Looks like I am in a focused drive of differentiating between confused terms – here is another one that I have been prompted to write about:
How do we differentiate Assessment and Audit?
Add the term ‘gap-analysis’ on to that, you take the confusion further!
As always, let us look at the typical definitions of the terms (all definitions gathered through google search from different sources)?
Audit: a few definitions that will help us differentiate this from ‘Assessment’:
- ‘Examine carefully for accuracy with the intent of verification’
- ‘A systematic, independent and documented process for obtaining evidence.’
From these definitions, it is clear that ‘audit’ is a verification against some thing – or gathering evidence of adherence/compliance to some thing: That some thing can be a global/regional/local standard, regulatory requirements, financial policies, internal management systems – policies/processes/procedure.
And yes- there are many other definitions that google threw in, which further mixes up the two terms like:
- “The most general definition of an audit is an evaluation of a person, organization, system, process, project or product. Audits are performed to ascertain the validity and reliability of information, and also provide an assessment of a system’s internal control.”(Source: Wikipedia) – The word assessment here , is just a representation of the usage of these two terms in an overlapping manner.
Now, let us look at Assessment:
- The act of assessing or an amount (of tax, levy or duty etc) assessed; An appraisal or evaluation
- Assessment is the process of gathering information to make decisions
Assessment is NOT verifying some thing against a set standard/policy/process. It is gathering data, quantifying and evaluating those to come up withe a clear understanding on – capability, maturity, quality, value etc of the object (people, process, technology, organization) that is being assessed ; and yes, this understanding helps greatly in decision making and moving forward.
Gap Analysis:
- a tool enabling an organization to compare its actual performance with its potential performance. At its core are two questions: “Where are we?” and “Where do we want to be?”
- The difference between what is needed and what is available. The difference between ‘where you are’ and ‘where you want to be’.
a. Assessment vs Audit:
Some real life examples where there is some amount of in-built clarity between Audit and Assessment:
- A student is assessed (and not ‘audited’!!) through his/her final exam- theory and practical, based on he is promoted to the next grade.
- A real estate property is assessed (again, not audited!) for its current market value – based on many factors like location, market demand etc – and that value will drive decisions in terms of selling price, tax etc.
Now,
- The student may be audited for evidences of him adhiring to the exam rules and regulations (and to ensure there are no evidence of cheating
) - The property and its owner could be audited to ensure they are adhering/complying to the regulatory, tax,legal requirements etc.
Assessments are usually intended for decision making and/or setting directions (forward looking); where as audits are intended at verification/assurance (looking back).
b. Assessment vs Gap Analysis:
For me – Gap analysis is different from Assessment - in the fact that always compares the object against some set level/goal/target (that could be a desired performance level or a standard/compliance requirement), where assessment need not be against some thing.
Or let us summarize this way:
- Both Gap analysis and Assessment evaluates the answer to the question – ‘Where are we?’ - but in case of Gap analysis – it is always against ‘where we want to be’
Both Assessments and Gap analysis are usually intended for decision making and/or setting directions (forward looking), unlike Audits.
c. Gap Analysis vs Audit:
They both are similar – in that both checks the object against some thing ( as discussed above).
But they are very much different too- in that Gap analysis is usually forward looking; for setting direction, planning etc and Audit is on hindsight, focusing on verification, evidences etc for certification/assurance.
I would like to elaborate a little further on how to make use of these concepts in one initiative. Will do in another blog soon.
Any further views and discussions on these are welcome…
February 9, 2009 at 4:52 pm
Hi Vinod,
Once again,this is very nice article and lot of people like us will benefit from your analysis (I hope this is right word to use here
). I believe this is the one area (audit vs assessment) where people are more confused and using it without knowing the real difference.
Thanks
Raj
February 16, 2009 at 1:13 pm
Good article Vinod.
This is a common scenario that is seen in various organizations, specially when you are going in for an assessment and people on the other side are feared that they are going to be answerable for the findings. Very true as your statements says that in an assessment nobody is going to be answereable for the control weaknesses, but is a good exercise to see where they stand and what are the areas of imporvement.
Regards
Vinod
February 18, 2009 at 11:11 am
“a focused drive of differentiating between confused terms” – much needed! Keep it up!
Some small considerations to add to the mix:
An audit generally has just a few outcomes: pass/pass with warnings/fail with exceptions. This is a natural consequence of, as you say, verification against some specified requirements. But not against business value requirements.
Your distinction between assessment and gap analysis is useful – I think many people use assessment in the same sense as gap analysis (ever been through an “ITIL Assessment”?
)
One aspect that may help differentiate the terms is how much the approaches compare to desired goals – e.g. customer satisfaction, cost efficiency, ROI. An “assessment” often compares the current situation against goals, rather than a policy or standard. (An assessment has to have SOME frame of reference, after all.)
In essence an audit says “you have to do it THIS way; are you?” A gap analysis says “against this way of doing it, how are you doing?” An assessment (as I see it, not necessarily as it’s commonly used) says “you have to achieve X; I don’t care HOW you do it; how well are you doing?”
March 1, 2009 at 3:15 pm
Just passing by.Btw, you website have great content!
_________________________________
Making Money $150 An Hour
March 11, 2009 at 2:14 pm
thx for article that help clear immidiately while i’m on itil class while talking about CSI Method.
April 15, 2009 at 8:00 pm
After reading this article, I just feel that I really need more information on the topic. Can you share some resources ?
April 24, 2009 at 9:29 am
This blog has very good content. Can you add a topic on ITSM configuration management and CMDB
September 4, 2009 at 4:13 am
Excellent site, keep up the good work