Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

TECHNOLOGY STRATEGY AUDIT

advertisement 
TECHNOLOGY STRATEGY AUDIT
Executive Summary
It is our intention to facilitate the understanding of technology strategy and its integration
with business strategies. This guideline is organized as series of questions under 10
critical categories:
1. Business Vision
2. Technology as a Component of the Business Plan
3. The Best Information Enables the Best Decisions
4. The Technology Organization – Values & Goals
5. Best Practices & Standards for Technology Processes
6. Selecting and Acquiring Technology
7. Implementing Technology
8. Managing and Maintaining Technology Assets
9. Security, Integrity and Auditability
10. Measuring Performance
By considering and addressing these questions, the CIO and IT organization will obtain
a clear view of what is needed to integrate IT strategy with that of the business.
Morris Communications Company LLC
Technology Strategy Audit
October 2002
2
1. Business Vision
1. Is the overall business vision clearly understood by both the local and corporate
Technology organizations?
2. Is there a formal process for business vision development, evolution and
communication?
3. Who is involved in the business vision development and evolution process?
Does the Technology group play an active role?
4. What is the process for monitoring business results against the vision, and
updating strategies as needed?
5. What are the time horizons for developing business vision and associated plans?
Are we looking ahead one year, three years, five years, ten years? Is the time
horizon appropriate?
6. Is business scenario forecasting used? For example, if we forecast that by the
year 2005 over 90% of consumers in our market area will be connected to the
internet and will use the Internet for classified advertising and purchases, what
does this mean for our business vision and strategy?
7. Have we developed an overall technology strategy? For example, do we want
to be the premier provider of timely and relevant local information in our market,
using the most technologically advanced products and services in our market /
industry segment? Or, alternatively, do we want to be the lowest cost provider in
our market / industry segment?
Morris Communications Company LLC
Technology Strategy Audit
October 2002
3
2. Technology as a Component of the Business Plan
Integration of Business Vision and Technology Strategy
1. Are technology plans developed as part of an integrated business plan, with input
from senior-level management, marketing, operations and other business areas?
2. Are technology plans closely aligned with the business vision, goals and
objectives?
3. Are technology plans developed to provide the business with competitive
advantage?
4. Are technology plans updated in concert with changes to the business plan?
Financial Considerations
1. Is there a formal business case process used to evaluate investments in
technology, including cost /benefit analysis, payback analysis, return on
investment?
2. Does the business case tie back to overall business objectives?
3. Are technology projects and budgets an integral part of the business plan and
budget?
4. Are technology projects capitalized in accordance with an approved capitalization
guideline?
5. Are technology infrastructure projects (e.g., network installation) viewed as
beneficial across business areas and are costs and benefits identified and
allocated accordingly? Are infrastructure and architectural strategies and efforts
part of the overall vision, or are they looked at as isolated project efforts?
Morris Communications Company LLC
Technology Strategy Audit
October 2002
4
3. The Best Information Enables the Best Decisions
1. What information collection and management tools are used across the
technology organization, as a part of the information infrastructure?
• Workflow tools
• Collaboration tools
• Documentation/Information management tools
• Electronic messaging / email tools
• Executive Information Systems (EIS)
• Trend analysis tools
• Data Warehouses
2. What is the “shelf-life” of information being used to make decisions? Is the
information more that 6-12 months old? Should more current information be
gathered? For the fastest-changing technology areas, is a priority put on
obtaining the most current information?
3. What research initiatives are needed or in progress?
4. Do you have or need a competitive intelligence function?
5. Does your organization look to external sources of information (e.g., the Gartner
Group or specialized consultants) to supplement internal sources of information
on key business/technology issues, trends and analysis? If so, is this information
shared widely throughout your organization? Throughout the enterprise?
6. Does your team continually and systematically review and compare multiple
feasible solution alternatives to reach a “best decision”? In today’s rapidly
changing technology landscape, you should question the assertion that “we have
only one option”.
7. Are most technology and business decisions based on “cross-functional” input,
rather than input from only one or two areas?
8. Do members of your team regularly review industry and trade publications in key
areas affecting your business and technology (e.g., InformationWeek, CIO)?
9. Do members of your team attend industry conferences to collect information from
leaders in your industry?
10. Does the Technology group understand what information needs to be provided
to the business (even if the business doesn’t know it)?
11. Is there a continual commitment to allocating time and resources towards
research and learning?
Morris Communications Company LLC
Technology Strategy Audit
October 2002
5
4. The Technology Organization – Goals and Values
1. Is there a clear definition of the role and responsibility of the head of the
Technology organization?
2. Where does the Technology organization report in to the overall organization?
Does this allow appropriate access to the business leaders?
3. How is the effectiveness of the Technology organization measured? Is customer
satisfaction (internal and external), quality, cost and schedule included in this
measurement?
4. Are compensation plans linked to the performance metrics?
5. How does your Technology expenditure (expressed as a percentage of revenue)
relate to industry averages for world class organizations (refer to industry studies
for benchmarks)? Do you measure this annually?
6. Is there a clear definition and life cycle roadmap of the portfolio of products and
services that the Technology organization provides to customers and clients?
7. Is there a formalized Technology communications plan to communicate to
internal and external areas?
8. Are service level agreements in place which accurately describe expected
service levels from the corporate and local Technology organization?
9. Does each member of the Technology organization understand the vision,
values, goals and objectives of the organization?
10. Does each member of the team understand a clear definition of their role and
responsibilities, along with the roles and responsibilities of other members of the
team?
11. Does each member of the team have the appropriate skill sets to successfully
carry out their roles and responsibilities?
12. Are well-defined training plans in place to assure that team members are kept up
to date on important developments relevant to their roles and responsibilities?
13. Is there a clear understanding on how and when the group will use outside
resources and outsourcing (e.g., specialized consultants, outside services)?
14. Does the Technology group have a responsibility to train across the
organization?
15. Is there a clear definition and understanding of roles and responsibilities for the
Technology group and the business units including levels of involvement?
16. Does the Technology group perform a regular customer satisfaction survey?
If so, does this include both internal and external customers?
Morris Communications Company LLC
Technology Strategy Audit
October 2002
6
5. Best Practices & Standards for Technology Processes
1. Are Technology standards clearly defined for:
• Service levels
• Processes
• Data / Information
• Development, Coding, Quality Assurance, Documentation
• Product / Service life cycles
2. Are there policies for when deviations from standards are appropriate?
3. Are there different standards that apply to external customers and clients?
4. Is there strong participation in internal and external forums, conferences and
seminars to stay abreast of best practices in the industry?
5. Are there methods to capture, define and communicate best practices as they
evolve in the organization? For example, is there a repository of best practice
documents, or an area of responsibility for capturing and communicating best
practices?
6. Are there incentives to promote the development, use and re-use of best
practices?
Morris Communications Company LLC
Technology Strategy Audit
October 2002
7
6. Selecting and Acquiring Technology
1. Are there established technology purchasing processes (approvals,
recommended technologies / vendors, etc.)?
2. Have standard contract terms and conditions for technology acquisition
agreements been developed, to be used in the contract negotiation process (e.g.,
service level agreements, warranties, etc.)?
3. Have efforts been made to leverage corporate-wide strategic agreements with
vendors (e.g., Oracle, Sun, etc.)?
4. Has consideration been given to using operating leases for technology
equipment, including the “evergreen” programs offered by Dell, GE, etc.?
5. Have partnering arrangements with strategic vendors been explored?
6. Are Application Service Providers a viable alternative?
7. Does the Technology group work closely with the finance and purchasing units in
technology acquisition areas?
Morris Communications Company LLC
Technology Strategy Audit
October 2002
8
7. Implementing Technology
1. Is there strong top level business management commitment, sponsorship and
ownership for technology and business change implementation efforts (on a
continual basis throughout the life of a project)?
2. Is there a single highly qualified project manager assigned with responsibility for
managing every project?
3. Is there a risk management plan in place, including a risk assessment and
contingency plans ($’s, time, alternatives) for each project?
4. Is there ongoing review and challenge to project estimates (scope, expenditures,
resources, and timeframe) and % complete? Are quantifiable measurements
used in these estimates?
5. Is strong configuration management / change control and authorization / sign off
in place on all projects?
6. Is there sufficient flexibility in process, communications, and resources to
accommodate the inevitable changes that will occur in project plans?
7. Is a commonly accepted and proven systems implementation methodology being
used for all projects, to include project management practices, life cycle
methodology, estimating techniques and quality assurance?
8. Is there a customization policy to address the level of changes to vendor
software?
9. Is there a formal re-use strategy and policy for source and object code?
10. Are performance benchmarks established and measured for all projects
throughout a project life cycle?
11. Are there quality checkpoints and risk management assessments for deliverables
at regular intervals, at least every three months?
12. Are third party independent quality assurance (QA) reviews performed
throughout the life of a project?
13. Are appropriate facilities in place for the implementation effort (computing
resources, tools, space, etc.)?
14. Does the project team have the necessary skills and training to successfully
complete each project?
Morris Communications Company LLC
Technology Strategy Audit
October 2002
9
8. Managing and Maintaining Technology Assets
1. Are valid software license agreements in place for all appropriate software?
2. Is there a formal policy for upgrades to both packaged and in-house developed
software as well as the associated hardware?
3. Are maintenance agreements in place for appropriate hardware and software?
4. Have system and network capacity plans and utilization statistics been
developed and are they continually monitored?
5. Is there a formulated approach for the support of all technology assets
(hardware, software and communications)?
6. Are internal operations and support processes and documentation in place for all
systems, including applications, systems management, network management,
desk top and end-user support?
7. Is a configuration management and change control process in place?
8. Is there a formal documented Business Continuation Plan (disaster recovery) in
place? Has this plan been tested, and is it tested on a regular basis as required
by policy?
9.
Is there a technology hardware asset management plan in place, to include
inventorying, tagging, tracking and monitoring technology assets? Does this plan
address ownership of the asset? Does the plan address equipment for new hires
and employees leaving the organization?
10. Is there a technology software asset management plan in place, to include
inventorying, life cycle tracking and monitoring? Does this plan address sunset
plans of the asset? Does the plan address potential replacement scenarios?
11. Is there a formal life cycle and roadmap for each internally developed software
tool and product?
Morris Communications Company LLC
Technology Strategy Audit
October 2002
10
9. Security, Integrity and Auditability
1. Is a documented information and data security policy in place? Does the policy
address granting and removing access, authentication, ownership of data and
enforcement?
2. How is it ensured that data and information access controlled through a firewall
or other mechanism is in accordance to established policies?
3. Is encryption required for highly confidential data?
4. Are there requirements and policies for system availability?
5. Are procedures in place for introducing new programs and code to production
environments (e.g., test and quality assurance steps)?
6. Is the system security linked in with the human resource function (e.g., if
someone is terminated from the company, are the appropriate actions taken from
a security perspective).
7. Is there a physical security plan in place, to include:
-- control of physical access o equipment / assets
-- conditioned power
-- uninterruptible power supply (UPS)
-- backups / offsite archival storage
-- special policy for laptops
8. Are there policies / guidelines for telecommuting?
9. Is there a communication policy on security? Is there a separate one for
employees and clients / customers?
10. Is there a data backup / security policy that extends to each desktop and mobile
devices?
Morris Communications Company LLC
Technology Strategy Audit
October 2002
11
10. Measuring Performance
1. Have performance measurements that are relevant to business objectives been
established and monitored, including:
• delivery against plan (financial, features/functions, timeline, etc.)
• customer satisfaction levels
• system throughput
• network and system utilization level
• system downtime / user or customer downtime
• time to respond to service call – and completely fix the issue (workarounds not included)
• variance to estimates (e.g., for development and implementation projects)
2. Are industry, enterprise-wide, and internal “best practice” benchmarks known and
compared against actual results achieved on a regular basis?
3. How are estimates (cost and timeframe) developed for technology projects? Are
formal estimating methods used such as function point analysis? Are estimates
compared to actuals as a feedback loop to continuously improve estimating
precision on future projects?
4. Is the Technology group measured in two key areas:
-- successful delivery of new capabilities / systems in a timely and cost efficient
manner
-- successful operation of existing systems?
5. Is there a way to measure how well the group is doing from two different
perspectives:
-- Is the group “doing the right things”?
-- Is the group “doing things right”
6. What actions are taken based on the performance metrics?
This material is copyrighted property of Morris Communications Company. It is approved for sharing with
members of the IT community and is not to be reproduced or distributed for sale.
Morris Communications Company LLC
Technology Strategy Audit
October 2002
12
Morris Communications Company LLC
Technology Strategy Audit
October 2002
13
Related documents
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
So You Don`t Want CM?
So You Don`t Want CM?
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Your_Solutions_LLC_-_New_Business3[1]
Your_Solutions_LLC_-_New_Business3[1]
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Research Assistant – Bacteriology School of Medicine NUIG Ref. No
Research Assistant – Bacteriology School of Medicine NUIG Ref. No
Business Plan Basics - The Controllership Group
Business Plan Basics - The Controllership Group
Download
advertisement