As enterprise application software is used more and more to automate complex business processes, organisations expose themselves to a new set of risks that are introduced by having their mission-critical operations reliant upon IT and, more significantly, the people who operate these systems. In addition, having said good-bye to the manual checks and balances that used to record and audit business transactions, auditors and compliance officers are demanding that IT be capable of accounting for all of its activities, writes Alan Smith, senior vice-president for UK and Ireland at UC4 Software.
Mergers, acquisitions, company restructuring and new IT applications are among the many drivers that have meant that end-to-end process chains within organisations have become more complex. As they traverse multiple business and IT application silos, it is often unclear how the constituent processes, and the steps within each process, are linked together.
Business process management and advanced application integration technologies mean that it is possible to automate the exchange of information between disparate systems.
Process flows can be mapped with conditional dependencies embedded to ensure that multiple paths are supported and all eventualities can be catered for. External business events, such as daily sales information from retail stores being transmitted to head office, can automatically instigate internal IT processes. In addition to status checking the outcome of individual steps within a process, information extracted from output report content checked against field values in database tables can help shape more intelligent decision making.
Controllers need a clear view of how all their core business processes are performing while one application works much better when it has a clear understanding of what another is doing or has done. These may not be issues until something goes wrong. A business-critical process, such as month-end close of accounts, taking an unduly long time to run, or failing to complete, can clearly place a company's operation at risk. Enterprises need to identify strategies that will enable them to realise the efficiencies of IT automation that will also provide agility and visibility to simply define and monitor their application landscape.
The risk management and compliance initiatives introduced with Basel 2 and Sarbanes-Oxley seemed like distant memories during the recent collapse of the global financial services industry. Any guarantees and assurances that had previously been established were clearly worth little more than the paper they were (not) written on. Greater transparency and more rigorous controls are going to be required to satisfy the diligence of external stakeholders, such as national governments.
Organisations are still learning that by taking people out of processes, they are still required to account for the actions that the systems they operate take on their behalf. Where software is used to control corresponding processes, enterprises need to be aware that auditing will be required for all IT activities and not just those performed inside individual stove-pipe applications, such as ERP or CRM systems.
Also, retrospectively manipulating and reporting on IT actions will not be sufficient if auditor certification of business operations is required. IT departments need to establish and maintain a continuous, ongoing record of all business activities. Precise details of who did what where and when need to be captured. Accepting this record as a fair and accurate representation of the truth, auditors will be able to independently analyse and report on business operations.
Automating and streamlining business processes can provide direct financial gain. Reducing the time it takes to get new orders into a company's financial systems and generate customer invoices will improve cash flow. More efficient tracking of actual project performance against forecast data will help ensure that projects complete on time and within budget, and that penalty payments are avoided.
As well as satisfying regulatory compliance and governance directives, auditing processes provides IT operations with a tool that can be used to analyse and optimise workload. Historic audit files automatically archived to long-term storage can be retrieved and processed alongside recent performance data for trend analysis and capacity planning purposes. IT management becomes better informed and can respond more strategically when advising on how technology can support business growth.
IT process automation technology should be a key component of an organisation's compliance and risk management strategy. Automation ensures best practice execution of critical processes, increasing reliability and, as a result, significantly reducing the exposure to various forms of business risk. At the same time it can also help reduce overheads by ensuring the timely processing of business requests. Optimised processes make better use of business services as well as IT hardware resources. Acquisition of additional computing resource can be avoided, or at least deferred. Companies can get more from their existing resources through more efficient workload balancing and removing inherent latency, such as idle times occurring while a system waits on user input or file transfers.
Surveys repeatedly show that up to 80% of the annual IT budget for many organisations is spent on maintaining its current systems. These high operating costs act as a brake on innovation for IT, and thus for the entire company. Automation can help alleviate operating costs and, more significantly support enterprises in getting a better yield from their current IT investments. At the same time, automating the processes that support business operations enables enterprises to mitigate IT risk and become fully accountable for their actions.
This was first published in January 2009