This sample questionnaire evaluates IT management, personnel, contractors, networks, operating systems, applications, change management, data, disaster recovery, operations, third-party services, laptops/workstations, security and spreadsheets.

Sample questions include: Is there an IT strategic plan? Is there a mechanism by which the business community articulates expected events (transactions, new locations, etc.) to IT so that IT can adequately plan? Are IT policies and procedures developed, approved and centrally posted for key IT processes? Are the policies and procedures updated at least annually? Are metrics used to monitor system performance and output?