An I.T. Due Diligence Assessment (DDA) consists of Scope & Timelines, interviews, and data collection. Before this begins, we must ensure that everyone is aligned on outcomes so we establish participants, interview schedule, and how materials will be collected.
A typical I.T. DDA outlines several workstreams that are "In Scope" and "Out of Scope" at the beginning of the DDA. Overall, we have multiple workstreams:
- IT REVIEW
- Business Applications
- IT Organization / Governance
- IT Infrastructure
- Proprietary Applications Review
- High-Level Integration Analysis
- High-Level Carveout / TSA Assessment
- HIPAA Compliance
- Contact Center Review
- Deep Dive Code Review
- Data & Analytics Review
- Comparative Analysis
- Contract Review (Optional)
- CYBER
- Cybersecurity Assessment (NIST)
- Contract Review (Optional)
When conducting the different workstreams we are targeting several key objectives:
- Understanding internal systems in place and how well they support the current business environment
- Assess IT's environment to scale and support companies expected future growth trajectory
- Gather functional gaps, and risks or concerns presented by the gaps
- Assess proprietary software with an emphasis on methodology, infrastructure, technical roadmap to determine its reliability, scalability, and functionality
- Capture recommendations for future investment (short- and long-term including priorities, costs and timelines)
- Security assessment to understand current posture & gaps with a focus on addressing compliance and staying secure (from threats/vulnerability)
Each workstream varies in length, who is conducting the interview, and the participants.
|
Scope |
Workstream |
Topics |
Participants |
Interview Date/Time |
|
|
FIX I.T. |
Business |
||||
|
IT Review |
Executive Overview 20-30 minutes |
Company strategy – short and long term Understand technology’s role in strategic plans |
FIX I.T. |
TBD |
|
|
Business Applications |
CRM, Customer Facing Apps– 45 minutes |
FIX I.T. |
TBD |
||
|
Core Operations Apps – 45 minutes |
TBD |
||||
|
Data and Analytics – 20 minutes |
TBD |
||||
|
Financial Systems and Reporting – 30 minutes |
FIX I.T. |
TBD |
|||
|
IT Org 30 minutes |
IT staff, IT Spend, IT Controls, Governance, Risk & Compliance, Vendors/3rd Party contractors |
FIX I.T. |
TBD |
||
|
Proprietary Software Review 2-4 hours |
Development Org – Skills, SDLC, Project Management |
FIX I.T. |
TBD |
||
|
Technology – Software stack, reliability, scalability, roadmap, product demo, investments |
TBD |
||||
|
Infrastructure 2-4 hours |
Core Infrastructure – EUC, helpdesk, Messaging, Server, Storage, Data Center, Network, Telecom |
FIX I.T. |
TBD (TA Resources) |
||
|
Cyber |
Cyber Review 1-2 hours |
Cyber Governance, Risk Management, Incident Response, Information Protection |
FIX I.T. |
TBD (Cyber Resources) |
|
|
Optional |
Contract Review 60 minutes |
Review all contracts |
FIX I.T. |
TBD |
|
An I.T. DDA is a thorough process that has an immediate ROI. Conducting and investing in an annual I.T. DDA helps shape an IT organizations technical roadmap and vision.
