Technology is permeating virtually every aspect of business today, from email and mobile communication tools to global complex ERP systems and extensive internet activities. Most companies today rely on technology to the point that without it, their operations would grind to a halt. Of course, such a heavy reliance on technology also creates a high volume of significant risks that companies must assess, manage and monitor appropriately. This was the case before the introduction of social media channels such as LinkedIn, Facebook, Twitter and now Google+, that employees can access any time of the day (if not on company systems, then certainly on personal computers or mobile devices). This access has created an entirely new realm of IT risks that companies are just now beginning to define and understand how to manage.
The purpose of this questionnaire is to help organizations think about how they can develop a deeper knowledge of the IT infrastructure and processes, to understand both the current state and desired future state.
Example questions include:
- Is your IT department collaborating effectively with the business to manage shifting priorities or changes in the regulatory landscape?
- Do you have a clear understanding of the company’s short and long-term objectives?
- Are the IT department’s priorities and activities aligned with these objectives?
- Are the expectations of C-suite and business unit executives with regard to IT consistent with how technology is funded and managed?
- Have you undertaken an effort to define and classify the data your organization generates as part of its day-to-day operations?
- Is the organization clear about what information is sensitive or requires special attention – especially data that is regulated by privacy laws?
- Is there specific responsibility or stewardship assigned for your most sensitive data types?
- Is the management of data conducted over its full lifecycle in the organization, from acquisition through disposal/destruction?
- Has your firm conducted a risk assessment that identifies the nature of information collected, where it is stored, and how and where it is transmitted?
- Has your company established data protection policies that are monitored and enforced throughout the organization?
- Is the IT department addressing demands for faster network performance?
- Is IT ensuring that faster-performing networks are also reliable?