Before conducting any assessment activities, practitioners should engage with the business planning unit, the enterprise architecture unit or other business stakeholders within the organisation to identify which elements relevant to the planning engagement may have already been assessed. For example, the organisation may have already identified applications and technologies considered to be high risk.
Assessments can be modified to suit specific agency requirements if the criteria assessed are relevant to both the elements being assessed, and the nature of the assessment. Assessments should also be applied consistently across the same elements in a portfolio.
It may not be possible to effectively assess all the elements as part of the planning engagement. The practitioner may need to negotiate the scope of the assessments conducted with the planning sponsor. Recommended options include:
- reduce the scope of assessments conducted (e.g. assess only the business impact and condition)
- reduce the scope elements assessed (it may be sufficient to assess only applications and technologies)
- reduce the scope of elements assessed based on characteristic of that element (e.g. assess only applications and technologies above $X annual cost of operation or assess only applications where the business impact of the service supported is Extreme or High).
The Queensland Government ICT Profiling standard further outlines the minimum requirements for the assessment of information, applications and technology.
Assessments should only be conducted once the practitioner is satisfied all relevant elements have been gathered and documented in the relevant registers including:
- Business service register
- Business process register
- Information assets and services register
- Application assets and services register
- Technology assets and services register.
It’s important to note assessments are not substitutes for formal risk assessments and the results may require further investigation.
Best practice for assessments
Assessments are best conducted using surveys, interviews or workshops with representatives from the business as well as application and information asset experts and support staff.
The assessment of value to the organisation, risk, maintainability and performance are determined through scoring information assets, applications and technologies against criteria related to business impact, future business value and condition.
Using a grid model
Assessments are used to create grid models for planning purposes. Depending on where elements within a layer of an enterprise architecture fall on a grid model, specific strategies and actions can be considered during planning regarding short and longer-term management of those elements.
This provides a consistent set of criteria against which the business can score and compare the business, user, functional or technical aspects of a service, information, application or technology asset or service.