Mercredi 5 Octobre 2011
Finyear & Blockchain Daily News

If I were CIO (or CFO) I would worry about a fragmented IT environment

Over the years, I have worked as an executive (in IT, audit, and risk management) in a number of very different IT environments. They include:


Norman Marks
A large bank (OK, an S&L) that relied on home-grown application software. Over time, it started to move to vendor solutions but still had a highly complex and fragmented IT environment. It sold itself to its major competitor and (according to key insiders) did so because of the cost it would have had to incur to fix Y2K problems.

A global contracts manufacturing company where each operating unit had its own ERP. Corporate relied on a combination of Oracle Hyperion and MS-Excel to pull together company-wide financial and operating information. Not only did each unit have its own ERP, but solutions from a wide variety of software vendors were used for specific problems. As a result, it was impossible to get a timely view of operations across the business. IT costs were sky-high and the CIO was totally frustrated. The business was inefficient and eventually floundered and was sold to its major competitor.

A domestic oil and gas company that, over time, moved to a single-instance of Oracle ERP and PeopleSoft HR. Each refinery had its own process control software and data warehouse systems, but since they operated independently – to control that refinery – this was not a problem. In fact, it was even an asset since the vendors (or at least the support teams) tended to be local to the refinery. However, the company also had an active commodity trading arm. It traded physical commodities and related derivatives. The system was not well-integrated with the rest of the company’s systems, and that sometimes led to issues. For example, there was a major incident where a trading partner was sent an invoice for $2bn instead of $120k. We had entered into a ‘swap’ contract with that partner where we committed to buy a number of units of product A and sell the same number of product B on a certain date; the two trades are offset and the ‘winner’ receives the difference in price (they started at the same number). However, as a result of the system problems we sent the ‘loser’ an invoice for the entire sale side instead of just the delta.

A global manufacturer of hard drives with a single instance of SAP’s ERP. However, all other applications were integrated with custom software and great reliance was placed on spreadsheets. We had a material weakness for SOX when an interface from the ERP into a SAS application to calculate the warranty reserve (the largest number on the balance sheet) was not updated to reflect a product reorganization.

A software company that had a single instance of Oracle ERP but made great use of Business Objects software to run the business.

I share this because my views, as is the case for most of us, are shaped by my experiences.
What I intensely dislike, whether I was struggling from inside IT or responsible for a corporate function, are complex, fragmented IT environments.

They tend to be:
- Inefficient
- A roadblock to efficient operations
- An impediment to obtaining TIMELY, reliable views of the enterprise
- An obstacle to the achievement of strategies. The make the organization far less agile

All of us, not just the CIO, contribute to this. We love to buy solutions that are the best fit for our departments, regardless of whether they use the same technology as other enterprise applications.
So, risk officers: shouldn’t you see if your main provider of enterprise applications has a risk management solution you can use? Find out if it has the ability to integrate with the ERP to enable automated risk monitoring.
Internal auditors: are you using the organization’s BI and other systems, or are you introducing complexity and fragmentation yourselves for data mining or continuous auditing?
Marketing and sales people: are you buying could solutions that help you now but will not help the CIO and his strategy for the IT environment?

I would appreciate your views.

Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.
normanmarks.wordpress.com/

Articles similaires