One of the benefits of entering an existing (but leaderless) IT environment is the fresh perspective we can apply while establishing the organization’s technology goals. When starting with a complete blank, you can’t take anything for granted.
Sometimes this clean start can be helpful — even in strong IT environments. Every now and then, it’s good to question the status quo, reassess risk, and confirm past decisions. Why wait for problems to crop up over time? To borrow a sports saying, sometimes the best defense is a good offense.
Here are 5 logical steps for evaluating an IT environment. These steps are crucial in stressed/challenged IT departments, but also very helpful as a yearly process in healthy organizations.
- Overall Assessment
- Risk/Impact Prioritization
- Cost/Revenue Analysis
- Project Definition
I’ll post details about each step in subsequent articles, starting with…
This is the first thing to do when entering a new environment, or reassessing an existing environment. You can’t identify what needs to happen until you have the “lay of the land”. In the overall assessment, we look for areas of risk and opportunity.
For example, risks may be: insecure web infrastructure, lack of staff cross training, incomplete backup procedures, too many legacy systems, or run-away costs. Opportunities may include: mobile apps to drive down sales costs, social media initiatives to increase revenues, or targeted cloud use to prepare for future growth.
Generally, I’ve found that messier IT departments tend to have more risks (largely due to operational challenges), and stronger IT departments tend to have more opportunities (they are operationally strong and ready to move to the next level).
Often, the business attitude towards IT can help us understand which general category the IT department falls into:
- Operational-type category: The company is not satisfied with the current IT environment. Attitudes may include: spending too much on technology, problems with level of service, not sure the right projects are being pursued, response time isn’t fast enough, quality levels not at par, reactive vs proactive, etc.
- Visionary-type category: IT is doing well, and the company wants a visionary who can help take it to the next level and add value to the business.
Every company is different and most companies include a little of both categories, but the stronger category will influence priorities.
In the overall assessment, we want to gather information about vendors, staff, and costs. We also review network diagrams and documentation, policies and procedures, and compliance requirements (PCI, HIPAA, etc). One visual I like to create during the assessment process (because it typically doesn’t exist) is the flow of information between systems. I also like to meet with department managers to hear their pain points firsthand, as this can provide real insight into problem areas.
This sounds grueling, but it doesn’t need to take an enormous amount of time. We aren’t reading every piece of documentation – we’re simply looking for areas of risk that can help us identify the BEST overall path forward for this particular company. Here are a couple of examples from my experience, just to provide a bit of context:
- Company A had enormous IT costs for the size of the business, due to the number and variety of legacy IT systems in place. As it turns out, their IT direction was set back in the 1980s with the motto “we always buy the Cadillac and then connect it to everything else”. Some of those 1980s systems were still in place, but the connections were expensive, error-prone, and unable to easily talk with today’s web-based systems.
- Company B had small IT costs for the size of the business, but there were several single-points-of-failure that were causing sporadic, corporate-wide problems.
- Company C was satisfied with IT operations and was looking for direction on future projects to ensure the company invests in the BEST technology to meet their anticipated future growth. The pain points identified by department heads really helped us focus in on a few key projects.
The output from the overall assessment is a risk/opportunities spreadsheet that lists all of the possible projects identified during the assessment. Not all of the projects will be implemented, but this list is the starting point.
|Frequent Internet Outages||Short outages occur several times per month, affecting business phones and orders|
|Enhance Customer Ordering||Current ordering web site is cumbersome and error-prone, and cannot handle anticipated growth|
Next step, Risk/Impact Prioritization, will start with this spreadsheet. We’ll cover the next step in the next post.