Talk to key employees across different teams for a comprehensive understanding of all your business processes. Focus should be on critical areas of compliance and asset security. To be successful, ensure collaboration between your IT team and key representatives of all relevant business units and departments. Involve employees with extensive domain knowledge wherever possible. Take the time to analyze business processes in each department from a security standpoint. Make sure to document how things are run and understand the true processes. It may take several weeks, depending on the size of your organization, but due diligence in this discovery phase will set you up for more accurate findings.