- Introduction (V1.3):
- Survey Checklist Usage:
- Applications Environment:
- Application Inventory List:
- Infrastructure Inventory List:
- IT Organization Structure Survey:
- SDLC / PLC Methodologies:
- IT Personnel:
- Personnel Attributes:
- Personnel Management:
- Client Relationships:
- Who are IT’s Clients:
- IT Sweet Spots:
- IT Sour Spots:
Introduction (V1.3):
This is Part III of IV of my IT Executive checklist, or survey list. It focuses on Applications Environments, IT Personnel, and Client Relations. Over the years I’ve worked in quite a few different IT groups, large and small. From experience I’ve learned that there are “things” I need to know almost as soon as I walk into an IT Group, large or small.
This is a living “work in progress” document that is the result of my “need to know”. It will be upgraded and refined from time to time as conditions and “states of IT” change.
Survey Checklist Usage:
This checklist is not a “one time” tool. It is certainly of great value when you are stepping into an new IT arena, but it can and should be also used iteratively. Take a fresh copy out from “time to time” and walk and talk your way through your IT group. When done compare the new results to prior versions. Note changes and non-changes. Note, also, what is missing that should be there, and vice-versa.
Except for the “Overview” sections, I have included a “value” column before each item for your use. I have not assigned or attempted to assign weights to these items as this is not a “concentrate on this first” list and any weights would be arbitrary. All items on this list are important.
The value column is merely a way to “grade” what is and isn’t working or is and isn’t present. Use any value range you wish, but I would suggest keeping it simple, at most a scale of 0, 1, 2, 3 with 0 being non-existent or “un-acceptable” and 3 being present or “acceptable” but it could be as basic as 0 and 1. One reason for keeping it simple is that when you are stepping into a new role you don’t, yet, have sufficient information, or experience, for proper, accurate, evaluations. That will come with time but as you can’t wait until you “know everything” before making a decision this survey and a simple grading scale will help to get you close.
While each CIO/CTO should use this list for his/her group, every executive and manager on the team should as well as they too need to understand each area, each area’s scope and each area’s strengths and weaknesses. This is not a “top secret” document it is a survey and diagnostic document meant for use.
The entire checklist is broken down into several sections. It starts out at a high level and then drills down into more detail. Some of the data in these levels may appear to be redundant, but is not. It’s the difference between the 50,000 and the 500 foot levels.
Finally, remember to look, ask, listen and verify. And don’t forget to talk to your Techies.
Applications Environment:
I have two categories in the complete list that seem similar but are not. Software Environment (see Part I) addresses the “brand names”, if you will, used by IT - too many brand names can create mass confusion and excess expense, too few create an inability to be flexible and use the “right tool for the job”. The Applications Environment category addresses the “business end” of IT, the finished applications used by the clients (internal and external) and the carriers / structures used to provide them.
Application Inventory List:
It is important to know how many application exist, what their criticality is to the company, and/or clients, and what their “state” is and is expected to be . Even in a small “job shop” or “software house” this information should be tracked and maintained. The master inventory list must be kept up-to-date as “old” applications are retired and new ones added. This list has both strategic and tactical use. The items listed below are the bare minimums.
|
Value |
Question |
Response |
|
|
Does an Application Inventory List of each and every application, and its state, exist? “State” includes (but is not limited to): |
|
|
|
Application name: |
|
|
|
Age (in years or fractions of): |
|
|
|
Release Status (In Dev, QA or Production) |
|
|
|
Production Version Number: |
|
|
|
Last Release Date: |
|
|
|
Next Version Number: |
|
|
|
Next Release Date: |
|
|
|
Application Type (Web, Client-Server, SAAS): |
|
|
|
Application Source (Custom - In House, Vendor Package, Custom - Vendor): |
|
|
|
Retention (enhance, major upgrade, replace - bug support only, replace - unsupported, retire - no replacement, out-source): |
|
|
|
Tier (defined approximately as follows): |
|
|
|
1 - Critical to success of company and client, top priority for support and Disaster Recovery (DR) efforts. Should remain operational 24/7, must be recovered within 24 hours max. |
|
|
|
2 - Important to company and clients but has less financial / legal / PR impact and is on secondary DR list. Can “live” without it for up to a week before significant impact. |
|
|
|
3 - An ancillary system, has value but little direct impact on the company / clients. Manual processes exist as a work-around so may be recovered within a month without significant impact or harm. |
|
|
|
4 - Nice to have but not at all critical, can easily be replaced with other software or manual systems. Ex: local desktop applications (spreadsheets, utilities, etc.). Has lowest priority on DR lists, if listed at all. |
|
|
|
Usage Class (Customer, Front Of House, Back Of House, etc.): |
|
|
|
Business Channels using application: (HR, Legal, Fin, Client, etc.): |
|
|
|
Business Function - Primary (high level: Contracts, Accounts Payable, Travel Requisitions, Court Case Load Tracking, Purchase Orders, etc.): |
|
|
|
Client(s) using application (listed): |
|
|
|
Total Number of Users (seats): |
|
|
|
Gross Income Earned To Date: |
|
|
|
Gross Income Earned Trend (Up, Down, Flat) - per Product Life Cycle states: |
|
|
|
Volume Trend (Up, Down, Flat) - per Product Life Cycle states: |
|
|
|
FY __ Budget - Estimated: |
|
|
|
FY __ Budget - Actual: |
|
|
|
Audit Type (SOX, PII, PCI, HIPAA, Safe Harbor): |
|
|
|
User Doc / Training Available for Released Version |
|
|
|
(Etc.) |
|
Infrastructure Inventory List:
It is important to know how many servers and physical devices exist, what their criticality is to the company, and/or clients, and what their “state” is and is expected to be . Even in a small “job shop” or “software house” this information should be tracked and maintained. The master infrastructure inventory list must be kept up-to-date as “old” hardware is retired and new brought on board. This list has both strategic and tactical use. The items listed below are the bare minimums.
|
Value |
Question |
Response |
|
|
Does an Infrastructure Inventory List of each and every server/significant device and its “state” exist? “State” includes (but is not limited to): |
|
|
|
Server/Device name / ID: |
|
|
|
Server/Device make / model / revision: |
|
|
|
Server/Device Serial Number: |
|
|
|
Year put in service (not the same as Age): |
|
|
|
Mfg Age (in years or fractions of): |
|
|
|
Server/Device Owner (Employee ID / Name): |
|
|
|
Purpose: |
|
|
|
Database Server |
|
|
|
Web Server |
|
|
|
Proxy / Reverse Proxy Server |
|
|
|
Application/Middleware Server |
|
|
|
File Server |
|
|
|
Print Server |
|
|
|
E-mail/Mail Server |
|
|
|
FTP Server |
|
|
|
Fax Server |
|
|
|
Audio/Video Server |
|
|
|
PBX Server |
|
|
|
Groupware Server |
|
|
|
Router |
|
|
|
Switch |
|
|
|
Hub |
|
|
|
Backup |
|
|
|
Other: |
|
|
|
Dedication Type: |
|
|
|
Dedicated |
|
|
|
Shared |
|
|
|
Virtual (Dedicated on Shared) |
|
|
|
Production Type: |
|
|
|
Development (Dev) |
|
|
|
Sandbox (post-Dev, pre-QA testing) |
|
|
|
QA |
|
|
|
Prod(uction) |
|
|
|
DR (Disaster Recovery) |
|
|
|
Disaster Recovery Criticality (1, 2, 3, 4): |
|
|
|
Disaster Recovery Type: |
|
|
|
Primary |
|
|
|
Failover |
|
|
|
Warm Standby |
|
|
|
Cold Standby |
|
|
|
Disaster Recovery Reboot Sequence / Dependency: |
|
|
|
Backups: |
|
|
|
Schedule (replication, every ___ hours, daily, weekly): |
|
|
|
Media: (tape, hard disk, RAID, removable drive, optical disk, etc.) |
|
|
|
Software (vendor name, version) |
|
|
|
Restore Tested Successfully on (month / day / year): By: |
|
|
|
Operating System Layer: |
|
|
|
O/S Type (Windows, UNIX, Linux, AIX, etc.) |
|
|
|
Current Version: |
|
|
|
O/S Last Upgraded on: |
|
|
|
O/S Last patched on: |
|
|
|
Application Layer objects on Server: |
|
|
|
Application Layer Type(s): (application, database/database server, web, etc.): |
|
|
|
Application Layer Name / ID: |
|
|
|
Application Layer Owner(s): |
|
|
|
Employee ID / Name |
|
|
|
Role (DBA, SA, Mgr, Tech Lead, etc.) |
|
|
|
Rights / Permissions (Full, RW, RO, etc.) |
|
|
|
Service Level Agreement (__ hours, __ days, etc.): |
|
|
|
Etc. |
|
IT Organization Structure Survey:
In addition to the Inventory Lists there is some key structural information that needs to be considered. Some of this may be redundant to other sections but is included here to create a comprehensive view of IT’s structure / areas of assigned responsibilities:
|
Value |
Question |
Response |
|
|
Is there a published, up-to-date, IT Organizational (Org) Chart? |
|
|
|
Does the org chart make sense (can the average employee make sense of it and know where to go and who to see)? |
|
|
|
Does the org chart contain duplicate and / or overlapping functions / roles? |
|
|
|
Is the org chart missing critical functionality? |
|
|
|
Is any / most / all Infrastructure support out-sourced? |
|
|
|
Data Center functionality? What is the ratio: |
|
|
|
Network support? What is the ratio: |
|
|
|
IT Operations support? What is the ratio: |
|
|
|
Telecomm functionality? What is the ratio: |
|
|
|
Desktop support? What is the ratio: |
|
|
|
Is any / most / all SW Development & Delivery functionality out-sourced? What is the ratio: |
|
|
|
Is any / most / all Customer Relationship functionality out-sourced? What is the ratio: |
|
|
|
Is any / most / all Help Desk functionality out-sourced? What is the ratio: |
|
|
|
Is there an IT Steering Committee? If so, what members/roles comprise it: |
|
|
|
Is there an IT Leadership Committee? If so, what IT members/roles comprise it: |
|
|
|
Is there an IT Architecture group? |
|
|
|
Is there an IT Security Policy group? |
|
|
|
Is there an IT Change Management group? |
|
|
|
Is there an IT Strategic Planning group? |
|
|
|
Is there an IT PMO group? |
|
|
|
Is there an (internal) IT Audit group? |
|
|
|
Are IT’s products/services delivered nationally or internationally? Or both? What is the ratio: |
|
|
|
What is the current In-House Custom versus Vendor Package Ratio: |
|
SDLC / PLC Methodologies:
It may not seem like it, but one of the critical factors in a successful IT department/group is (a) the use of a PLC (Project Life Cycle) and an SDLC (Software Development Life Cycle) methodology and (b) the proper use of the proper methodology(s) at the proper time.
Note: SDLC is sometimes confused with PLC (Project Life Cycle), they are not, however, identical. SDLC is specific to the development of software. It is encompassed by, within, a PLC (during its “Execute” phase).
|
Value |
Question |
Response |
|
|
Is a PLC methodology in use? Is it documented or done “off the cuff”? |
|
|
|
Are one or more SDLC methodologies in use? Are they documented or done “off the cuff”? What one(s) are used: |
|
|
|
PMBOK (Project Management Body Of Knowledge from PMI) |
|
|
|
Agile/Scrum |
|
|
|
Custom/In-House |
|
|
|
Other: |
|
|
|
Is a “one size fits all” SDLC used or does the approach vary depending on the scope/size of the project? For instance: |
|
|
|
Very Large |
|
|
|
Large |
|
|
|
Medium |
|
|
|
Small |
|
|
|
Enhancements (Quick Hits) |
|
|
|
Have the project managers, and the development team members, been trained on the SDLC(s)? |
|
|
|
Is there visible evidence that the SDLC steps have been done and all deliverables completed? |
|
|
|
What, if any, Project Management tools/software are in use that support the SDLC(s)? |
|
|
|
Microsoft Project? |
|
|
|
@task Project Management? |
|
|
|
Primavera? |
|
|
|
Other: |
|
|
|
If the current SDLC has not been uniformly successful, has a study/analysis been done to see if: |
|
|
|
The team members were trained on it? |
|
|
|
The correct steps were actually done? |
|
|
|
The methodology was appropriate to the project / task? |
|
|
|
The steps/deliverables were monitored / managed as the project was underway? |
|
| Have upper management and executives been trained on the current SDLC and basic IT process and procedures to help manage their expectations? |
IT Personnel:
The single most valuable asset in all of IT is not the value of the servers and software but your personnel. The next lists help to create a picture of that asset.
Personnel Attributes:
|
Value |
Item |
Response |
|
|
Total # of IT Personnel: |
|
|
|
Permanent Employees: |
|
|
|
Contractors: |
|
|
|
Employee/Contractor Ratio: |
|
|
|
What is the turn-over rate / percentage per annum? |
|
|
|
What is the average tenure of, and what does the tenure bell curve look like for all IT: |
|
|
|
Permanent employees? |
|
|
|
Contractors? |
|
|
|
Using the IT Organization Chart enter the head counts (Perms and Contractors) in each area / department / group; for each VP, each Director, each Manager. |
|
|
|
Total # of Personnel by Production Type: |
|
|
|
Administrative (do not directly produce and / or support applications and infrastructure, includes CIO and all VP’s): |
|
|
|
Technical (Directors and below who directly produce and/or support applications and infrastructure): |
|
|
|
Administrative / Technical Ratio: |
|
|
|
What is the average number of: |
|
|
|
Applications supported by each Development and Help Desk (technical) team member: |
|
|
|
Databases supported by each DB Administration (technical) team member: |
|
|
|
Servers supported by each Infrastructure Support (technical) team member: |
|
|
|
Other average: |
|
|
|
For each IT VP / Director / Manager, what is the total number of their: |
|
|
|
Direct report-to’s: |
|
|
|
In-direct report-to’s: |
|
|
|
What is each VP’s / Director’s / Manager’s average direct/indirect employee tenure? |
|
|
|
Divide the Gross Annual IT Budget by the total IT Headcount (this should be tracked over 5 and 10 year periods for trend changes). |
|
|
|
How many: |
|
|
|
… applications total does IT support (requires accurate application inventory list): |
|
|
|
… servers total does IT support (requires accurate infrastructure inventory list): |
|
|
|
… client (external) users total does IT support: |
|
|
|
… company (internal) users total does IT support: |
|
|
|
Is there a Skills Required list for each application: |
|
|
|
Is there a Skills Available list for each employee / contractor: |
|
|
|
Can the Skills Required and Skills Available lists be easily compared? |
|
Personnel Management:
One of the keys to retention of your valuable IT personnel is proper career and promotion management. One note of interest is that not all IT personnel want to become managers “someday” so a technical career and promotion route must exist for the “pure techies” as well.
|
Value |
Item |
Response |
|
|
Is there a published up-to-date Company Policy / Employee Manual that provides clear direction as to “do’s” and “don’ts”? |
|
|
|
Does the company have a clear policy on the subject of “comp time” to cover late nights and weekends worked by IT employees when on-call or working late on a new production release, etc.? |
|
|
|
Does the company have a Talent Succession Planning program in the event Life steps in? |
|
|
|
Does the company have a Career Development / Talent Planning program and path for both Technical and Management (potential) IT personnel? |
|
|
|
Are the technical promotion paths, and their requirements, clearly defined? |
|
|
|
Are the IT job titles and role descriptions at least reasonably consistent with industry-wide titles and roles? |
|
|
|
Does the company have a Rewards / Recognition program, separate from reviews? |
|
|
|
Does the company have a Performance Review program? Is the program include objective as well as subjective goals and guidelines? |
|
|
|
Is it a 360 degree review or top-down only? |
|
|
|
Are there specific skills (competencies) defined and goals and objectives required? |
|
|
|
Does the review process allow for “mid stream” changes in goals and objectives? |
|
|
|
Are the goals and objectives required to be in alignment with the overall IT goals and objectives for the year? |
|
|
|
Is the rating system consistent across all of IT? |
|
|
|
Is there a training program for all VPs, Directors and Managers so the review process is consistent and fairly applied? |
|
|
|
Is there an “appeals” process in the event an employee feels the review is inappropriate? |
|
Client Relationships:
Ultimately, IT survives, from beginning to end, based on its relationships with its clients – whether internal-to-the-company business units, external businesses, external individual customers or all of the above. This is one reason why “Customer/Client Satisfaction” is one of three Project Management Institute’s additions to the Triple Constraint of a project: Scope, Time (Schedule), Cost (Resources), Quality, Risk, Customer Satisfaction.
Everyone in IT needs to know who the client is, without ambiguity. And. The first rule of that is: I guarantee you that IT is not its own client, not any segment or individual within IT. I have seen this misguided concept enforced before with serious, even disastrous results. Client’s/customers/users are one hundred percent (100%) external to IT.
Who are IT’s Clients:
|
Value |
Item |
Response |
|
|
Does a complete up-to-date list of IT’s external-to-the-business clients exist? If so, what are the numbers. |
|
|
|
Does a complete up-to-date list of IT’s internal-to-the-business (but external o IT) clients exist? If so, what are the numbers. |
|
|
|
Does a complete up-to-date list of IT’s end users (internal and external) exist? If so, what are the numbers. |
|
|
|
Does a complete up-to-date list of IT’s vendors / suppliers exist? If so, what are the numbers. |
|
|
|
Does IT support B2B / B2C web applications? If so, are there performance numbers? If so, what are the numbers. |
|
|
|
What, if any, metrics are used to validate IT’s acceptance level with its internal- and external-to-the-business clients/users? |
|
IT Sweet Spots:
|
Value |
Item |
Response |
|
|
What IT function works well already (”don’t fix what isn’t broke” doesn’t apply if you don’t know what it is that works)? |
|
|
|
Who works well, individually, as a team member and as a company member (this is a case for look, ask, listen and verify)? |
|
|
|
Which clients can be and are willing to be used as references? |
|
|
|
What products / services: |
|
|
|
are the users / clients most satisfied with? |
|
|
|
are the most remunerative income-wise? |
|
|
|
have received the most recognition / rewards? |
|
|
|
have the highest quality level (least bug reports / complaints)? |
|
|
|
What, if any, metrics are in place that can be used to validate the success / acceptance level / failure of an IT function / policy / procedure? |
|
IT Sour Spots:
|
Value |
Item |
Response |
|
|
|
Per each of the groups below, which aspect(s) of IT is the most problematic, is the biggest source of discord (remember: look, ask, listen, verify): |
|
|
|
|
per the “techies” (create a safe avenue for them to respond)? |
|
|
|
|
per the managers (create a safe avenue for them to respond)? |
|
|
|
|
per the executives? |
|
|
|
|
per the users? |
|
|
|
|
per the clients? |
|
|
|
|
What if any commonalities exist across the above lists? |
|
|
|
|
What if any discrepancies / gaps exist between the above lists? |
|
|
|
|
Is there a: |
|
|
|
|
single issue that stands out above all others? |
|
|
|
|
common / root cause behind their issues? |
|
|
|
|
Which “sour” spot is your first priority? |
|
|
|
|
Which business units / internal groups give IT dirty looks (or worse) in meetings? |
|
|
|
|
Which clients wouldn’t cross the street to say hello let alone provide a reference? |
|
|
|
|
Which products / services have never gotten off the ground? |
|
|
|
|
What IT decisions / strategies seemed like a “good idea at the time” but turned out to be unmitigated disasters (were anyone willing to admit it)? Are those strategies still in place? |
|
|
|
|
What Policies And Procedures (PnP’s) are still in force that make no sense, i.e. that impede product and service? |
|
|
|
|
What, if any, metrics are in place that can be used to validate the success / acceptance level / failure of an IT function / policy / procedure? |
|
|
|
Part I presented the Overview section, Infrastructure and Software Environment / Tools.
Part II covered IT Methodologies, Application Suites and Environments, Reporting Tools, Data Transformation Tools, Batch Schedulers, Backups, Data Encryption, and Controls / Security.
Part IV will conclude the series by reviewing Risks / Risk Management, Budgets, Company Policies and Goals/Objectives.
Hope this helps.
DP Harshman
