CRMR Overview

Computer & Information Technology Resource Utilization


Organization

    • Identify overall organization with chart and job descriptions;
    • Identify key departmental and ‘power users’ of system resources;
    • Identify senior IT managers and determine respective job functions;
    • Determine size, skill level and organizational distribution of IT staff;
    • Identify linkages between staff and business, operations counterparts;
    • Identify location of IT departments;
    • Analyze product/service support structure and identify key personnel;
    • Identify succession planning for key department personnel.

Training

    • Ongoing Professional Development within IT organization;
    • User facility training and continuing development;
    • Application based training and development;
    • Enhancement request preparation and presentation training and development.

Infrastructure

    • Compile hardware inventory;
    • Document and analyze network infrastructure and topology;
    • Document and analyze telecommunications/communications infrastructure and topology (voice & video, fax, data);
    • Document and analyze data center(s) infrastructure and support;
    • Document external data links to computing resources;
    • Document Internet based access, infrastructure and control;
    • Identify customer support/contact/integration by means of Internet web interfaces.

Systems

    • Compile manifest of operating systems, databases, languages  and development platforms;
    • Compile manifest of deployed application systems, determine level of integration and supporting entity;
    • Review and analyze excerpts of internally developed code and assess compliance to best practices in documentation, procedures, testing and deployment;
    • Evaluate company's web site for customer experience, interface design, usability and performance;
    • Conduct surveys and/or interviews with internal and external users of IT services to determine level of satisfaction.

Project Control – Development and Change

    • Concept Definition and Budgeting;
    • Change control methodology
    • Project Initiation,
    • Feasibility,
    • Design,
    • Development & Implementation,
    • Operations & Maintenance,
    • Post Implementation Review;
    • Resource allocation and prioritization.

Budget

    • Review budget and authorization for expenditure (AFE) process;
    • Review and analyze current budget allocations;
    • Compare budget to current consumption;
    • Review consulting and/or outsourcing contracts;
    • Identify any excess capacity, redundant resources and their potential uses;
    • Review IT projects and milestone progress reports for ongoing projects.

 

Business Relationships


Business Partners

    • Identify Business Partner agreements and tenure;
    • Identify any fiduciary responsibilities between Business Partners;
    • Identify records organization, retention and disposal procedures;
    • Identify transaction and data interchange between Business Partners;
    • Determine effective use of IT resources in ongoing business transaction processing.

Vendors

    • Identify Vendors and agreements;
    • Identify transaction and data interchange between Vendors;
    • Determine the effective use of IT resources in ongoing business transaction processing.

 

Initiatives and Planning


Corporate Business Growth and Development Plans

    • Identify short term growth demands on IT resources (6 to 12 months);
    • Identify mid-term growth demands on IT resources (13  to 36 months);
    • Identify long term growth demands on IT resources (36 to 60 months).

Planned systems

    • Review development projects currently underway; 
    • Determine timeliness, viability, staffing and cost of each;
    • Review development and implementation plans, project control and implementation planning;
    • Review pending proposals to ensure requirements and specifications are well documented.

Existing Systems

    • Review capacity planning and support for hardware and software systems;
    • Identify future migration and strategic plans for hardware, operating systems and other infrastructure;
    • Identify growth and expansion plans for infrastructure.

Budget

    • Review and compare proposed budget with analysis of current budget;
    • Review current and planned capital budget requirements;
    • Evaluate opportunities for cost savings such as data center, server, project consolidation;
    • Ensure the inclusion of required future support and service contracts.

 

 

Risk Profile

 

Business Continuity

    • Review data backup/recover practices;
    • Determine whether practices are well documented, implemented and tested;
    • Review disaster recovery plan and identify potential vulnerabilities or omissions;
    • Examine relationships with third-party vendors to identify potential sources of risk in case of catastrophe.

Data Security

    • Analyze data security measures and determine vulnerabilities:
    • Network security measures;
    • Database security measures;
    • Platform security measures;
    • Application security measures;
    • Employee permissions, password policies;
    • Physical access to critical assets.
    • Analyze change management policies and procedures.

Personnel

    • Determine key resources which must be retained;
    • Determine vulnerabilities to attack by displaced personnel.

Regulatory and Compliance

    • Identify applicable regulatory oversight as applicable to the business;
    • Determine broad measure of compliance with applicable regulatory statutes (E.g. Sarbanes-Oxley)