How do you find out what the requirements and expectations of the management are, and whether IT meets these requirements?
If you want to invest a lot of money and time, you hire one of the Big Four or one of the other well-known consulting firms to analyze this. But with the right methodology, it can be done faster and cheaper. With the QuickAssessment, this can be found out faster and more cost-efficiently. In an interview, the requirements and expectations of the management are first determined. Then, by means of interviews, (1) the existing IT infrastructure, (2) the communications infrastructure, and (3) the application landscape and processes are recorded. This information can be used to determine the extent to which IT can support the requirements and expectations of management. A short, informative report then shows how each area compares to the requirements and expectations. Each subarea is given a rating that is clearly A, B or C. If action is required in sub-areas, it is explained and justified.
What is the objective?
The QuickAssessment for companies serves as a status assessment. It shows whether and which operational risks exist in IT and what can be done. In the best case, there is an A for all sub-areas; in the worst case, there is a C for all sub-areas. In practice, one encounters neither one nor the other. In most cases, there is only a need for action in one or more sub-areas. It is then up to the management to provide IT with the necessary resources.
Duration and costs
The QuickAssessment is trimmed to efficiency and should keep the effort low without compromising the informative value. For this reason, a great deal of effort went into creating the questionnaires. Only with the right questions can a reliable assessment be made. And this can normally be done within one day for the interviews and then takes a few days for the evaluation and writing of the report. Interviews and receipt of the report take place within a week.
QuickAssessments are for different customer segments for different reasons a good way to better classify business risks through IT in risk management. They also provide a good basis for decision-making in planning and strategy. They are a goal-oriented and efficient tool for business leaders as well as for companies directly exposed to this risk.
Alignment of business and IT:
For enterprise customers:
- Does IT meet the requirements and expectations of executive management and the legal framework? (Due Diligence, Risk Management)
- Does the IT of a takeover candidate (acquisition) meet the requirements, the expectations and the specifications of the executive management and the legal framework conditions? (Due Diligence, Acquisition Risk)
- Does the IT meet the requirements, expectations and information of the management and the legal framework? (Due diligence, investment risk due to IT)
For banks and other lenders:
- Does a borrower's IT meet the requirements to achieve the objectives? (Due diligence, credit risk due to IT)
Business continuity risk and data risk:
For insurance customers:
- Is a company's IT able to support business continuity and disaster recovery? Can the objectives be met? (Due diligence, business continuity insurance)
- Is IT security granted in terms of processes and implementation? Are business continuity and disaster recovery ensured? What is the attack surface from the outside? (Due diligence, cyber risk insurance, individual risk assessment)