SmartAdvice: Five Main IT Categories To Evaluate In Companies You Might Buy
There are some basic IT functions, from tech plans to an inventory of products, to consider when your company is deciding whether to buy another, The Advisory Council says. Also, weigh the cost of backing information up against the cost of lost business in deciding on a data backup plan; and look at your company's software-development processes when deciding whether to move immediately to the new CMMI.
Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to email@example.com
Question A: What criteria should be included in the due-diligence assessment of IT at an acquisition candidate?
Our advice: The objectives of any due-diligence assessment of IT are fivefold:
Understand the acquired company's current technology status, including organization, hardware, systems software, applications software, and level of automation.
Identify any issues related to the acquired company's ability to maintain its current technology and to meet its business plan.
Assess financial implications of the acquired company's technology plans.
Identify opportunities for leveraging the technologies of the acquired company's operations.
Identify immediate transition initiatives necessary to accomplish a successful merger of the acquired company's technologies.
In performing a due-diligence assessment of the IT department, an active template is a useful guide in the discovery process. This template should begin with an overview of the IT department. What's the structure of the IT organization? What staff comprises the organization? Is staffing adequate or inadequate? Is there an up-to-date strategic technology plan? What's the current fiscal year budget and previous year's actual expenses? Are results of any recent systems audits available? What's the book value, depreciation, or lease and maintenance schedule for all IT assets? Does the firm have an up-to-date technology asset inventory?
Next, examine the data center and any networks that are in place. What are the locations of the data center(s)? What are the host computer(s), their make, model, and configuration? What's the host communications network like, including all communications processor(s), communications software, etc.? Is there statistical information available on uptime or reliability reports for the past 12 months and incident reporting or incident resolution for past 12 months? Concerning the communication network, what types of circuits are installed? What's the topology of the local-area network by location?
In the area of application software development, if such development is done at the company, obtain a list describing the programming development environment (by each system in place). See that the list includes all programming languages and development tools used and outlines the type of change-management or version controls in place. Are any current system enhancements in progress or are there any planned system enhancements?
What's the state of documentation at the company? Is it ongoing or only by exception? Is there documentation on systems policies and procedures? Are operations policies and procedures in place for all major functional areas? Is there application-development documentation in place? Does it cover current standards and policies, project-management methodologies, documentation development, and ongoing support? Is there documentation covering training procedures?
Concerning any services provided by outside vendors, there should be a description of each service contracted for, its annual cost, contract terms, and remaining time on the contract. Obtain a copy of each contract and check for its associated service-level agreements. What are the mission-critical information systems supported by the outside vendors? What are the service providers' information-security policies? Are there reports or measurement tools for monitoring vendor performance? How adequate are the contingency plans of all vendors providing outside services? Has management ensured that the institution's contingency and business-resumption plans are compatible with and complement the service providers? Are any of these service providers located in a foreign country?
Finally, taking a look at the desktop and laptop environment, can the firm provide an inventory of all desktop and laptop hardware deployed? Is there an inventory of all installed software packages on each piece of hardware? Does custom software reside on the desktop or laptops? If so, is there an inventory of the custom developed software?
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.