How to Overcome Resistance to Audits
Many CIOs and their IT organisations shy away from audits because they think they'll be scapegoated if the audit reveals problems or lack of ROI. That's why Michael Barilla, vice president for business information services of Greif, a $US1.6 billion manufacturer of industrial and paper packaging, frequently reminds himself and his IT staff that systems implementations and software deployments are not IT projects, but business projects. So if a project fails, he says, "it's going to fail as a team", and everyone - not just IT - will be accountable.
Gartner's Gomolski concurs. If an audit exposes a shortcoming, she says, that problem shouldn't only reflect on IT, especially if the project was jointly sponsored by the business, IT and finance. "Exposing problems can be a double-edged sword," says Gomolski. "But it's better to be proactive. If you haven't achieved the value you thought you would, figure out what you can do to change that."
Another common concern about PIAs shared by CIOs, IT employees and even businesspeople is that they suck up too much time and require too much toil. But companies that perform PIAs say they shouldn't - and don't - take a lot of time to execute. Honeywell Aerospace aims to spend no more than seven to 10 days conducting an audit, and Sun Life Financial tries to complete PIAs within two weeks.
Furthermore, CIOs who conduct PIAs say the time and resources audits use get recouped on subsequent project implementations. Resistance to audits also often stems from a desire to be rid of a project once the deployment is complete and to move on to the next challenge. The trick is to make it easy for workers to conduct and provide feedback for PIAs. For example, when Sun Life Financial's IT project office needs to solicit feedback on a system from business users, it asks them to fill out an electronic survey, on their own time, that takes no more than 20 minutes to complete. The response rate for those surveys is usually better than 50 per cent and is sometimes close to 100 per cent, says Ed Esposito, director of the project office.
Because Honeywell Aerospace's IT organisation for its Aviation Aftermarket Services unit also has trouble re-engaging business users in a project during an audit, the IT organisation leverages its staffers who have completed training in Six Sigma, a process improvement methodology. Those with Six Sigma training, who are experts in business processes, provide the IT department with the feedback it needs to determine whether a system has streamlined workflows.
Engage the Right People
Who should perform PIAs is a matter of great debate. The most common groups of workers include one or more of the following:
- Members of the project implementation team from IT
- Members of the project implementation team from both IT and the business
- Representatives from a company's internal audit department
At Sun Life Financial, IT's project office leads the PIA process on its own IT and non-IT projects. But it does so in conjunction with the finance department and the company's internal audit department. IT projects are audited from the beginning and on an ongoing basis, rather than at the end of an implementation, which ensures that IT follows sound project methodologies, meets user requirements, stays on budget and implements proper security controls.
Sun Life Financial's approach comes closest to being the best, according to PIA experts. Don Christian, a partner with PricewaterhouseCoopers (PwC), says the PIA team should consist of a businessperson and an IT person who were involved with the implementation, and that it should be led by someone independent, such as an internal auditor who was not part of the project team. Christian says it's better to have a group of people from different functions participate, rather than just an IT team or just internal audit, because they all provide valuable input. The advantage of having members of the IT project team involved is that they're intimately familiar with the benefits, deliverables and requirements of the project. And because they know the project so well, it is easier for them to fully evaluate a project. Having a businessperson on the audit team is important because she can more easily determine if an external factor rather than a systems failure is causing a system to not generate expected value. And an independent auditor is important because he's not afraid to ask tough questions and will prevent the members of the project team who are involved in the audit from softening any findings.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Discover the advantages of an open architecture multi-vendor network solution
How to improve employee productivity in small and medium businesses
Controlling storage costs with Oracle database 11g
Strategies for Eliminating .PST Files
Achieving the impossible: Unlimited application scalability
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Making the Business Case for IT Consolidation
Wireless LANs: Is my enterprise at risk?
- White PaperView this webcast and discover the drivers for changing network design practices, why many organisations are changing their approach to network architecture and how enterprises should be moving forward with open architecture multi-vendor network solutions. Register now and learn how your business can maximize the business value of the enterprise network.
- White PaperJoin industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
- White PaperDiscover how the integration of disparate technologies in your company can lead to greater user productivity, improved management, lower costs, higher efficiency, and easier risk mitigation.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
SOA What? Why You Need SOA Governance Framework 04 December, 2008 08:32:00
Adopting services oriented architecture (SOA) in your enterprise without thinking through IT governance can cause something like the Gold Rush in the 1800s; extreme rates of growth and minimal law and order which produce unexpected outcomes. - +
The Myth of Cloud Computing 04 December, 2008 08:25:00
Why the rapid spread of virtual technology is becoming a security riskWhy the rapid spread of virtual technology is becoming a security risk. - +
Who Pushed Vendors Toward Better Security? 04 December, 2008 09:38:00
Hint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann DavidsonHint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann Davidson. - +
CPO & CISO: A Comprehensive Approach to Information 04 December, 2008 08:42:00
GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets.GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets. - +
Virtually every Windows PC at risk, says Secunia 04 December, 2008 08:00:00
Almost all PCs scanned by patch tool have an unpatched app; 46% have 11-plus.More than 98% of Windows computers harbor at least one unpatched application, and nearly half contain 11 or more programs at risk from attack, a Danish security company said Wednesday.
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 05 December, 2008 13:00:00
International researchers gather in Sydney to preview the clever web 05 December, 2008 09:48:00
Borderless corporate networks to shift focus to secure content management in Australia in 2009 04 December, 2008 16:06:00
IDC Says Asia/Pacific Excluding Japan IT Market Will Remain The Bright Spot... 04 December, 2008 15:04:00
MySpot SOS "Panic Button" Smartphone Application could save lone worker lives 04 December, 2008 13:34:00
|
||
|
||
|
|
||
|
Achieving the impossible: Unlimited application scalability
Learn how provide applications with significantly higher throughput and lower latency for data operations while retaining the appropriate levels of data quality with clustered caching. Read on to improve your application scalability now.
Buying Guides
Latest Products
Buying Guides
