Providing reliable IT systems and services for the benefit of users is the fundamental reason you spend money on Information Technology and increasingly on Operational Technology (IT and OT) in your organization.
Technology operations consist of the routine day-to-day activities that provide and maintain systems and networks for users. From a financial management and reporting perspective, this includes processing and controls for financial events like a sales order, transactions, adjustments and, reporting.
Prior blogs discussed business driven technology planning, then acquiring and implementing systems to meet those identified business needs. This blog is about operating these systems to support the business (internal users, customers, suppliers) in an efficient and effective manner, including appropriate controls to manage important risks.
Why care about Technology operations?
Technology systems and their interconnections are complex, so keeping these systems ‘up and running’ requires processes, discipline, and expertise. Moving to the cloud can simplify some of that complexity for small and medium businesses, but your organization still has to ensure these ‘modern’ systems work with current ‘on premise’ systems properly and outsourcing costs and risks are managed.
From an IT department perspective, ‘good’ IT operations is critical for credibility with senior management and users. If systems are not reliable or available, IT competency will be called into question and users will be skeptical that IT can deliver on projects to implement new solutions. From a user and senior management angle, they will think: ‘If you can’t run our existing systems properly, how can you build new ones, or talk about strategic use of technology?’
For financial managers, auditors, and investors, reliable IT operations means reliable financial information and reports. This is because correct financial information requires correct processing, and valid data which comes (mostly) from users. IT operations includes controls over changes to computer programs and systems, and administration of user access to data. Financial managers should work with IT to ensure access privileges reflects user organizational roles and responsibilities because this logically enforces segregation of duties which is an important control technique for most if not all organizations. In today’s digital world, if your system access privileges do not match your organization roles, you really don’t have segregation of duties in place which could lead to errors and even fraud.
From a business execution perspective, good IT operations lowers cost, improves availability, reduces unplanned downtime, and positions the business to grow and adapt/ support new requirements.
Finally, IT and OT is a significant cost or investment for most organizations, and these costs can creep up over time as more technology is added to meet user needs.
So what are the basics of IT operations?
- Providing computing resources (includes availability and capacity). This now applies to on premise and cloud systems (of which there could be many), and IoT/ OT – which may have a higher availability and reliability requirement than the traditional information systems. The online availability of important systems should be defined and negotiated between users and IT with the understanding that higher levels of availability costs more to provide.
- Providing support and training to end-users: Training and support to users is like system documentation – it seems to be poor cousin and not get done as IT projects near completion with budget and time pressures. This can lead to users of an ERP system, for example, extracting data into spreadsheets for analysis and ‘special’ reports because they don’t know how to do this in the ERP or Accounting System. This is a waste of time and resources, and spreadsheets are inherently more error-prone! And training users on how use ‘office automation’ properly – like Word, Excel, PowerPoint and email should be seriously considered. Take a quick survey of your financial, sales, other teams on whether they have had any structured training on these office automation tools, because many have not. Think of the quality gains and efficiency gains here – if each user improved their skills a little and this saved 30 minutes per week per user, pretty soon this adds up to real productivity gains, money, and time for more important activities (work or play)! And a modest amount of training helps users avoid errors in using systems or building spreadsheets or other ‘end-user’ tools.
- Providing IT problem resolution: IT problems arise all the time. Many are simple to fix and some are not. So having a process to intake the problems from users (as well as IT itself), provide standardized but practical help, and look for trends in the problems that may indicate a looming disaster makes sense.
- Ensuring systems security: IT operations has to deliver reliable processing which includes the processes and controls to preserve confidentiality, integrity and available of business systems and data for users. Some of these processes are visible to financial and other users like changes to business applications as they request, test and approve the changes, and user access to these business applications as they request access to functions and data. And ‘under the covers’, IT also has to ensure the processing environment and network connections is secured with things like firewalls and VPNs which also have to operate properly ‘all the time’.
- Managing costs: Technology costs includes facilities, people, system product licenses and external services like offsite backup, each with details to manage. Tracking the costs of these components should be part of technology inventory management so overall costs are visible to senior management, and can be monitored for trends and compared to benchmarks. Such review can also identify old systems with few users that should be evaluated for continued operation or not. Users should understand the costs of service, and forecast. If possible, charge user departments for technology services based on reasonable and transparent allocation mechanisms so they have understanding of the cost of IT/OT and appreciate this is not free. And with many organizations ‘going to the cloud’, there are new usage based costs to manage which can lead to surprise bills from the cloud service provider, and the risk that users go around IT and buy third party cloud services directly, which can be inefficient and lead to cyber-security problems. Classic tip: check expense reports and corporate credit cards for payments to cloud service providers!
Technology management should identify and understand the business processes being supported and the IT operations processes needed to operate the applications and infra; then select and implement IT (infra) systems that properly automate these IT processes that the user does not really see. So technology processes to ‘plan’ and, ‘acquire and implement’ apply to user driven systems, and the plumbing underneath.
IT leaders should provide quality IT services at reasonable cost, and be able to provide regular summaries of the performance of IT operations in terms of quality and cost of services provided to senior management. This sets the table for IT and senior management to oversee and monitor IT to ensure it stays on track supporting the business. More on monitoring in the next blog!