Each assessment contains a baseline of the current environment, a comparison against industry standards, as well as a detailed analysis of any Strengths, Weaknesses, Opportunities & Threats (SWOT Analysis). The type of Audit or Assessment selected should be a function of exposure to risk. If the risk exposure is unknown, then starting with an overall Risk Assessment would be recommended.
- Application Portfolio
- Business Continuity
- Business Development
- Database Structure/Content/Maintenance
- Digital Media Assets
- Disaster Recovery
- Information Systems
- Infrastructure/Network – voice/data
- Organizational Structure/Staffing
- Vendor Management
In 2014 the Rubics Cube will be 40 years old & IMS will be enjoying its 25th year in business. Rubics Cubes come 5×5’s with 125 moving pieces, 4×4’s with 64 moving pieces and 3×3’s with 27 moving pieces. An interesting metric re: the smallest Rubics Cube (the 3×3 with only 27 moving pieces) is that there are 43 quintillion or 43,000,000,000,000,000,000 possible ways to combine the pieces; if you made one move a second it would take over one trillion years to go thru all possible combinations. That’s about 100 times the age of our universe!
What does this all have to do with ASSESSMENTS &/or AUDITS? Most organizations will have more than 27 moving pieces (structure, personnel, operations internal & external, policies, procedures, infrastructure, budgets, etc). This means that the optimal combination of those for your area of responsibility is one in 43+ quintillion. Using the standard IMS approach (SWOT analysis base-lining and evaluating the “what is”) will yield enough insights to enable us to efficiently benchmark and establish (with a Business Case approach) the viable alternatives to introduce either process improvements or lower costs. These changes often require the introduction of 40-50 specific alterations that can be accomplished in a reasonable time frame (longer ~5 seconds – the current world record solution – but less than a trillion years – most, realistically can be completed within a 10 – 90 day time period).
* Establish Assessment/Audit Objectives
* Review all relevant documents
* Interview stakeholders
* Review all controls for applicability, appropriateness & thoroughness (robustness)
* Document & review findings with Stakeholders
* Conduct SWOT Analysis
* Review analysis & recommendations with Stakeholders