Tech Health Assessment Questions | Family Office Technology Audit

🔗 Section 1

Data Integration

Q01

How many different systems or spreadsheets do you currently use to manage investment data?

Count distinct software platforms, spreadsheets, and databases used for investment tracking.

5 or more separate systems

3-4 systems

2 systems

Single integrated system

Q02

What percentage of your investment data is entered manually vs. automatically received from custodians?

Manual entry includes typing data from PDFs, emails, or custodian portals into your system.

80-100% manual

50-79% manual

20-49% manual

Less than 20% manual

Q03

How many hours does it take to consolidate and reconcile data for month-end close?

Include time for data collection, consolidation, reconciliation, and resolving discrepancies.

Hours / Week

Q04

Do you have real-time visibility into your total cash position across all accounts?

Real-time means you can see current cash balances without manual calculation or waiting for reports.

No, requires manual calculation

Updated daily or end-of-day

Updated within a few hours

Real-time with automated updates

Q05

How many custodians and banks have direct API connections to your system?

API connections automatically pull data without manual file uploads or data entry.

None - all manual

1-2 connections

3-5 connections

All custodians connected

⚙️ Section 2

Automation

Q06

What percentage of your team's time is spent on manual or repetitive tasks?

Manual tasks include data entry, file management, email-based workflows, and repetitive processes.

20% or more

12-19%

5-11%

Less than 5%

Q07

How long does it take from month-end to deliver final reports to stakeholders?

Count from month-end close to when reports are distributed to family members or stakeholders.

5-10 business days

2-4 business days

Next business day

Same day or real-time

Q08

How are invoices processed from receipt to payment?

Full automation includes receipt capture, approval routing, payment execution, and reconciliation.

Entirely manual entry and approval

Partially automated (OCR or simple rules)

Mostly automated with exception handling

Fully automated end-to-end

Q09

Which automation tools or platforms do you currently use?

Select all that apply. Score is based on sophistication and coverage.

Q10

How long does it typically take to onboard a new vendor or custodian?

Include time for setup, integration, testing, and first successful transaction.

4+ weeks

2-3 weeks

1 week

2-3 days

Q11

What percentage of your standard workflows are automated end-to-end?

End-to-end automation means no manual intervention required for standard cases.

Less than 20%

21-40%

41-80%

More than 80%

🔒 Section 3

Security

Q12

Is multi-factor authentication (MFA) enabled for all users?

MFA requires users to provide two or more verification factors to access systems.

Not implemented

Privileged users only

All users required

Zero-trust architecture implemented

Q13

When was your last formal cybersecurity audit or penetration test?

Formal audits include penetration testing, vulnerability assessments, or third-party security reviews.

Q14

Do you have a formal, tested incident response plan?

Incident response plans define steps to detect, contain, and recover from security breaches.

No plan exists

Informal procedures only

Documented but not tested

Documented and tested annually

Tested quarterly with automated response

Q15

How do you assess and monitor third-party vendor security?

Vendor security assessments evaluate the security practices of your service providers.

No formal assessment

Basic security questionnaires

Annual compliance reviews (SOC 2, ISO)

Continuous monitoring and risk scoring

Q16

Do you have 24/7 security monitoring in place?

24/7 monitoring means continuous surveillance of systems for security threats and anomalies.

No active monitoring

Basic logging and alerts

24/7 SOC monitoring

AI-powered threat detection and response

📊 Section 4

Reporting

Q17

How long does it take to generate a standard monthly performance report?

Count hours from starting report generation to completion (not including review time).

Hours / Week

Q18

Do family members have access to real-time dashboards?

Real-time means data updates continuously or within minutes of transactions.

No - reports only

Static dashboards (monthly refresh)

Dashboards updated daily

Real-time interactive dashboards

Q19

Can you easily answer ad-hoc questions about portfolio composition or performance?

Ad-hoc questions are unplanned queries not covered by standard reports.

Requires 3-5 days of analysis

1-2 days typically

Within a few hours

Instant via self-service tools

Q20

What analytics or visualization tools do you use?

Advanced tools provide interactive visualizations, drill-down capability, and predictive analytics.

Excel only

Basic BI tool (Tableau, Power BI)

Integrated platform with drill-down

AI-powered analytics and insights

Q21

How many manual steps are required to prepare for your annual audit?

Count distinct manual steps like gathering documents, creating reports, or reconciling data.

Hours / Week

🏗️ Section 5

Infrastructure

Q22

What percentage of your systems are cloud-based vs. on-premise?

Cloud-based systems are hosted by third-party providers (AWS, Azure, Google Cloud, SaaS apps).

0-20% cloud

21-50% cloud

51-90% cloud

91-100% cloud

Q23

How would you rate your disaster recovery and backup capabilities?

RTO (Recovery Time Objective) is how quickly you can restore systems after a failure.

Poor - manual/infrequent backups

Adequate - regular backups, unclear recovery

Strong - tested recovery plan, <24hr RTO

Excellent - geo-redundant, <1hr RTO

Q24

Are your systems integrated via APIs or file-based data exchange?

API integrations are real-time and more reliable than file-based exchanges.

Mostly manual file transfers

Automated file-based exchange

Mix of APIs and files

Primarily API-driven integrations

Q25

How often do you experience system downtime or performance issues?

Downtime includes system outages, slow performance, or service disruptions.

Multiple times per month

Once per month

Once per quarter

Rarely or never

Q26

Do you have a formal IT strategy and modernization roadmap?

IT strategy aligns technology investments with business objectives and growth plans.

No formal strategy

Informal plans only

Documented 12-month roadmap

Strategic 3-year roadmap with executive buy-in

📋 Section 6

Governance

Q27

Do you have documented policies and procedures for all major processes?

Documented policies provide consistency and are essential for audits and compliance.

No documentation

Some processes documented

Comprehensive documentation

Living documentation with regular updates

Q28

Are all major decisions and transactions logged with full audit trails?

Audit trails track who did what, when, and why for accountability and compliance.

Minimal or no logging

Partial logging

Comprehensive audit trails

Real-time audit with analytics

Q29

How frequently is compliance monitoring performed?

Compliance monitoring ensures adherence to regulatory requirements and internal policies.

No formal monitoring

Annual reviews

Quarterly monitoring

Continuous real-time monitoring

Q30

Do you have a formal vendor management and risk assessment process?

Vendor management includes onboarding, risk assessment, performance tracking, and offboarding.

No formal process

Basic spreadsheet tracking

Centralized vendor management system

Automated risk scoring and monitoring