I've scoped and delivered a lot of ITSM maturity assessments over the past 25 years. The ones that produce actionable outcomes — that actually lead to change — are almost always distinguished not by the assessment methodology, but by the clarity the client brought into the engagement before it started.
The ones that produce beautiful slide decks that sit in SharePoint? Those usually had one or more of the following gaps at the outset. These five questions are the ones I use at the beginning of every scoping conversation. Reading through them is, in many ways, the start of the assessment.
1. What business outcome are we trying to enable?
Not "what do we want IT to improve" — but what specific business outcome does this assessment need to support? Is the organization entering a period of rapid growth that IT needs to scale to support? Is there a cost reduction mandate that requires demonstrating efficiency? Is a merger or acquisition on the horizon?
A bad answer: "We want to improve our ITSM maturity." This is a means, not an outcome. It tells you nothing about what success looks like for the business.
A good answer: "We're planning to double headcount over the next 18 months, and our current support model won't scale. We need to understand where the breaking points are and how to address them before growth accelerates."
When you know the business outcome, you can scope the assessment to answer the right questions instead of conducting a comprehensive audit of everything.
2. Which processes have the highest pain-to-visibility gap?
Every IT organization has processes that are broken but nobody is measuring — and processes that look good on a dashboard but frustrate employees daily. The pain-to-visibility gap is the distance between where the actual friction is and where leadership thinks the problems are.
A bad answer: "We want to assess all eleven core ITSM processes." This approach treats every process as equally important, which they never are.
A good answer: "Change management is creating significant risk — we've had three major incidents in the past six months tied to poorly governed changes. And knowledge management is invisible to leadership but employees tell us it's their biggest frustration. Those two are where we need the most clarity."
A well-scoped assessment concentrates depth where the stakes are highest. Breadth has its place, but not at the expense of insight on the processes that matter most.
3. Who owns the findings after the assessment ends?
This is the question that most organizations don't ask — and the reason most assessment findings gather dust. If there is no identified owner who is accountable for acting on the roadmap, the assessment produces a document, not a transformation.
An ITSM assessment without a defined findings owner is a research project. A defined findings owner turns it into the beginning of a program.
A bad answer: "The IT leadership team will review the findings together." Collective ownership is diffuse ownership.
A good answer: "Our VP of IT Operations will own the roadmap, with a steering committee that includes the CIO and two business unit leaders. We're committing to a 90-day post-assessment review cadence."
4. Are we assessing the process or the platform?
These are different questions that require different approaches, and conflating them is a common source of scope confusion. A process assessment evaluates how work actually flows — the handoffs, decision points, role clarity, and governance. A platform assessment evaluates whether the tool is configured, adopted, and governed correctly.
You can have a mature process running on a poorly configured platform. You can also have a well-configured platform with a broken process underneath it. The most valuable assessments look at both — but you need to know which lens you're starting with and why.
A bad answer: "We just implemented a new platform, so we want to assess how it's going." This frames the assessment around the platform investment, which biases the findings toward justifying the investment rather than identifying the real gaps.
5. What does "done" look like to the CIO?
This is the most direct question and often the most revealing. When the assessment is complete and the readout has been delivered — what decision or action does the CIO need to be able to take that they can't take today?
A bad answer: "We want a comprehensive picture of where we stand." Comprehensive pictures without decision clarity produce comprehensive decks that don't drive action.
A good answer: "I need to be able to walk into a board conversation and defend a $3M investment in service transformation with a prioritized roadmap and a clear case for where we'll see return. The assessment needs to give me that."
When the CIO can articulate the decision they need to make, every element of the assessment — scope, methodology, deliverables, readout format — can be designed to serve that decision.
If you're in the early stages of scoping an ITSM assessment and want to pressure-test the approach, these five questions are a good starting point for that conversation. If you're not sure how to answer some of them — that's actually the most useful place to start.