Scope of work IT DD
Download as DOCX, PDF1 like5,431 views
The document outlines a comprehensive scope of IT due diligence, detailing assessments in areas such as the IT environment, strategy support, operations, assets, security, business continuity, HR issues, and audits. Each section involves high-level reviews and evaluations, including inquiries with personnel and management, assessments of budgets and IT services, and identification of key issues. The aim is to categorize potential impacts and establish a thorough understanding of the company's IT infrastructure and processes.
Scope of work IT DD
- 1. SCOPE OF WORK 1 IT DUE DILIGENCE A) Overall Assessment of the IT Environment 1. High level review of the IS/IT environment, the internal procedures and internal infrastructure; 2. Inquiries with responsible IT personnel and the company’s management; 3. High level review of internal guidelines, policies and procedures; 4. Observation of the Company’s premises and data center; and 5. Identification of the IT issues and classification of their potential financial impact. B) Strategy support 6. High level review of: o IS/IT strategy; o IT budgets and their plausibility (OPEX, CAPEX); o Planned and recently completed changes/upgrades; and o IS/IT contracts. 7. Assessment of the IT services – internal and external. C) IT operations 8. Understanding of the business operations support by the IT function; 9. Evaluation of the scope and adequacy of the IT support; 10. Understanding of the IT systems; 11. System management and control; 12. Internal and external SLAs; and 13. Development, testing and release management. D) IT assets 14. High level review of: o Hardware sufficiency (capability to support business)and monitoring; o Hardware cost and aging; o Software licenses and related costs; and o Network infrastructure – network diagrams. E) System and data security 15. High level review of: o Internal policies, procedures and standards in the systemand data security area; o Security administration and monitoring; o System security (application, database,operating systemand network level); o Data protection standards; and o User management standards. 16. Identification of the key IT security issues and classification of their potential impact. F) Business continuity 17. High level review of: o Business Continuity Plans; o Disaster Recovery Plans; o Backup management o Data centersecurity; and o Data centercapabilities.
- 2. 18. Evaluation of the Disaster recovery capabilities. G) IT HR issues 19. Evaluation of the Company’s IT organization chart; 20. Review of the job descriptions and employment contracts of the IT staff; and 21. Analysis of IT personnel expenses and training costs. H) IT audits 22. Review of the IS/IT audit reports (internal and external); 23. Review of the reports from security assessments;and 24. Identification of the key IT issues and classification of their potential impact.