Year-end IT architecture review: questions for planning 2023
A set of concrete questions that help assess the current state of a company's IT architecture and set the right priorities for the coming year.
The end of the year is when leaders have slightly more room for strategic questions. Not operational noise, but a look backward and forward. What worked, what accumulated unnoticed, what needs to change next year.
I have put together a set of questions I use in conversations with clients at the end of each year. They help surface hidden problems and articulate real priorities - not declarative ones, but the ones that genuinely affect the company's operational resilience.
This is not a comprehensive audit. It is a tool for a conversation with your team.
Infrastructure and reliability
I start with fundamentals, because they are most often neglected in favour of new features.
Which systems were unavailable or unstable during 2022? What did this cost in real money or lost time? If the answer to the second question is unknown - that is itself a problem. You cannot manage reliability without measuring it.
Do you have a concrete understanding of what happens if a key system fails tomorrow? Not an abstract "we have backups" but a specific plan: who does what, in how much time, following which instructions.
Are your critical vendor relationships covered long-term? Are any key licences or contracts expiring in 2023?
Data and analytics
Can leaders get the data they need for decisions independently, or does every question require a request to an analyst or developer?
Do you have a single source of truth for key business metrics? Or do different reports show different numbers, with the team spending time figuring out which version is "correct"?
What happens to data when a key employee leaves? Data that lives only in someone's head or personal files is an operational risk.
Security
What changed in your security posture during 2022 - deliberately? If the answer is "nothing" - that is a warning signal, because the threat landscape changed even if you did not.
Did you have any security-related incidents in 2022? If yes - what conclusions were drawn? If no - how do you know?
Team and dependencies
Are there components in your IT infrastructure maintained by a single person - whose departure would create a serious problem? This is called bus factor, and it is worth knowing explicitly.
How well are critical systems documented? "Documented" means: a new person can get to grips with it without the help of the current owner.
How to use these questions
I recommend not answering them alone. Bring in your technical lead, CTO, or key developer and go through the list together. It is often in conversation that things surface which everyone knew individually but nobody had articulated out loud.
The output is not a task list for fixing everything at once. The output is three to five priorities that will realistically make it into the plan for 2023.