Description

This curriculum spans the technical, organisational, and operational dimensions of a multi-phase systems review, comparable in scope to an internal capability program that supports enterprise-wide modernisation planning across interconnected application portfolios.

Module 1: Defining Scope and Stakeholder Alignment

Selecting which legacy systems to include in the review based on business impact, technical debt, and upcoming project dependencies.
Negotiating access to system documentation and logs when owners are in different departments or external vendors.
Mapping integration touchpoints across departments to identify hidden interdependencies before scoping the review.
Deciding whether to include shadow IT applications based on usage volume and risk exposure.
Establishing thresholds for system criticality using uptime requirements and user count data.
Documenting conflicting stakeholder priorities and creating a weighted scoring model for inclusion in the review.

Module 2: Data Inventory and Dependency Mapping

Using network packet analysis to discover undocumented API calls between systems when metadata is incomplete.
Choosing between manual data flow interviews and automated discovery tools based on system age and access permissions.
Resolving discrepancies between documented data schemas and actual database structures in production environments.
Classifying data sensitivity levels to determine which systems require additional compliance scrutiny.
Identifying redundant data stores that violate single-source-of-truth principles but remain in use due to performance needs.
Deciding whether to map batch job dependencies that run outside business hours but affect daily operations.

Module 3: Technical Debt Assessment and Codebase Evaluation

Running static analysis tools on legacy codebases with outdated syntax and incompatible build environments.
Interpreting cyclomatic complexity metrics in context when third-party libraries dominate the codebase.
Assessing risk of undocumented custom patches applied directly to production binaries.
Determining whether to include configuration files and scripts in technical debt scoring.
Documenting absence of version control for critical components and its implications for change tracking.
Deciding how to weight obsolete frameworks versus poor coding practices in the final assessment score.

Module 4: Integration Architecture and Interface Review

Evaluating whether point-to-point integrations should be refactored into an ESB based on current transaction volume.
Identifying integrations using deprecated protocols like FTP or SOAP without encryption in regulated environments.
Assessing retry logic and error handling in asynchronous messaging systems during network outages.
Documenting lack of idempotency in APIs that cause data duplication during retries.
Measuring latency across integration chains to isolate performance bottlenecks.
Deciding whether to retain middleware adapters that compensate for incompatible data formats.

Module 5: Security and Compliance Posture Analysis

Verifying certificate expiration dates on internal APIs that use self-signed SSL certificates.
Reviewing authentication mechanisms for systems that rely on hardcoded credentials in configuration files.
Assessing audit trail completeness for systems that overwrite logs after 30 days, violating retention policies.
Identifying systems storing personally identifiable information without data masking or encryption at rest.
Mapping access controls to job roles and detecting privilege creep in long-standing user accounts.
Documenting exceptions granted for compliance requirements and their renewal timelines.

Module 6: Performance and Scalability Benchmarking

Designing load tests for batch systems that only run weekly and cannot be interrupted.
Isolating database contention issues from application-level memory leaks during peak usage.
Measuring response time degradation as data volume increases in monolithic applications.
Deciding whether to include third-party service SLAs in end-to-end performance evaluations.
Documenting caching strategies that improve performance but risk serving stale data.
Assessing auto-scaling configurations in cloud-hosted applications during traffic spikes.

Module 7: Change Management and Operational Readiness

Reviewing deployment scripts for hardcoded environment variables that cause promotion failures.
Assessing rollback procedures for systems lacking versioned backups or schema migration scripts.
Identifying single points of knowledge by mapping support responsibilities across shifts and locations.
Evaluating monitoring coverage for critical transactions and defining missing alert thresholds.
Documenting use of manual runbooks that have not been updated after system upgrades.
Verifying backup restoration intervals and testing recovery point objectives for key applications.

Module 8: Roadmap Development and Prioritization

Ranking modernization initiatives using a matrix of business value versus implementation complexity.
Deciding whether to decommission systems with low usage but high maintenance costs.
Allocating budget across security patches, performance fixes, and feature enhancements.
Sequencing integration refactoring to avoid breaking dependent downstream processes.
Defining interim controls for high-risk systems when full remediation is delayed.
Establishing KPIs for measuring success of review outcomes over a 12-month horizon.