<--- Score
45. Is the team adequately staffed with the desired cross-functionality? If not, what additional resources are available to the team?
<--- Score
46. What are the requirements for audit information?
<--- Score
47. Does the scope remain the same?
<--- Score
48. Has the direction changed at all during the course of Information technology security risk assessment? If so, when did it change and why?
<--- Score
49. Is special Information technology security risk assessment user knowledge required?
<--- Score
50. How would you define Information technology security risk assessment leadership?
<--- Score
51. Have the customer needs been translated into specific, measurable requirements? How?
<--- Score
52. Have all of the relationships been defined properly?
<--- Score
53. How do you keep key subject matter experts in the loop?
<--- Score
54. If substitutes have been appointed, have they been briefed on the Information technology security risk assessment goals and received regular communications as to the progress to date?
<--- Score
55. Who are the Information technology security risk assessment improvement team members, including Management Leads and Coaches?
<--- Score
56. What are the Roles and Responsibilities for each team member and its leadership? Where is this documented?
<--- Score
57. Has the improvement team collected the ‘voice of the customer’ (obtained feedback – qualitative and quantitative)?
<--- Score
58. What critical content must be communicated – who, what, when, where, and how?
<--- Score
59. What sort of initial information to gather?
<--- Score
60. Do you have a Information technology security risk assessment success story or case study ready to tell and share?
<--- Score
61. What are the compelling stakeholder reasons for embarking on Information technology security risk assessment?
<--- Score
62. How have you defined all Information technology security risk assessment requirements first?
<--- Score
63. Are accountability and ownership for Information technology security risk assessment clearly defined?
<--- Score
64. What are the Information technology security risk assessment tasks and definitions?
<--- Score
65. Is it clearly defined in and to your organization what you do?
<--- Score
66. What specifically is the problem? Where does it occur? When does it occur? What is its extent?
<--- Score
67. How do you think the partners involved in Information technology security risk assessment would have defined success?
<--- Score
68. What are the record-keeping requirements of Information technology security risk assessment activities?
<--- Score
69. Does the team have regular meetings?
<--- Score
70. Is there a completed, verified, and validated high-level ‘as is’ (not ‘should be’ or ‘could be’) stakeholder process map?
<--- Score
71. What are the dynamics of the communication plan?
<--- Score
72. What is the scope of the Information technology security risk assessment effort?
<--- Score
73. What are the core elements of the Information technology security risk assessment business case?
<--- Score
74. Do the problem and goal statements meet the SMART criteria (specific, measurable, attainable, relevant, and time-bound)?
<--- Score
75. Have all basic functions of Information technology security risk assessment been defined?
<--- Score
76. Is the improvement team aware of the different versions of a process: what they think it is vs. what it actually is vs. what it should be vs. what it could be?
<--- Score
77. Has anyone else (internal or external to the group) attempted to solve this problem or a similar one before? If so, what knowledge can be leveraged from these previous efforts?
<--- Score
78. Do you have organizational privacy requirements?
<--- Score
79. Who approved the Information technology security risk assessment scope?
<--- Score
80. Has a project plan, Gantt chart, or similar been developed/completed?
<--- Score
81. Has a high-level ‘as is’ process map been completed, verified and validated?
<--- Score
82. How do you gather the stories?
<--- Score
83. What is the scope of Information technology security risk assessment?
<--- Score
84. Are there any constraints known that bear on the ability to perform Information technology security risk assessment work? How is the team addressing them?
<--- Score
85. What are (control) requirements for Information technology security risk assessment Information?
<--- Score
86. What sources do you use to gather information for a Information technology security risk assessment study?
<--- Score
87. What intelligence can you gather?
<--- Score
88. What is the worst case scenario?
<--- Score
89. How do you gather requirements?
<--- Score
90. Is there a completed SIPOC representation, describing the Suppliers, Inputs, Process, Outputs, and Customers?
<--- Score
91. Who is gathering information?
<--- Score
92. Is Information technology security risk assessment required?
<--- Score
93. Is Information technology security risk assessment linked to key stakeholder goals and objectives?
<--- Score
94.