ITPI Controls Benchmarking Survey

Instructions

Confidentiality

 

 

 

Instructions and FAQ

If you have any difficulty logging in or completing the electronic survey, please contact survey@itpi.org.

1) The survey consists of 11 sections:

  • Organizational questions
  • Access rights management
  • Separation of Duties
  • Unauthorized access detection
  • Problem management
  • Change management
  • Configuration and patch management
  • Release management and testing
  • Service level agreement and monitoring
  • Security

2) Each section is divided into two columns. Most questions in the left column are straightforward yes/no questions. Please answer all of the questions in the left column, and as many questions as you can on the right (especially those marked "Please answer". Remember, the more questions answered results in better benchmarking of your firm, especially from the general benchmarking section.

3) Click the “Save responses” button at the bottom of each page to move on to the next section. The main survey page will let you know how many questions from each section remain to be completed.

4) You may logout and return to the survey at any time.

5) As a security measure, contact information (e.g. your name, company name, e-mail addresses) is stored separately from the survey response data.

Frequently Asked Questions

Enclosed are some of the questions that we have received from people taking the survey, with their corresponding answers:

Q: How long does it take to fill out the survey?

A: It can take less than one hour, if your organization is managing its operations using the metrics we are asking for. If gathering these metrics form others in the organization, it will take longer to complete. If it is likely that you will need to collect information, and we suggest scheduling two 1 hour blocks of time to complete the survey.

Q: How do I compute the business revenue component?

A: Ideally, the IT organization taking the VEESC survey is solely responsible for supporting an entire line of business that has easily measured revenue and budget numbers. For example, if the business unit is a trading operation or a telecommunications carrier, this IT organization is responsible for all IT services that support that line of business. If you support your entire organization, please report the revenue number for the entire organization.

Q: How would we answer if we are a centralized IT organization in a decentralized business with multiple business units? Ie holding company, multiple subsidiaries etc.

A: The easy case is if the IT organization being surveyed is a decentralized IT center supporting a single line of business. In that case, survey only the IT staff supporting that line of business.

If the IT organization being surveyed is the centralized IT organization that cannot be mapped to any line of revenue, insert the revenue number for the entire organization. Also complete any other questions from the perspective of the entire organization.

Q: What if our organization is a non-profit or part of the armed forces?

A: In this case, fill in “non-profit” or “armed forces” in the revenue number.

Q: When measuring cost and headcount, should I include any outsourced operations and staff?

A: Yes, because your organization is paying for these services. (In some ways, we anticipate that in outsourced scenarios, it should be easier to get some of the metrics, since many of the numbers can be obtained from the outsourcer account manager.)