Reduction of ICT Cost: Strategies towards clean IT audit and IT spending 28 May 2013 Razak Alli Agenda Introduction Governance Requirements SITA Initiatives ICT Cost Reduction Strategy Clean IT Audit 2 Introduction Total annual IT expenditures range from 2% to 15% of annual revenues (Source: ITGI – IT Governance Performance Case Study) Reducing the cost of ownership of IT assets directly linked to supporting business process and decision making processes governing IT spending Moore’s Law—”the number of transistors on integrated circuits doubles approximately every 4 years”. This law correlates with a decrease in the cost of computing power. This availability of cost-effective computing power also corresponds with an increase in the global generation of data by devices, machinery, appliances and humans. 3 King III - King Report on Governance for South Africa 2009 Chapter 5 – The Governance of Information Technology The board/accounting officer should be responsible for information technology (IT) governance IT should be aligned with the performance and sustainability objectives of the company/business The board/accounting officer should delegate to management the responsibility for the implementation of an IT governance framework The board/accounting officer should monitor and evaluate significant IT investments and expenditure IT should form an integral part of the company’s risk management The board should ensure that information assets are managed effectively A risk committee and audit committee should assist the board in carrying out its IT responsibilities 4 IT Governance Driving Improved Performance Most common IT governance objectives are focused on cost containment (including efficiency, standardization, and automation) and risk reduction (including compliance, security, and public scrutiny of IT failures). For most businesses, cost containment is desirable, but not a business strategy. As IT becomes a more strategic business enabler, organizations should build on existing cost and risk focused IT governance initiatives, and expand objectives to also include meeting strategic business objectives, improve agility to meet changing business needs. 5 SITA Initiatives - Partner and Supplier Relationships Implementation of the Partnership Model Forming strategic partnerships with main suppliers and industry for high consuming services by clients Revision of current contracting process with suppliers Usage of State Owned Companies (SOCs) New contracting framework implemented Umbrella agreements allowing improved cost savings Not on a transactional basis Negotiating new deals with suppliers for better costing savings “Lock In” with software vendors (long term better cost savings) 6 SITA Initiatives - Partner and Supplier Relationships (continued) Negotiations with critical suppliers within the environment MIOS Compliance (Minimum Interoperability Standard) 7 SITA Initiatives - Infrastructure Environment Cost management and saving initiatives: Targeting transversal systems Shared infrastructure reducing scope Use of virtualisation and convergence Moving decentralised infrastructure to centralised Centrally managed infrastructure environment leading to improvement of administration and security Robust and secure infrastructure (preventative) Consolidation and synchronisation of applications and toolsets used 8 SITA Initiatives - SLA Contracting Method Service Based SLAs - Redevelopment of SLAs according to services provided to clients Single SLA per client with services identified Define level of performance via standardised manner (not managed on “per item basis”) Service Based SLAs based on approved Costing and Pricing Models in alignment with approved Service Level Catalogue Packaging of services to include value added services 9 SITA Initiatives - Strategic Projects Implementation of key identified projects as per Board approval: Could Computing IFMS E-Government Convergence Partnership Model Costing and Pricing Model Unified Communication (lowering broadband prices contributing) 10 Supply Chain Management: Strategic Goals Saving on acquisition of ICT goods and services; Improve Purchasing Power Improve Procurement Processes Provide IT procurement to ensure that the Government gets value for money Number of industry partners established in the acquisition of ICT delivery of goods and services; and Monitor and enforce supplier performance compliance. Improved Supply Chain Management Mean Time To Respond; Drive 30% of acquisition spend through SMME; Automate procure to pay process; and Drive 100% electronic ordering with suppliers. Improved Supply Chain Management turnaround time: Drive Economies of Scale 90 days on Bids 90 days on preferred list RFQs 45 days for contract finalising 30 days for Adhoc RFQs Create & centralise strategic sourcing Standardise procurement processes. 11 Improved Supply Chain Management Turnaround Times Acquisition Method Target Actual Tenders (Bids) 90 Days 127.55 Days Preferred list RFQ’s 90 Days 72.23 Days Contract Finalisation 45 Days 37 Days Adhoc RFQ’s 30 Days 16.65 Days 12 Cost Saving For Government SITA has entered into four (4) Strategic Partnerships ICT to provide goods and services to government at a discounted price. 13 Cost Saving For Government SITA Supply Chain Management has managed to save government an amount of R 262 652 243.05 on acquisition of ICT goods and services(2012/2013). 14 Best Practices from Industry (continued) ICT Procurement Strategy: Cost Reduction and Integration Strategy Alignment of IT Strategy with ICT Procurement Strategy Optimum Return on ICT Investment (usage of COBIT processes) Controlled IT spending via approved architectures and technology stacks incorporating: IT cost transparency Benchmarking of IT Service Costs Enforcement of IT Cost reductions 15 Best Practices from Industry (continued) Design to Delivery: contract lifecycle for investing in ICT On time, within budget, to specification Strengthen IT-Finance Collaboration to Drive ROI IT Cost quality thresholds Business process harmonisation Process complexity review Metrics and success measurements Transparent reporting 16 ICT Cost Reduction Strategy Cost reduction should be performed via a structured approach considering the long-term impact Should be performed for improving efficiency and effectiveness ICT Cost Reduction Strategy similar to Generic Enterprise Cost Reduction Strategies Examine all IT spend and prioritise the right cost reduction opportunities Adopt an end-to-end approach by considering: All sources of IT costs - Leverage multiple views to examine all sources of ICT spend Analyse drivers of the IT costs Prioritise the right opportunities Create an organisation wide portfolio of investments to achieve measurable savings 17 ICT Cost Reduction Strategy (continued) Make sure scope includes all components of IT expenditure across the enterprise ecosystem Ensure proper engagement with the right stakeholders Examine all sources of IT spend using the following views: Expenses versus Investments Locked in spending per year versus new initiative spend Monitor expenses versus investments ratio Assets versus IT Capabilities Spend on business applications, infrastructure and data to deliver IT capabilities Spend on IT capabilities is on people, process and technology and assets required to deliver IT capabilities 18 ICT Cost Reduction Strategy (continued) Lines of Business (LoB) IT spend by LoB’s provides insight into the IT landscape Best practices to be applied across LoBs Standardisation of processes across LoBs Fixed versus Variable Maintain a mix of fixed and variable costs Trade off of maintaining capabilities in-house at fixed costs versus outsourcing them at variable costs. Business Process Analyse IT spend by business processes to provide the cost to serve the end customer Identify cost reduction opportunities by business process redesign and supporting IT solutions 19 Clean IT Audit IT Audit is a subset of the overall Audit Department Cannot achieve Clean Audit ain the absence of issues without the other environments Size matters – In-house, outsourced or hybrid If outsourced: Ensure the right to audit by the third party Must be included in signed agreement Compliance to SAS70 (replaced by SSAE16) – Auditor General provides this service at SITA annually 20 Clean IT Audit (continued) If in-house: Good people and capabilities Core Skills and IT Technical abilities Streamlined processes, policies and procedures High levels of compliance IT Compliance framework and compliance officer IT compliance and monitoring activities SITA can only assist in the achievement of a Clean IT Audit if in control of the full IT function 21 Thank You 22