the provision of day-to-day services to the business operations. Its focus is to ensure the continuous high level of service from the information technology that is in place. Operations Management System Management Facility Management Business Continuity Security
Service Management is the Domain that IT Management must focus on to improve relationships between IT and its business customers, ensure that business objectives are continuously met and balance the quality of delivered services with their costs. It addresses the following areas of responsibility: Problem Management Change Management Service Desk Service Level Management Configuration Management
Technology Management focuses on managing the technical infrastructure that supports the delivery of services to the user community. Asset Management Infrastructure Management Desktop Management
The Oversight Domain is monitoring the performance and effectiveness of the IT Department. This monitoring is concerned with ensuring that IT meets its performance objectives today and focuses on improving its performance tomorrow. Measurement Performance Management Contract Management
The following is the section that addresses IT Planning. It is an example of one of the 28 areas. Information Technology Planning
The rating process is mostly based on answering Yes or No to the assessemnt questions. There is no grading process to determine if there is a magical number that is correct. The purpose of the rating is to determine where improvement efforts should be made. Since this is a self-assessment, the Responsibility Areas can be distributed to the individuals responsible for each area to answer.IT environments are more complex today, and there are more demands for IT services and support. Delivering these IT services requires skilled, experienced staff and a technology infrastructure that is easily supported, is flexible enough to process the volumes associated with operational peaks and can support the increased demands generated by growth in the business.Technologies, such as distributed processing, client/server environments, Internet and Intranet technologies are providing increasing challenges for IT management. Responsibility for the delivery and support of IT services is becoming more fragmented. In some organizations, business units share the responsibility for certain functions previously handled by the IT staff, and the infrastructure can be widely dispersed throughout the organization. In these circumstances, IT Management must be highly organized and follow consistent practices to ensure uninterrupted business operations.
The IT Department is responsible for developing information technology long-range plans supporting the organization's missions and goals. Therefore, a structured planning process should be used.
Planning Approach Does IT have a structured planning approach? Do long and short range IT Plans exist Are the IT Plans current? Is there IT Planning committee? Is Senior Management involved in the planning? Do checkpoints exist to ensure that the IT long and short-range plans continue to meet organizational objectives? Are plans changed to reflect changing conditions? Is the IT long-range plan used as the basis for short-range plans?
IT Plan Does the IT Plan include feasibility studies of IT initiatives? Are risk assessments of the IT initiatives included in the plan? Are elements such as organizational changes, technology evolution, regulatory requirements, business process re-engineering, staffing, out-sourcing, etc. addressed in the planning process? Are IT initiatives such as hardware changes, capacity planning, information architecture, disaster recovery planning, installation of new processing platforms, etc. included in the plans. Does the IT Plan acknowledge the role that the Internet will play in your organization?
Business Alignment Does the IT Plan fully support the organization's mission and goals? Were functional managers included in the planning process? Were senior managers included in the planning process? Did functional managers and senior managers review and sign-off the IT plans?
Senior Management Questionnaire There is a questionnaire that can be given to the organization's Senior Management. This will provide useful information as to how the Senior Managers view IT.
Functional Management Questionnaire There is a questionnaire that can be given to the organization's Functional Management. This questionaire asks questions on the value they see in IT and how they view the services provided.
Analysis Planning Approach If a structured approach to planning and maintaining the plan does not exist then one should be put in place. If you answered that you do not have an IT Plan then the IT Department should ensure one is developed. The IT Plan is the basis for all services delivered by IT. This is a critical document on which all initiatives should be based. IT Plan Many IT organizations have documents that are not complete IT plans. The IT Plan should address all the critical aspects and used as the basis to derive the short-term plans. Business Alignment If the IT plan is not aligned with the organization's mission and goals, then it will not be viewed as contributing to the organization's future and success. One way to ensure this is to have functional managers and senior managers involved in the planning process. The final step is to have both management groups review and approve the IT Plan. Questionnaires These two management groups have a significant impact on the IT Department and the CIO. The responses to each questionnaire should be reviewed. What were the comments provided? Is there a trend or common idea across many of the responses? Every manager that responded with any level of dissatisfaction should be interviewed to determine his or her concern. Any dissatisfaction with the IT Department should be addressed. This is especially important at the Senior Management level.
