In an announced vulnerability assessment, the attempt to compromise the target systems is done with full cooperation and prior knowledge of the target IT staff. The VA tester could possibly discuss prioritizing specific systems for compromise with the IT staff. In an unannounced vulnerability assessment, the vulnerability assessment team gives no prior intimation to the target staff. It's kind of a surprise test with the intent of examining the security preparedness and responsiveness of the target organization. Only the higher management is kept informed about the tests.