When CIO Sheila Beauchesne started her new job, she wanted to set goals and win the confidence of her executive colleagues. To do that, she needed to know how her IT costs stacked up against other organizations'. So she called in the IT auditors.

Reader ROI

• The importance of conducting IT audits
• How to conduct an IT audit
• What information to gather
• What information can be difficult to obtain

In December 2003, Sheila Beauchesne left her CIO job at troubled Martha Stewart Living Omnimedia in New York City to become senior vice president and CIO at Bluegreen Corporation, a Florida real estate developer and vacation resort operator. Bluegreen is a growing company that set records for revenue and profits in 2003. (2003 revenue was $US438.5 million, 29 percent higher than 2002; net income was $US25.8 million, 138 percent more than 2002.) With that growth in mind, Beauchesne's new boss, CEO George Donovan, asked her to turn Bluegreen's 60-person IT department into a utility that would provide the company with a robust, fail-safe IT infrastructure. Donovan also wanted Beauchesne to provide applications that would enhance Bluegreen's sales and marketing activities.

Beauchesne, 39, wanted to start strong. But before she could begin thinking about turning Bluegreen IT into a power plant for growth, she needed a clear idea of what the company was spending on technology. She also wanted to know how Bluegreen's IT spending compared to organizations of similar size. The problem was that Bluegreen's IT accounting wasn't detailed enough. She had only a vague idea what IT was really costing her company.

What Beauchesne needed was an IT audit.

"If You Don't Measure It, You Can't Manage It"

Audits are part of a CIO's job as steward of an organization's IT budget, says Susan Dallas, a research director with Gartner. "CIOs are the custodians of probably the biggest part of a corporation's spending right now. If they don't know where all that money is going, they can't manage it and won't have control over it," she says.

IT audits are also a best practice.

CIO (US) approached Beauchesne with the idea of arranging an IT audit for Bluegreen that CIO could report on. Beauchesne agreed, as did Global Information Partners (GIP), a 10-person IT consulting company founded in 2001 and based near Atlanta. GIP performed the Bluegreen audit during February and March, and delivered a final presentation on April 1. The audit took seven weeks and consumed 80 hours of Bluegreen staff time - spent gathering data on staffing, hardware and software costs, and the number of supported users - plus countless more hours for follow-up questions on subjects like help desk operations and the number of full-time equivalent employees (FTEs) devoted to various functions within IT. GIP estimates an audit of this scope would cost a company of Bluegreen's size about $US85,000.

Today, the audit findings are helping Beauchesne decide where to focus her energy. She also now possesses something invaluable to all CIOs: concrete information on where her costs and service levels don't measure up to other companies of similar size. This is data she can use to build better business cases for her projects and to justify additional IT expenditures to her CEO and to CFO John Chiste.

"If I can show my CEO where we're below the benchmark, that's good info for me to have when I want to justify where we may need to change spending patterns," Beauchesne says.