As enterprise application software is used more and more
to automate complex business processes, organisations expose
themselves to a new set of risks that are introduced by having
their mission-critical operations reliant upon IT and, more
significantly, the people who operate these systems. In addition,
having said good-bye to the manual checks and balances that used to
record and audit business transactions, auditors and compliance
officers are demanding that IT be capable of accounting for all of
its activities, writes Alan Smith, senior vice-president for UK
and Ireland at
UC4 Software.
Mergers, acquisitions, company restructuring and new IT
applications are among the many drivers that have meant that
end-to-end process chains within organisations have become more
complex. As they traverse multiple business and IT application
silos, it is often unclear how the constituent processes, and the
steps within each process, are linked together.
Business process management and advanced application integration
technologies mean that it is possible to automate the exchange of
information between disparate systems.
Process flows can be mapped with conditional dependencies
embedded to ensure that multiple paths are supported and all
eventualities can be catered for. External business events, such as
daily sales information from retail stores being transmitted to
head office, can automatically instigate internal IT processes. In
addition to status checking the outcome of individual steps within
a process, information extracted from output report content checked
against field values in database tables can help shape more
intelligent decision making.
Controllers need a clear view of how all their core business
processes are performing while one application works much better
when it has a clear understanding of what another is doing or has
done. These may not be issues until something goes wrong. A
business-critical process, such as month-end close of accounts,
taking an unduly long time to run, or failing to complete, can
clearly place a company's operation at risk. Enterprises need to
identify strategies that will enable them to realise the
efficiencies of IT automation that will also provide agility and
visibility to simply define and monitor their application
landscape.
The risk management and compliance initiatives introduced with
Basel 2 and
Sarbanes-Oxley seemed like distant memories during the recent
collapse of the global financial services industry. Any guarantees
and assurances that had previously been established were clearly
worth little more than the paper they were (not) written on.
Greater transparency and more rigorous controls are going to be
required to satisfy the diligence of external stakeholders, such as
national governments.
Organisations are still learning that by taking people out of
processes, they are still required to account for the actions that
the systems they operate take on their behalf. Where software is
used to control corresponding processes, enterprises need to be
aware that auditing will be required for all IT activities and not
just those performed inside individual stove-pipe applications,
such as ERP or CRM systems.
Also, retrospectively manipulating and reporting on IT actions
will not be sufficient if auditor certification of business
operations is required. IT departments need to establish and
maintain a continuous, ongoing record of all business activities.
Precise details of who did what where and when need to be captured.
Accepting this record as a fair and accurate representation of the
truth, auditors will be able to independently analyse and report on
business operations.
Automating and streamlining business processes can provide
direct financial gain. Reducing the time it takes to get new orders
into a company's financial systems and generate customer invoices
will improve cash flow. More efficient tracking of actual project
performance against forecast data will help ensure that projects
complete on time and within budget, and that penalty payments are
avoided.
As well as satisfying regulatory compliance and governance
directives, auditing processes provides IT operations with a tool
that can be used to analyse and optimise workload. Historic audit
files automatically archived to long-term storage can be retrieved
and processed alongside recent performance data for trend analysis
and capacity planning purposes. IT management becomes better
informed and can respond more strategically when advising on how
technology can support business growth.
IT process automation technology should be a key component of an
organisation's compliance and risk management strategy. Automation
ensures best practice execution of critical processes, increasing
reliability and, as a result, significantly reducing the exposure
to various forms of business risk. At the same time it can also
help reduce overheads by ensuring the timely processing of business
requests. Optimised processes make better use of business services
as well as IT hardware resources. Acquisition of additional
computing resource can be avoided, or at least deferred. Companies
can get more from their existing resources through more efficient
workload balancing and removing inherent latency, such as idle
times occurring while a system waits on user input or file
transfers.
Surveys repeatedly show that up to 80% of the annual IT budget
for many organisations is spent on maintaining its current systems.
These high operating costs act as a brake on innovation for IT, and
thus for the entire company. Automation can help alleviate
operating costs and, more significantly support enterprises in
getting a better yield from their current IT investments. At the
same time, automating the processes that support business
operations enables enterprises to mitigate IT risk and become fully
accountable for their actions.