Archives || Search || About Us || Advertise || Feedback || Subscribe-
Issue of June 2006 

[an error occurred while processing this directive]

 Home > Cover Story
 Print Friendly Page ||  Email this story

Infrastructure Strategies '06

Wanted: corporate governance

The incidence of IT audits among organisations has risen and internal audits are favoured. by Shivani Shinde

To internalise corporate governance and adhere to regulations, Indian organisations are turning to IT audits. Along with IT audits, the trend of measuring RoI has become as crucial. 58 percent of organisations are conducting audits. Among those who do, BFSI (84 percent) leads followed by IT/ITeS (71 percent) and FMCG/consumer durables (68 percent).

Though IT audits are increasing, organisations favour internal audits over those conducted by third parties. Of those who conduct audits, 41 percent prefer internal audits, 28 percent have self-conducted audits whereas just 31 percent go in for third-party audits.

Audits go beyond the need to comply. Many Indian companies are a part of the global business network of MNCs and have to follow certain processes. Audits go beyond security and compliance to look at IT processes in an organisation.

Though IT audits are increasing, organisations favour internal audits over those conducted by third parties

The maximum number of external audits are held by BFSI (56 percent), government/PSU (50 percent) and manufacturing (36 percent). Among the self-conducted audits, verticals that lead are chemicals/pharma (48 percent), IT/ITeS (41 percent) and services (43 percent).

It is not just the activity, the frequency of conducting them is equally important. 56 percent of the respondents conduct audits annually, 24 percent bi-annually whereas 13 percent do it as and when they perceive the need for it.

The maximum number of annual audits is in the BFSI sector (64 percent), while IT/ITeS (44 percent) leads the bi-annual frequency list.

“IT Needs to be aligned with business requirements”

S Narayanan
Corporate Information Systems Manager, Hindustan Lever
Need for audits

IT audits are important as they give the CEO and CIO a transparent view on how wisely investments have been made and where money is going. For instance, if they have invested in ITIL then the management needs to know how much money has been invested and how much has been actually utilised.

The reasons for organisations to opt for audits are two-fold. One is related to compliance which is driving organisations to go in for audits. The second is increased spending on IT. This is so as processes are IT-dependent and thus need effective controls in place.

Internal audits

Unlike financial audits which are done quite frequently, IT audits are less frequent. The concept of an external audit is quite new among Indian organisations. Wherever audits are done externally, it is due to the insistence of the CIO or the board. That does not mean third-party audits are not being held at all, the process is quite prevalent.

Measuring IT

Involvement in IT initiative depends on the technology. If the technology is new then it has to be driven by the IT team. But, at all times, IT needs to be aligned with business requirements. Besides, after some time, the implementation becomes too technical and it is best that the IT team takes over.

However, before the actual deployment, the user becomes an integral part of the prototype/pilot stage. The unit head’s involvement is a given. Any project would have a steering committee/group that would have representatives from the concerned departments.

To measure the success of an IT initiative is difficult as each project is different. Some projects are strategic in nature, for instance, an ERP project would be different from a payroll system.

Evaluating incidence of time and budget overruns is also difficult. There are a combination of factors that might result in delays. For instance, it could be due to new technology, the need to understand it, deliver it on time, infrastructure requirement and whether parameters are online or not.

At HLL, the Board of Directors are involved in measuring IT performance, however, it varies from organisation to organisation. The day-to-day activities of course would be monitored by the unit head or the CIO.

Involvement in IT initiatives

The IS survey shows that involvement of IT users in taking an IT initiative is highest during planning (63 percent) and initiation/authorisation (61 percent) than when it comes to executing (47 percent) or controlling/monitoring progress.

Manufacturing with 64 percent of respondents leads when it comes to involvement of IT users at the initial stage, whereas 61 percent among the IT/ITeS are involved right up to the time of execution.

According to the survey, the involvement of unit heads/managers in an IT initiative is maximum at the planning (65 percent) stage, followed by initiation (54 percent), execution (45 percent), controlling/measuring progress (30 percent) and assessment post-completion (31 percent). The role of the unit head in a particular initiative is still limited with just 31 percent agreeing to be involved till the completion period.

Measuring success

When it comes to measuring the success of IT investment the parameters that lead are reduced cost (55 percent), project completion on time (50 percent), customer satisfaction/value and decreased process cycle (32 percent).

Among those who consider cost as a factor, IT/ITeS had maximum replies with 68 percent followed by telecom (62 percent) and government/PSU (56 percent). Decreased process cycle as a criterion is most appreciated among the government/PSU (50 percent) and BFSI (37 percent). Whereas, for BFSI (63 percent), project completion on time matters the most.

However, 63 percent of respondents agree that incidence of time/budget overrun in IT projects is common with government/PSU (81 percent) and IT/ITeS (71 percent).

The survey also looked into the frequency of IT project overruns. While 41 percent stated that this happens once in a while, 28 percent found it to be a frequent occurrence and 24 percent said that it happens rarely.

  • Compliance and audits should go hand-in-hand. Hence, if you are complying with a regulation, audits is the next step.
  • It is important that you have a balance between external and internal audits.
  • Quarterly or half-yearly audits are a must.
  • When deciding on any new IT initiatives, invest in understanding user requirements.
  • Time and budget overruns are normal, the best way to deal with this is by having a contingency plan.

Who’s involved

The CEO in many organisations is still the one measuring IT performance. The survey shows that 57 percent of respondents say that the CEO is the final authority in measuring IT performance, whereas 52 percent consider CIO to be the deciding authority. Functional heads (35 percent), CFO (34 percent) and Board of Directors (21 percent) are the other decision-makers in that order.

Among verticals, CEO leads in BFSI (63 percent), the CIO is an important authority in government/PSUs (69 percent).

- <Back to Top>-  
Untitled Document
Indian Express - Business Publications Division

Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.