NORTH CAROLINA STATE UNIVERSITY

INTERNAL AUDIT DEPARTMENT

Information Technology Self-Assessment Tools
Service Level

Self Assessment Work to Perform Yes/ If no, Document Issue How are you going to correct the
No issue?

1. Service Level Assessment Process Responsibility: IT management and IT staff (e.g., IT directors, IT helpdesk
management)
1.1. Service Level Identification
1.1.1. Have all IT services offered by the organization been identified and
communicated throughout the organization?
1.1.2. Is IT service level expectation documented or generally understood
by providers and consumers?
1.1.3. Does service level expectation include service hours, availability,
reliability, and security, reporting and reviewing terms, consequences
(incentives, penalties…?)
1.2. Adequate and Appropriate Service Level
1.2.1. Does IT management ensure that the level of service is adequate
and appropriate and that mechanisms are in place to ensure that
user's current and future requirements are identified and addressed?
1.2.2. Has management established monitoring processes to ensure that
defined responsibilities, standards and performance objectives are
being appropriately met?
1.2.3. Are sufficient IT resources, infrastructure and competencies
available to meet strategic objectives?
1.2.4. Have applications and processing (functional, technical, operational,
and business) requirements been identified?
1.2.5. Do measurement criteria include: availability, reliability, and
performance, capacity for growth, level of support, contingency
planning, security and demand constraints?
1.2.6. Is IT and business users in sync about the value of IT and
appropriateness of the level of services being delivered?
1.2.7. Do business users and system owners generally agree that the level
of service meets requirement for response time, availability, processing

Page 1 of 5
 NORTH CAROLINA STATE UNIVERSITY
INTERNAL AUDIT DEPARTMENT
Information Technology Self-Assessment Tools
Service Level

Self Assessment Work to Perform Yes/ If no, Document Issue How are you going to correct the
No issue?

time, quality?
1.3. Continuous service level assessment
1.3.1. Is there continuous assessment/review being done to ensure
effective and efficient service and to ensure that services continue to
align with business needs?
1.3.2. Is there a process for documenting current work and tasks being
completed in relation to the college and/or department strategic goals?
1.3.3. Is there ongoing assessment of the work/tasks being completed in
relation to the organization strategic goals?
1.4. Strategic IT Resource Distribution
1.4.1. Are IT resources adequately distributed between tactical business
improvement initiatives and day to day firefighting?
1.4.2. Are there sufficient IT resources to accommodate major IT initiatives
in progress or expected over the next 2 years?
1.5. IT Staff review
1.5.1. Do IT support personnel have at least annual performance appraisal
by supervisors?
1.5.2. Is IT staff work plans completed, reviewed and approved by
supervisors?
1.6. IT Staff training and Back Up Personnel
1.6.1. Does management ensure that IT staff is available and capable of
providing needed support and development work?
1.6.2. Are there identified backup person(s) for key IT support staff in the
event of absence?
1.6.3. Is appropriate cross-training provided to designate backup
personnel?
1.7. IT Staff vacations
1.7.1. Has each IT staff gone on vacation over the past 2 years?
Page 2 of 5
 NORTH CAROLINA STATE UNIVERSITY
INTERNAL AUDIT DEPARTMENT
Information Technology Self-Assessment Tools
Service Level

Self Assessment Work to Perform Yes/ If no, Document Issue How are you going to correct the
No issue?

1.8. IT On-call Procedures

1.8.1. Does IT support staff provide after hours, on-call services, and is
there an on-call list?
1.8.2. Are clear on-call procedures documented and published to IT staff
and users, including callback expectations?
1.8.3. Do the IT support staff carry a cell phone for on-call services, and
are business calls paid for by the organization?

Page 3 of 5
 NORTH CAROLINA STATE UNIVERSITY
INTERNAL AUDIT DEPARTMENT
Information Technology Self-Assessment Tools
Service Level

Requirements/Best Practices:

PRR REG 05.50.4 - SPA Employee Performance Appraisal Program

“1. Purpose
North Carolina State University maintains a system by which every university SPA employee participates in a work planning and performance appraisal program. Supervisors and mangers direct this
program while promoting active employee involvement in the process. This program ensures that those SPA employees:
1.1. Are aware of what is expected of them;
1.2. Receive timely feedback about their performance;
1.3. Receive opportunities for education, training and development; and
1.4. Receive rewards in a fair and equitable manner

3. Procedure
It is the responsibility of all supervisors, managers, department heads, directors, deans, and vice chancellors to assure that the policies and procedures of the SPA Employee Performance Appraisal
Program are administered equitably and consistently. The process is administered using the NC State SPA Work Plan and Performance Appraisal Form.

3.1. Supervisor Duties

It is the supervisor's duty to implement each stage of the SPA performance appraisal process and communicate it to employees so that they understand job expectations and the importance of his/her role
in the department.

3.2. Employee Duties

It is the employee's duty to perform job expectations articulated in the work plan. Employees are also expected to seek clarification from supervisors on any portion of the work plan or performance
appraisal process that is unclear or in question. Employees may seek additional information on the performance appraisal process from Human Resources as needed.

5.0 Process
5.2 Managing
Managing consists of the day-to-day tracking of SPA employees' progress toward achieving performance expectations outlined in the work plan, and an Interim Review midway through the performance
cycle. It includes providing on-going feedback to employees through coaching and reinforcing discussions throughout the performance cycle. Such discussions should be held regularly throughout the
performance cycle as well as in response to changes in performance. Managing includes conducting the Interim Review, which should be completed midway through the performance cycle.”

PRR Employee Time Record

“4.4 Record Keeping
B. Exempt Employees
Time records are not required for exempt employees unless they earn additional pay (Holiday Premium or Shift Premium) that month. If compensatory time is being accrued and taken, these hours should
be recorded and maintained in the department for 12 months.”

State Personnel Manual, Leave, Section 5, Page 1 – Vacation Leave

Page 4 of 5
 NORTH CAROLINA STATE UNIVERSITY
INTERNAL AUDIT DEPARTMENT
Information Technology Self-Assessment Tools
Service Level
“Leave Records
It is the responsibility of each agency to maintain leave records for each employee.”

COBIT DS1.4 Service Level Agreements; COBIT DS1.5 Monitoring and Reporting of Service Level Achievements

Define and agree to SLAs for all critical IT services based on customer requirements and IT capabilities…. Consider items such as availability, reliability, performance, capacity for growth, level of support,
contingency planning, security and demand constraints. Continuously monitor specified service level performance criteria.

Page 5 of 5