Recommending Operational Improvements to IT Organizations Agenda 1. Differences and similarities of compliance and operational review 2 . Setting up review goals and objectives 3. How to identify potential operational efficiencies 4. What to watch out for 6. Where to find standards and metrics 7. How to report: an example of an innovative report. Differences and Similarities of Compliance and Operational Review Basis for the testing and controls is operational goals and objectives versus rules and regulations. -cost savings -revenue enhancement -improving or meeting customer service objectives -improving or meeting internal control/ security objectives non-rules based issues Differences and Similarities of Compliance and Operational Review 1. What does the organization need to achieve its Goal? 2. What do they need to do to get there? 3. How can they run their operation better? -Planning -Organizing -Execution -Measurement -Correction Typical Findings 1. Automation of processes 2. Elimination unnecessary processes or process steps 3. Consolidation of operations 4. Consolidation of expertise 5. Decentralization if excessive transportation costs 6. Fraud waste and abuse controls 7. Efficiency and Effectiveness recommendations: – Supply Controls: Don’t buy stuff not need: & do not buy more than needed – Quality controls – Price Controls: do not pay more than should 8. Better Identification of processes, goals, objectives, establishing a plan and budget for the operations. 9. Better Process for Planning, organizing, execution, measurement, & process correction Exercise Determine Audit Objectives of performing an operational review of campus IT department: 20 minutes – Break out in 5 groups of 5 – Brainstorm operational findings/issues that you might have at your campuses – List 3 major objectives (focus) of your review on flip pad sheet – List scope of review for each objective – Select speaker to share with the group Setting up review goals and objectives: Preliminary Survey 1. What are best practices (start with an idea of what “should be out there” -industry standards -industry trends -professional organization publications -other campus organizations deemed to be “successful” -other campus, universities, industries who have successful organizations. (find out what they do). -asking on list serves for best practice organizations/leads -what would you do if it was your personal business? Setting up review goals and objectives Find out what your auditee organization is doing now: 1. Determine organization structure: map of processes, organization charts, job descriptions 2. Review revenue and expenditure streams: how do they get and spend funds 3. Determine written goals and objectives, budget plans and requests (clarity of vision) 4. Determine what staff are doing with their time/effort: staff time studies 5. What do customers say? – Customer surveys – Resulting plans Models for Analysis of Organization • Deming Management Method • Hammer – Reengineering the Corporation • Rummler/Brach – Improving Performance • Porras – Built to Last & Stream Analysis Setting up Review Goals and Objectives Gap analysis • Identify differences between organization goals and objectives : Best Practices • Identify difference between organization’s internal goals : What they state they need to yet achieve How to Identify Operational Efficiencies??? • Set up testing plan based upon initial gap analysis • Analysis of Management Standards (COSO, tone at top, risk analysis, response to risks, information, monitoring, continuous improvement steps). Policies and procedures review. • Root cause analysis: identified problems, review to find cause and potential contributing factors. Drilling down to find real cause versus symptom. How to Identify Operational Efficiencies??? • Marketing of Products and Revenue Enhancement: Funding models for services-recharge model, additional markets for products and services revenue enhancement opportunities. (Orgs with large deficits). • Workflow analysis: systems design. – Inefficiencies in workflow – Touch time – Duplicate hand-offs – Duplication of effort – Non-value added steps – Shadow systems – Reentry of data instead of automated interfaces • Rummeler-Brache Analysis: – look for silos within organization – disconnects between department handoffs What to Watch Out For 1. Failure to do cost benefit analysis 2. Illusionary benefits: – cost savings that are a piece of a person’s time, but can not eliminate entire person. – Plan to capture saving such as a lay-off plan and reorganization plan but fail to identify all of unit or person’s workload. – Example: (computers needed for older systems that will not be part of new solution) must maintain legacy systems. End up with dual systems. 3. Consolidation costs: – investment in new facilities – investment in automation – Buying more than what is needed for solution (gold standard requirements) 4. Assumptions wrong for the environment: – automation where volume is too low. – System overloads where new equipment not purchased What to Watch Out For 1. Underestimating investment to accomplish goals: • Example: new pc needed for all staff to run new software • Did not figure in local costs versus just centralized costs • Goal to have a vanilla system, but ending up making significant local mods to make software work. • Not estimating transition costs, phased in of solution may mean short term solution development and retirement. 2. Inability to maintain solution: • one-time funding versus maintenance funding 3. New systems need more expertise to function • workforce competencies • training needs. 4. Implementation Process Inadequately Controlled: • important criteria/ specificantions not captured and followed up on • Management of change ineffective. • Time schedules, critical path information not developed. How to Report 1. PowerPoint presentation 2. Scope: Quality, Efficiency, Effectiveness, and Good business practices 3. Executive summary includes recommendations with estimated savings per recommendation!! 4. Pictures, white space and graphs 5. Action matrix presentation 6. Business impact noted as part of finding 7. Calculate potential dollar savings and show basis for calculation 8. Show best practices information/ information on industry trends. Where to Find Standards and Metrics • Gardner Group: http://www4.gartner.com/Init • PWC- UC External Auditors • ISACA • ISO-European Standards • Professional Publications with Stats. – CIO Magazine Summary of What We Discussed Today • Questions about topics not covered?? • What more do you need to learn to do an operational review of an IT operation?? • Sharing: who has plans for doing an operational IT review next year??
Pages to are hidden for
"it3"Please download to view full document