| Q | Question | Answer |
|---|---|---|
| Q1 | How does IT support departments in adopting AI tools or automation? | IT supports limited AI tool adoption with approvals |
| Q2 | How prepared is IT for AI-related cybersecurity risks? | Some controls exist (access, monitoring, policy) |
| Q3 | What is the biggest challenge preventing IT from adopting AI or automation? | Skill gap in AI and modern tools |
| Q4 | How does IT handle employee usage of external AI tools (ChatGPT, Gemini, Copilot, etc.)? | AI tools are blocked completely |
| Q5 | How prepared is IT to manage AI-generated content risks (fake emails, deepfake voice, fraud)? | Some awareness training + controls |
| Q6 | How prepared is IT to prevent prompt injection/data leakage in AI tools? | Some controls (policy + awareness) |
| Q7 | Does IT have controls to restrict AI tools from using company data for training? | Not sure |
| Q8 | How mature is IT’s incident response plan for AI-related issues? | AI-related scenarios included partially |
| Q9 | Does IT have a defined AI roadmap for the next 12–24 months? | Formal AI roadmap aligned with business goals |
| Q10 | How does IT evaluate new AI tools/vendors before adoption? | Structured evaluation with security review |
| Q11 | Does IT have an approved list of AI tools for employees? | Limited approved tools |
| Q12 | How does IT evaluate AI tools for data privacy risks? | No evaluation |
| Q13 | Does IT have policies for using company data in AI tools? | No policy |
| Q14 | How prepared is IT to support AI model deployment (MLOps) if needed? | No capability |
| Q15 | Does IT have an AI governance committee or defined ownership? | No ownership |
| Q16 | How does IT handle vendor lock-in risk for AI tools? | Evaluated during selection |
| Q17 | How ready is IT to support AI copilots across the organization (coding, HR, finance, support)? | Not ready |
| Q18 | What is IT’s long-term ambition for AI usage in the organization? | Use AI only for IT monitoring |
| Q | Question | Answer |
|---|---|---|
| Q19 | What is the current level of IT automation in daily operations? | Almost none (manual work dominates) |
| Q20 | How does IT currently handle repetitive operational tasks (account creation, approvals, reports)? | Manual with some templates |
| Q21 | How mature is IT’s incident management process? | Defined process + automation + predictive alerts |
| Q22 | How does IT support business teams in identifying automation opportunities? | Only when business requests |
| Q23 | How prepared is IT to implement AI-powered IT operations (AIOps)? | Tools + pilot readiness exists |
| Q24 | How mature is your DevOps / CI-CD process (if software is developed in-house)? | Basic deployment process |
| Q25 | How ready is IT to support AI-based automation in internal workflows (ticketing, approvals, HR, finance)? | Limited readiness |
| Q26 | How does IT manage patching and updates? | Regular patch schedule |
| Q | Question | Answer |
|---|---|---|
| Q27 | How organized and accessible is your organization’s data across systems? | Data is scattered, mostly in Excel/manual files |
| Q28 | What is the maturity level of your data governance practices? | Basic rules exist but not enforced |
| Q29 | How well is data quality ensured in business-critical systems (ERP, CRM, HRMS)? | IT supports periodic audits and cleanup |
| Q30 | What is the current status of API availability across key systems (HRMS, ERP, CRM, etc.)? | APIs exist but limited or unstable |
| Q31 | How is unstructured data handled (emails, PDFs, scanned documents, chats)? | Stored but hard to search |
| Q32 | How consistent are data definitions across departments? | Some common terms exist |
| Q33 | How is data lineage handled (tracking where data comes from and how it changes)? | Tracked informally |
| Q34 | How mature is the organization’s master data management (customers, vendors, employees)? | Partial standardization |
| Q35 | How often are data access permissions reviewed and cleaned up? | Only when someone leaves |
| Q36 | Does the organization have a centralized data warehouse or lake? | Planning stage |
| Q37 | How does IT manage data loss prevention (DLP)? | Basic restrictions only |
| Q38 | How mature is metadata management (tags, data labels, ownership)? | Basic tags |
| Q39 | What is the current approach to controlling access to sensitive data? | Basic access controls exist but not reviewed |
| Q40 | How strong is your organization’s backup and disaster recovery readiness? | Backup exists but recovery not tested |
| Q41 | How mature is your organization’s cybersecurity monitoring? | Basic antivirus and firewall only |
| Q42 | How secure is your organization’s endpoint environment (laptops/desktops)? | Basic antivirus only |
| Q43 | How does IT manage cloud security (if cloud is used)? | Basic security settings only |
| Q44 | How mature is IT’s identity and access management (IAM)? | Basic login control |
| Q45 | How does IT ensure compliance with privacy laws and regulations (GDPR, DPDP, ISO)? | Some policies but weak enforcement |
| Q46 | How open is the organization’s IT architecture to AI integration? | Mixed systems, limited integration capability |
| Q47 | How mature is your organization’s cloud adoption? | Partial cloud usage |
| Q48 | How does IT manage data integration between systems? | Some integrations exist but fragile |
| Q49 | How mature is the organization’s data classification (public, internal, confidential)? | Defined classification |
| Q | Question | Answer |
|---|---|---|
| Q50 | How is IT currently contributing to business growth and efficiency? | Mostly reactive support (ticket fixing, device issues) |
| Q51 | How mature is your IT documentation and knowledge base? | Very poor / no documentation |
| Q52 | How does IT handle shadow IT (employees using unapproved apps/tools)? | Track and restrict some apps |
| Q53 | How skilled is the IT team in AI and automation technologies? | Some trained members exist |
| Q54 | How does IT manage change management when new AI tools are introduced? | Training + documentation |
| Q55 | Select the Roles and Responsibilities that are performed by IT department in your organization. |
| Q | Question | Answer |
|---|---|---|
| Q56 | How often does IT evaluate whether current tools/software are still meeting business needs? | Annually |
| Q57 | How does IT measure performance and service quality? | Only ticket count and response time |
| Q58 | How does IT handle capacity planning (storage, bandwidth, compute)? | Basic estimates based on past usage |
| Q59 | How often does IT review the ROI/value of major IT systems? | Rarely |
| Q60 | How are system logs and monitoring data currently used? | Used for troubleshooting |
| Q61 | How well are business-critical systems integrated with reporting dashboards? | Some dashboards exist |