Infrastructure Strategies '06
Wanted: corporate governance
The incidence of IT audits among organisations has risen
and internal audits are favoured. by Shivani Shinde
internalise corporate governance and adhere to regulations, Indian organisations
are turning to IT audits. Along with IT audits, the trend of measuring RoI has
become as crucial. 58 percent of organisations are conducting audits. Among
those who do, BFSI (84 percent) leads followed by IT/ITeS (71 percent) and FMCG/consumer
durables (68 percent).
Though IT audits are increasing, organisations favour internal
audits over those conducted by third parties. Of those who conduct audits, 41
percent prefer internal audits, 28 percent have self-conducted audits whereas
just 31 percent go in for third-party audits.
Audits go beyond the need to comply. Many Indian companies
are a part of the global business network of MNCs and have to follow certain
processes. Audits go beyond security and compliance to look at IT processes
in an organisation.
Though IT audits are increasing,
organisations favour internal audits over those conducted by third parties
The maximum number of external audits are held by BFSI (56
percent), government/PSU (50 percent) and manufacturing (36 percent). Among
the self-conducted audits, verticals that lead are chemicals/pharma (48 percent),
IT/ITeS (41 percent) and services (43 percent).
It is not just the activity, the frequency of conducting them is equally important.
56 percent of the respondents conduct audits annually, 24 percent bi-annually
whereas 13 percent do it as and when they perceive the need for it.
The maximum number of annual audits is in the BFSI sector (64 percent), while
IT/ITeS (44 percent) leads the bi-annual frequency list.
Need for audits
Corporate Information Systems Manager, Hindustan Lever
IT audits are important as they give the CEO and CIO
a transparent view on how wisely investments have been made and where
money is going. For instance, if they have invested in ITIL then the management
needs to know how much money has been invested and how much has been actually
The reasons for organisations to opt for audits are two-fold.
One is related to compliance which is driving organisations to go in for
audits. The second is increased spending on IT. This is so as processes
are IT-dependent and thus need effective controls in place.
Unlike financial audits which are done quite frequently,
IT audits are less frequent. The concept of an external audit is quite
new among Indian organisations. Wherever audits are done externally, it
is due to the insistence of the CIO or the board. That does not mean third-party
audits are not being held at all, the process is quite prevalent.
Involvement in IT initiative depends on the technology.
If the technology is new then it has to be driven by the IT team. But,
at all times, IT needs to be aligned with business requirements. Besides,
after some time, the implementation becomes too technical and it is best
that the IT team takes over.
However, before the actual deployment, the user becomes
an integral part of the prototype/pilot stage. The unit heads involvement
is a given. Any project would have a steering committee/group that would
have representatives from the concerned departments.
To measure the success of an IT initiative is difficult
as each project is different. Some projects are strategic in nature, for
instance, an ERP project would be different from a payroll system.
Evaluating incidence of time and budget overruns is also
difficult. There are a combination of factors that might result in delays.
For instance, it could be due to new technology, the need to understand
it, deliver it on time, infrastructure requirement and whether parameters
are online or not.
At HLL, the Board of Directors are involved in
measuring IT performance, however, it varies from organisation to organisation.
The day-to-day activities of course would be monitored by the unit head
or the CIO.
Involvement in IT initiatives
IS survey shows that involvement of IT users in taking an IT initiative is highest
during planning (63 percent) and initiation/authorisation (61 percent) than
when it comes to executing (47 percent) or controlling/monitoring progress.
Manufacturing with 64 percent of respondents leads when it comes to involvement
of IT users at the initial stage, whereas 61 percent among the IT/ITeS are involved
right up to the time of execution.
According to the survey, the involvement of unit heads/managers in an IT initiative
is maximum at the planning (65 percent) stage, followed by initiation (54 percent),
execution (45 percent), controlling/measuring progress (30 percent) and assessment
post-completion (31 percent). The role of the unit head in a particular initiative
is still limited with just 31 percent agreeing to be involved till the completion
When it comes to measuring the success of IT investment the parameters that
lead are reduced cost (55 percent), project completion on time (50 percent),
customer satisfaction/value and decreased process cycle (32 percent).
Among those who consider cost as a factor, IT/ITeS had maximum replies with
68 percent followed by telecom (62 percent) and government/PSU (56 percent).
Decreased process cycle as a criterion is most appreciated among the government/PSU
(50 percent) and BFSI (37 percent). Whereas, for BFSI (63 percent), project
completion on time matters the most.
However, 63 percent of respondents agree that incidence of time/budget overrun
in IT projects is common with government/PSU (81 percent) and IT/ITeS (71 percent).
The survey also looked into the frequency of IT project overruns.
While 41 percent stated that this happens once in a while, 28 percent found
it to be a frequent occurrence and 24 percent said that it happens rarely.
- Compliance and audits should go hand-in-hand.
Hence, if you are complying with a regulation, audits is the next step.
- It is important that you have a balance between
external and internal audits.
- Quarterly or half-yearly audits are a must.
- When deciding on any new IT initiatives, invest
in understanding user requirements.
- Time and budget overruns are normal, the best
way to deal with this is by having a contingency plan.
The CEO in many organisations is still the one measuring IT performance. The
survey shows that 57 percent of respondents say that the CEO is the final authority
in measuring IT performance, whereas 52 percent consider CIO to be the deciding
authority. Functional heads (35 percent), CFO (34 percent) and Board of Directors
(21 percent) are the other decision-makers in that order.
Among verticals, CEO leads in BFSI (63 percent), the CIO is an important authority
in government/PSUs (69 percent).