Archives
Readership Profile    |    AD Rates   |    Feedback
 
 
 
Current Issue
 
Outsourcing
Bi-Monthly
Issue: May-Jun 2007
  PERSPECTIVE
 
   
 

Aligning IT for Business Objectives
By Priti Sikdar

Corporate vision and strategies are evolving at an extremely fast pace. CIOs are continuously striving to align with corporate business strategies and culture. Globalisation of business in the age of Internet has triggered business dynamics such as mergers & acquisitions, cutthroat competition, and changing markets.
The role of Information Technology has become more prominent in terms of a business enabler and driver and has invaded the corporate boardrooms in impacting corporate visions, missions, directions and strategies. CIOs have realised the significance of IT in optimising business opportunities and attainment of business goals to keep one pace ahead in competition.
Effective use of IT can transform enterprises and lead to more enhanced and sustainable stakeholder value. In the alternative a bad decision in IT can lead to competitive disadvantage, erosion in stakeholder value and increase in financial and reporting risks. Continuous improvement is the keynote since information technology changes by the second.

Maintaining the balance
Business management and IT governance are synonymous in the sense that each one has to have information about another to arrive at the exact blend suiting the enterprise. IT management within the enterprise should have insight to the business need for IT in order to suggest, develop and implement strategic systems to support attainment of business objectives. Knowledge of business requirements and the business environment precludes all planning towards setting up of the IT infrastructure.
All existing systems and capacity planning for new systems in terms of infrastructure, computing environment, security constraints should fulfill short term and long term business strategies. It should help organisation to achieve process improvement, give security in management of proprietary information as well as utilize resources in a manner that leads to economy and gives the organization a competitive advantage over others in competition.

Change Management
In order to meet changing situations, changes in business requirements and living in a dynamically changing technological environment, IT has to have vision, agility and perfect knowledge of solutions to provide solutions befitting the requirement.
Security itself is a commodity in today's environment and regular assessment of risk is necessary keeping in view the trends in business and technology, risk appetite of the organisation and mapping it with resource availability and expertise. IT alignment is never an end, it is a journey and adaptability is the key feature of a good IT governance system.
Allocation of IT resources amidst the IT profile and mapping it with security requirements is possible only when an IT infrastructure is defined as per type of business profile and supported by IT Security Policy document signed by the top management which not only signifies their commitment but also ensures that security procedures would be implemented across the organisation.

Operational demands
Other impacts on IT is the demand for 24x7x365 operations, Service Level Agreements (SLAs), support for telecommuting and mobile workers and various forms of outsourcing. Each of these changes could change the way IT operates and requires a mindset to control on an ongoing basis. Designed to prevent incidents and to ensure perpetual availability of systems is critical for such systems.
Another critical case would be the organisational trend towards cross selling. This could have major impacts on the IT enterprise architecture. Many "old line" firms have built a common corporate infrastructure but have left the application architectures to each of the lines of business. This approach is not conducive to cross selling.
Meanwhile the "new economy" companies are building integrated databases and architectures that will enable them to gain a competitive advantage. In such cases need for IT alignment with business is more pronounced.

Compliance integrity
Compliance is all about demonstrating enterprise integrity. With the passing of Sarbanes Oxley legislation, the integrity of the computing infrastructure is now playing a large and important compliance role. Companies that embrace compliance as an opportunity to strengthen IT and business operations will reap significant business benefits. At the crux of this Compliance initiative the following factors play a pivotal role:
• Collaboration between IT, and the financial and auditing staff; implementing tools that are flexible enough to work in complex environments with intricate reporting requirements;
• Minimizing the cost of performing compliance activities.
• Emergence of compliance-related technology, including security improvements, problem resolution and problem prevention.
This brings the issue of process controls into board-room discussions. Since every business process related to financial reporting is supported by IT infrastructure, it brings the issue of on-going process controls into the datacenter. Determining whether process controls ensure the integrity of an enterprise's financial flows requires a focused view across multiple business applications and databases and an understanding of how IT staff uses and manages those computing resources.

Role of COBIT
Control Objectives for IT (COBIT) is a full fledged bible on IT control framework and implementation guidelines and many organisations have adopted best practices provided by COBIT.
IT practitioners strive to deliver the ideal compliance scenario by implementing best practices especially in change management as laid down in COBIT. Change management is one of the foundations of sound IT operations. Without a sound change tracking process in place, it is quite impossible to know with certainty the actual state of the infrastructure.
This makes it extremely difficult to troubleshoot problems, perform cost effective upgrades, allocate capacity, and document compliance to corporate policies. In spite of the benefits, justifying comprehensive configuration and change management solutions has been difficult.
Most enterprises have several different tools to distribute and manage infrastructure changes, including system utilities, patch management tools, software distribution tools, service desk solutions, and project planning tools.
The integrity of enterprise change management processes hinge on IT's ability to correlate every infrastructure alteration to planned changes and problem tickets. If all actual infrastructure changes can be validated then IT has proven the robustness of its change management process.

Enterprise vulnerabilities and loopholes
While much attention has been paid to perimeter defenses and access controls to secure enterprise systems, a large number of system vulnerabilities are caused by operational issues. Weaknesses in process controls undermine the efforts of security and operations managers to eliminate security vulnerabilities. For example, administrators in an attempt to provide infrastructure availability or performance goals may effect configuration changes that violate a newly minted security policy. Without an independent policy audit the vulnerability will not be recognised until after a weakness is maliciously exploited.
Another common scenario occurs when the latest security patches are not reaching all systems. Accurate inventory and change tracking is the only way to verify that changes were made. The only successful security policies are ones that operations teams can audit.

Role of higher management
Top management initiative for IT within the organisation is of paramount importance considering that it gives strength and credibility to the efforts of IT in aligning with business objectives as well as soliciting co-operation of individual user management for implementation of new systems or changes in existing systems as the case may be. Board's role in IT alignment can be executed through the following practices.
• Aligning IT strategy with business alignment
• Ensuring IT has expertise to deliver by setting criteria for experience and performance measurement
• Balancing IT investments based on R.O.I.
• Proper resource allocation for funding of IT initiatives.
• Continuous monitoring and retuning on initiatives where necessary.
Dwelling on business needs in a growing organisation with plans of growth and expansion; there would always be need for shorter business cycles, need to involve, connect and tie in with more partners, making business models network centric. This will leverage on workflows, collaborative tools, remote access, VPNs, etc. Preferences would be for open, modular, scaleable systems with security as a high priority item.
Top management must give direction and ensure that IT has a strategic fit and ensure that IT value reporting is reliable. To work towards this goal it is imperative to integrate IT governance within the enterprise governance plan. The roles have to be predefined, plan for implementation to be set and timing for roll off well defined. The robustness of control framework is important in monitoring, retuning and implementation of emergency changes necessitated by exigencies.
Performance monitoring both on business goals and IT support for goal attainment is equally important and hence benchmarking and balanced scorecard means are adopted by organizations to assess their health and set maturity levels for themselves.
We cannot visualize today's business without IT and IT in itself has become an industry by itself, be it software development, security services, maintaining of systems, outsourcing or the like. In any case proper alignment of IT keeping in mind the core business in focus goes a long way in meeting the strategic goals of the enterprise and achieving resource optimization.
The author is CISA, CISM, ISO 27001 dedicated to the field of information systems, audit, implementation and security. Author of two books on the subject, she is in IT Assurance and risk management division of Grant Thornton. Contact at: kittu55@hotmail.com