Scope of work IT DD
Download as DOCX, PDF1 like564 views
The document outlines a comprehensive IT due diligence scope of work, including assessments of the IT environment, strategies, operations, assets, security, business continuity, human resources, and audits. It details specific tasks for evaluating various aspects such as internal and external IT services, system management, and key IT security issues. The goal is to identify potential risks and impacts on financial performance.
Scope of work IT DD
- 1. SCOPE OF WORK 1 IT DUE DILIGENCE A) Overall Assessment of the IT Environment 1. High level review of the IS/IT environment, the internal procedures and internal infrastructure; 2. Inquiries with responsible IT personnel and the company’s management; 3. High level review of internal guidelines, policies and procedures; 4. Observation of the Company’s premises and data center; and 5. Identification of the IT issues and classification of their potential financial impact. B) Strategy support 6. High level review of: o IS/IT strategy; o IT budgets and their plausibility (OPEX, CAPEX); o Planned and recently completed changes/upgrades; and o IS/IT contracts. 7. Assessment of the IT services – internal and external. C) IT operations 8. Understanding of the business operations support by the IT function; 9. Evaluation of the scope and adequacy of the IT support; 10. Understanding of the IT systems; 11. System management and control; 12. Internal and external SLAs; and 13. Development, testing and release management. D) IT assets 14. High level review of: o Hardware sufficiency (capability to support business)and monitoring; o Hardware cost and aging; o Software licenses and related costs; and o Network infrastructure – network diagrams. E) System and data security 15. High level review of: o Internal policies, procedures and standards in the systemand data security area; o Security administration and monitoring; o System security (application, database,operating systemand network level); o Data protection standards; and o User management standards. 16. Identification of the key IT security issues and classification of their potential impact. F) Business continuity 17. High level review of: o Business Continuity Plans; o Disaster Recovery Plans; o Backup management o Data centersecurity; and o Data centercapabilities.
- 2. 18. Evaluation of the Disaster recovery capabilities. G) IT HR issues 19. Evaluation of the Company’s IT organization chart; 20. Review of the job descriptions and employment contracts of the IT staff; and 21. Analysis of IT personnel expenses and training costs. H) IT audits 22. Review of the IS/IT audit reports (internal and external); 23. Review of the reports from security assessments;and 24. Identification of the key IT issues and classification of their potential impact.