Leverage IT to Cut Costs and Boost Business

By Richard Anderson

(Back to article)

Over the past several decades, companies have invested considerable resources in information technology, based on the promise of enhanced business performance.

Experience shows that in many cases these investments did address immediate problems, but ultimately they failed to meet the organization’s expectations for improved efficiency and effectiveness. And during recent efforts to comply with Sarbanes-Oxley and other new regulatory requirements, the underperformance of IT as a strategic business enabler came under new scrutiny.

In fact, during Sarbanes-Oxley compliance efforts, the IT function was recognized as one of the most costly areas and a primary source of deficiencies. Consequently, many IT leaders are now asking how they can be better prepared to respond to new IT expectations.

IT/Business Alignment

The often-heard answer? Creating an efficient and responsive IT environment begins with aligning IT goals and priorities with overall business goals. Yet many organizations have had difficulty matching these goals, with attempts typically breaking down in several common places. Often, IT leaders fail to communicate effectively with business leaders and sometimes second-guess the needs of business.

Moreover, IT organizations can jump too quickly to technical solutions and do not give adequate consideration to the specific business functions they are setting out to support. Finally, IT organizations may have difficulty defining specific technical requirements and determining the architectural changes necessary to effectively implement them.

When IT is aligned with the business and is given adequate consideration as a resource to help meet business needs, it can help prepare the organization to better respond to change and optimize returns on investment. The approach outlined below can help an organization begin this process.

Step 1: Evaluate the effectiveness of the organization’s IT governance. In determining how to better leverage IT support of future business goals, the first step is to gauge how effectively IT is being leveraged today.

This assessment should include an analysis of the current state of business/IT alignment, decision-making, architectural leverage, change management and program management. Once the organization profiles its current state and sets targets for improvements, it can assess the “gap” it must close to reach the desired level and begin defining the necessary steps to get there.

Step 2: Leverage lessons learned to drive value through IT. Organizations that have faced the initial challenges of regulatory compliance can reflect on the lessons learned in these efforts and determined how to use this information in refining their controls and operational-improvement plans.

Many organizations have identified specific opportunities to standardize business processes, improve controls and leverage both current and new technologies. These opportunities should be carefully evaluated and applied to the processes and disciplines of IT strategy, architecture, change management and governance.

These processes can be greatly improved if the organization focuses on: ·

  • The identification of more appropriate controls designed to provide long-term support to the business. ·
  • Additional controls automation—based on an analysis of the current cost of controls. ·
  • Standardization of processes, controls, applications and databases.
  • Controls rationalization—understanding the right mix and number of controls necessary to meet objectives, considering the organization’s risk appetite.

    In this way, organizations can create more effective and reliable processes, begin to reduce the costs of accommodating business changes, and create an IT infrastructure more responsive to business change.

    Step 3: Assess IT/business alignment and identify required actions. Organizations can benefit by reviewing the processes and disciplines that support business alignment and IT strategy to determine what specific enhancements are required to make them effective.

    This review can be conducted using frameworks such as Information Technology Infrastructure Library (ITIL) or Control Objectives for Information and Related Technology (COBIT) to guide the analytical process and include the appropriate processing considerations.

    Step 4: Use architecture as a filter. Once process-improvement initiatives are identified and prioritized, requirements for each initiative can be defined. These requirements should include specifics regarding the use of people, processes, technology and controls.

    To help drive architectural leverage and consistency, new requirements should be analyzed to determine how existing architectural services (e.g., a controls services or security process) might be used, and how new services that must be created can be effectively integrated into the architecture to enhance its overall processing capabilities (e.g., improving its structure, its service capabilities, or its overall processing control and work management).

    The results of this process will be a detailed plan for specific initiatives that are consistent with the organization’s architecture and leverage its capabilities.

    Step 5: Execute the plan. Once the requirements are known and the plan is in place, the work to improve the key IT processes can begin. For most organizations, this plan will be phased in over some period of time, with the activities prioritized to maximize early benefits and to spread the cost over a reasonable period.

    One of the highest priorities, however, should be to put into place those aspects of governance that can act as a “shield” to mitigate the risk of old problems recurring as the organization moves forward in carrying out the plan.

    Step 6: Maintain continuous improvement. Most organizations derive significant benefits from incremental improvements in IT strategy, IT architecture, change management and IT governance. In addition to working toward the desired state in each of these areas, organizations should continuously monitor their current effectiveness.

    Missed deadlines, dissatisfied users, cost overruns, processing vulnerabilities, manually intensive business functions and difficulties in responding to business changes are all indications of the need for additional improvements.

    While organizations have had great difficulty in meeting various regulatory or other compliance requirements, what they have learned has empowered them. Information they now have about management, risk, and controls can help leaders view their organizations in new ways. It can also change how they conduct business and operate in the future.

    To fully leverage the opportunities afforded by compliance efforts, organizations should recognize the value of IT, invest in it, and build the necessary support to make it a reliable agent of change and a major contributor to fundamental business effectiveness.

    Richard Anderson, based in New York, is a principal in KPMG LLP's Information Risk Management practice and can be reached at 212.872.5588 or richardanderson@kpmg.com.

    Steven Hill, based in Dallas, is a principal in KPMG LLP’s Advisory Services practice and can be reached at 214.840. 4455 or shill@kpmg.com.