it3 by pengtt


									      Recommending Operational
         Improvements to IT
1. Differences and similarities of compliance and
    operational review
2 . Setting up review goals and objectives
3. How to identify potential operational efficiencies
4. What to watch out for
6. Where to find standards and metrics
7. How to report: an example of an innovative
   Differences and Similarities of
   Compliance and Operational
Basis for the testing and controls is
  operational goals and objectives versus
  rules and regulations.
  -cost savings
  -revenue enhancement
  -improving or meeting customer service
  -improving or meeting internal control/ security
     objectives non-rules based issues
    Differences and Similarities of
    Compliance and Operational
1. What does the organization need to achieve its
2. What do they need to do to get there?
3. How can they run their operation better?
                      Typical Findings
1.   Automation of processes
2.   Elimination unnecessary processes or process steps
3.   Consolidation of operations
4.   Consolidation of expertise
5.   Decentralization if excessive transportation costs
6.   Fraud waste and abuse controls
7.   Efficiency and Effectiveness recommendations:
      – Supply Controls: Don’t buy stuff not need: & do not buy more than needed
      – Quality controls
      – Price Controls: do not pay more than should
8. Better Identification of processes, goals, objectives, establishing a plan and
   budget for the operations.
9. Better Process for Planning, organizing, execution, measurement, &
   process correction
Determine Audit Objectives of performing an
 operational review of campus IT
 department: 20 minutes
  – Break out in 5 groups of 5
  – Brainstorm operational findings/issues that
    you might have at your campuses
  – List 3 major objectives (focus) of your review
    on flip pad sheet
  – List scope of review for each objective
  – Select speaker to share with the group
     Setting up review goals and
    objectives: Preliminary Survey

1. What are best practices (start with an idea of
    what “should be out there”
   -industry standards
   -industry trends
   -professional organization publications
   -other campus organizations deemed to be “successful”
   -other campus, universities, industries who have
       successful organizations. (find out what they do).
   -asking on list serves for best practice
   -what would you do if it was your personal business?
       Setting up review goals and
Find out what your auditee organization is doing now:
1. Determine organization structure: map of processes,
    organization charts, job descriptions
2. Review revenue and expenditure streams: how do
    they get and spend funds
3. Determine written goals and objectives, budget plans
    and requests (clarity of vision)
4. Determine what staff are doing with their time/effort:
    staff time studies
5. What do customers say?
   –    Customer surveys
   –    Resulting plans
Models for Analysis of Organization
•   Deming Management Method
•   Hammer – Reengineering the Corporation
•   Rummler/Brach – Improving Performance
•   Porras – Built to Last & Stream Analysis
          Setting up Review
         Goals and Objectives
                  Gap analysis
• Identify differences between organization
  goals and objectives : Best Practices
• Identify difference between organization’s
  internal goals : What they state they need
  to yet achieve
       How to Identify Operational
• Set up testing plan based upon initial gap

• Analysis of Management Standards (COSO, tone at top,
  risk analysis, response to risks, information, monitoring,
  continuous improvement steps). Policies and procedures

• Root cause analysis: identified problems, review to find
  cause and potential contributing factors. Drilling down to
  find real cause versus symptom.
           How to Identify Operational
• Marketing of Products and Revenue Enhancement: Funding models for
  services-recharge model, additional markets for products and services
  revenue enhancement opportunities. (Orgs with large deficits).

• Workflow analysis: systems design.
    –   Inefficiencies in workflow
    –   Touch time
    –   Duplicate hand-offs
    –   Duplication of effort
    –   Non-value added steps
    –   Shadow systems
    –   Reentry of data instead of automated interfaces

•   Rummeler-Brache Analysis:
    – look for silos within organization
    – disconnects between department handoffs
             What to Watch Out For
1. Failure to do cost benefit analysis
2. Illusionary benefits:
    – cost savings that are a piece of a person’s time, but can not eliminate
      entire person.
    – Plan to capture saving such as a lay-off plan and reorganization plan
      but fail to identify all of unit or person’s workload.
    – Example: (computers needed for older systems that will not be part of
      new solution) must maintain legacy systems. End up with dual systems.
3. Consolidation costs:
    – investment in new facilities
    – investment in automation
    – Buying more than what is needed for solution (gold standard
4. Assumptions wrong for the environment:
    – automation where volume is too low.
    – System overloads where new equipment not purchased
                What to Watch Out For

1.       Underestimating investment to accomplish goals:
     •      Example: new pc needed for all staff to run new software
     •      Did not figure in local costs versus just centralized costs
     •      Goal to have a vanilla system, but ending up making significant local
            mods to make software work.
     •      Not estimating transition costs, phased in of solution may mean short
            term solution development and retirement.
2.       Inability to maintain solution:
     •      one-time funding versus maintenance funding
3.       New systems need more expertise to function
     •      workforce competencies
     •      training needs.
4.       Implementation Process Inadequately Controlled:
     •      important criteria/ specificantions not captured and followed up on
     •      Management of change ineffective.
     •      Time schedules, critical path information not developed.
                     How to Report
1.   PowerPoint presentation
2.   Scope: Quality, Efficiency, Effectiveness, and Good
     business practices
3.   Executive summary includes recommendations with
     estimated savings per recommendation!!
4.   Pictures, white space and graphs
5.   Action matrix presentation
6.   Business impact noted as part of finding
7.   Calculate potential dollar savings and show basis for
8.   Show best practices information/ information on
     industry trends.
   Where to Find Standards and
• Gardner Group:
• PWC- UC External Auditors
• ISO-European Standards
• Professional Publications with Stats.
  – CIO Magazine
 Summary of What We Discussed
• Questions about topics not covered??

• What more do you need to learn to do an
  operational review of an IT operation??

• Sharing: who has plans for doing an
  operational IT review next year??

To top