Align IT Investments With Organization Goals

While some organisation leaders loathe spending on IT, a growing number are already convinced of the necessity of investing in it. Unfortunately, a substantial fraction of those convinced to pursue IT investments are misguided as to which initiatives are really contributory to reaching their organisation’s goals.

In the end, many of their purchases either end up underutilised or become white elephants altogether. There are also those difficult to spot – IT purchases that do become integrated into daily operations but have little effect on the organisation’s growth, positioning, profitability, or efficiency.

If a purchase is to cost your company a fortune, then its positive impact on established company objectives should reflect accordingly. But how would you know it would? You can’t hope to foresee all its benefits especially if the IT solution is still quite new to you.

Our job is not only to identify the strengths of an IT system but also to determine whether these strengths are at all useful to your organisation’s thrusts.

Basically, here’s what we’ll do:

  • Conduct a rigorous analysis of your organisation to determine the specific and overall impact of certain IT solutions. We’ll be looking for areas where the effects of IT can result in the most rapid reduction of costs and, at the same time, drive the organisation in the direction of its established goals.
  • Propose cohesive best-of-breed solutions in line with the results of our analysis. Our familiarity with the IT landscape and our extensive selection of contacts in the industry will allow us to conduct insightful picks from a vast field of choices.
  • Establish best practices to make sure IT investments are optimally utilised.
  • Perform periodic reviews to ensure practices and processes are still in line with the established goals.

Find out how we can increase your efficiency even more:

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Renewable energy – Is it a common man’s cup of tea?
I came across an article on a young graduate in renewable energy engineering. The fellow was doing technical sales and marketing jobs for renewable energy products though he felt that as a graduate, he ought to be doing more than just sales. His, sentiments, I can relate with but again thinking about the field of renewable energy, how many people understand what it is, its importance/ benefits, how to acquire it, its installation, costs etc.? Renewable energy is energy generated from natural resources. The renewable energy sources include sunlight, wind, rain, tides, geothermal heat and various forms of biomass. These sources are renewable naturally and continuously replenished, therefore this energy cannot be exhausted. Renewable energy technologies range from solar power, wind power, hydroelectricity/micro hydro, biomass and bio-fuels for transportation. Back to the aspiring young professional who felt that his place in the renewable energy sector lies in doing strategies and coming up with new products-the advice fronted to him was that doing technical sales is the best job for engineers, as it helps them impact on users of their products. Sales entail interacting with customers and knowing their needs so that the product features can be enhanced to suit the customer?s needs. Now, that is brilliant and accurate advice. It is however important to take into consideration that renewable energy is not a common man?s cup of tea and right now the focus all over the world is to build green economies. To me the need for more and more people to understand the benefits, savings and cost of renewable energy cannot be overemphasised. Effort should be made to keep marketing of renewable energy products/ services simple and conversational by avoiding use of acronyms or jargon explaining about operational details. More impact can be made if a marketing rather than technical sales approach is used. Technical sales have been described as boring (can be used as a sleeping aid), tends to use extensive vocabulary, jargon and acronyms that product users cannot relate with and tends to discuss the products technical aspects as opposed to the benefits to the customer. Fun should be created out of all this by making things simple and demonstrating cost savings and benefits of renewable energy.
Malware

In the past, viruses were created with the sole purpose of wreaking havoc on the infected systems. A large fraction of today’s malware, on the other hand, are designed to generate revenues for the creator. Spyware, botnets, and keyloggers steal information from your system or control it so that someone else can profit. In other words, the motivation for making them is now more attractive than before.

Keyloggers can reveal your usernames, passwords, PIN numbers, and other authentication information to their creators by recording your key strokes. This information can then be used for breaking into various accounts: credit cards, payment programs (like PayPal), online banks, and others. You’re right, keyloggers are among the favourite tools of individuals involved in identity theft.

Much like the viruses of old, most present day malware drain the resources, such as memory and hard disk space, of contaminated systems; sometimes forcing them to crash. They can also degrade network performance and in extreme cases, may even cause a total collapse.

If that’s not daunting enough, imagine an outbreak in your entire organisation. The damage could easily cost your organisation thousands of euros to repair. That’s not even counting yet the value of missed opportunities.

Entry points for malware range from optical disks, flash drives, and of course, the Internet. That means, your doors could be wide open to these attacks at this very moment.

Now, we’re not here to promise total invulnerability, as only an unplugged computer locked up in a vault will ever be totally safe from malware. Instead, this is what we’ll do:

  • Perform an assessment of your computer usage practices and security policies. Software and hardware alone won’t do the trick.
  • Identify weak points as well as poor practices and propose changes wherever necessary. Weak points and poor practices range from the use of perennial passwords and keeping old, unused accounts to poorly configured firewalls.
  • Install malware scanners and firewalls and configure them for maximal protection with minimal effect on network and system performance.
  • Implement regular security patches.
  • Conduct a regular inspection on security policy compliance as well as a review of the policies to see if they are up to date with the latest threats.
  • Keep an audit trail for future use in forensic activities.
  • Establish a risk management system.
  • Apply data encryption where necessary.
  • Implement a backup system to make sure that, in a worst case scenario, archived data is safe.
  • Propose data replication so as to mitigate the after effects of data loss and to ensure your company can proceed with ‘business as usual’.

Once we’ve worked with you to make all these happen, you’ll be able to sleep better.

Other defences we’re capable of putting up include:

How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Ready to work with Denizon?

Contact Us Today