LOGIN MAIL

• PRESS ROOM4 THE PUBLIC
• STUDENTSCANDIDATES
• CONTACT USNEED A CPA?
• HELPADVERTISE
• SEARCH
  
• 901 Dulaney Valley Road | Suite 710 | Towson MD 21204 | 800.782.2036

• January / February
• March / April
• May / June
• July / August
• September / October
• November / December
  • Have CPA, will travel?
  • Make a tax-free rollover to a qualified charity
  • CPAs now exempt from Gramm-Leach-Bliley privacy notification rule
  • Changes surround audit documentation, audit report dating
  • Financial literacy campaign urges 25- to 34-year-olds to 'Feed the Pig'
  • Towson graduate earns one of 10 highest CPA exam scores for 2005
  • Can't play the accounting game anymore? Just change the rules!
  • Make settling an estate less unsettling
  • Could your client’s underperforming pension be related to its advisor’s conflicts of interest?
  • Becoming an IT hero

Becoming an IT hero

By Chaim Yudkowsky, CPA, CITP

"Out of the ruins
Out from the wreckage
Can't make the same mistake this time
We are the children
The last generation
We are the ones they left behind
And I wonder when we are ever gonna change it
Living under the fear ‘till nothing else remains"

For small and mid-size business, the evolution of IT decision-making or governance has not been methodical. Mostly we have reacted to a need or a neat technology that the boss was convinced we must have, too. Some have embraced the nomenclature of “creating a business case” or “return on investment” (ROI) but have relied on IT to do all of the work. In many instances, the end result of some of our projects has been disappointment. This has fed a fear-of-failure culture sometimes, impacting real business needs and the potential of some beneficial solutions.

When I consider this cycle, I am reminded of the immortal words of Tina Turner above and "I wonder when we are gonna change it."

Like many of you, I have heard and read experts from the research, consulting and academia pontificate about the best way to govern the IT aspects of an organization. Some want to apply their methods across all sized business, while others are more specific about the scope of applicability of their ideas. After trying a variety of methods, I suggest that success of methodology will depend on the type of project.

The five types of projects would be categorized as: 

• IT infrastructure improvement,
• new software / system to address an emerging or maturing need of the business,
• process improvements of existing systems or software,
• business continuity or disaster preparedness, and
• legal and regulatory compliance. 

In this column, let's define each type of project, the parameters of budgeting for these projects, and who should be primarily responsible for the vision of the project. Please note that I will not address how to prioritize projects amongst the discrete financial and human resources every organization has for IT.

IT infrastructure improvement

These projects are entirely driven by IT and its awareness of internal capacity issues and evolution of technology. In some instances, this is reactive to emerging threats to IT infrastructure; in other instances, these efforts are proactive efforts to prepare for the future or likely breakdowns of business systems.

Some of these projects will specifically be technology-refresh initiatives wherein the useful technological lifecycle of equipment or software is expiring and will either be difficult or impossible to continue to support. In every instance, these will be about balancing user experience and an organization's data assets.

With few exceptions, these projects will have visibility to appear on capital budgets at the start of a new fiscal year. The exceptions will be responsive to specific events such as responding to a critical vendor in distress or an immediate threat to the organization that must be remediated.

If usability is an issue or coordination with other corporate initiatives is necessary, IT will try to gather information and integrate it into the expected decisions. Otherwise, users will be involved solely by being informed of planned maintenance work or outages and adjusting accordingl

Examples: Upgrades to servers or e-mail software.

New software or system

These projects are generally driven by user needs, competitive forces or new organizational opportunities. New technologies or new applications of existing technologies will be introduced to users during these projects.

In most instances, there is a gradually escalating sense of urgency that allows for inclusion in the budget of the following fiscal year as a specific capital budget item. However, in some cases there is opportunity that involves technology that can improve processes or usability of a business need that may require immediate (near-term) action before the next budget cycle. For this reason, building research-and-development and emergent-needs IT lines into the capital budget can be very helpful.

These projects begin with a project champion. This person will represent the concerns, needs and desires of the department or region requesting this project. This role will involve not only advocacy, but also design recommendations from an end-user perspective, testing and acceptance of a delivered solution. 

The project champion must understand the process being automated well enough to act as a liaison in articulating specifics. For these types of projects, an IT resource who can speak both business and geek vernaculars is essential. This will allow the project champion to be included in a realistic expectation of project outcomes. When applicable, some user reference checks and even onsite visits with some existing users should also be performed by the project champion.

Finally, a logical presentation of need and cost justification of the spending to satisfy that need must be presented by the project champion. This need not be a comprehensive document, but must reflect a clear articulation of value (not simply stylish adoption of the latest tech buzzwords).

In this instance, the IT role is to vet the pragmatic capacity of the technology in our environments, project cost of implementation and even some projection of the total cost of ownership beyond the initial acquisition, and work with the project champion to identify likely vendors. IT will help with acquisition of the technology, reference checking from a technical perspective, and implementation assistance. Generally, IT will assign an IT project manager to work with the selected vendor and serve as the liaison to the department and project champion to help the implementation operate as smoothly as possible. 

Examples: New ERP or HR systems.

Process improvement

This can be the least invasive project. The IT department has cross-functional perspective into many aspects of an organization while understanding some of the automation opportunities available in what we already own. These projects leverage that knowledge by either initiating the fostering of systematic improvements as IT becomes aware of holes or working closely with users experiencing the under peak performance of systems.

In many instances, there are efficiencies attainable with minimal unbudgeted expense.

Examples: Initiatives to improve e-commerce functionality or reporting usefulness.

Business continuity

These projects do not traditionally have the highest attention in our businesses. They are focused on mitigating risk that may interrupt, but are unexpected in the day-to-day life of a user. In the context of an evolving proactive IT department, many aspects of the formalized structure of these projects is not clear.

For these types of projects, the project begins with a team that crosses the expertise of your business to identify the likelihood of specific risks and define the cost / reward value of responding to risks. The budgetary impact for some of this effort should be considered insurance (something we hope never to use, but need to have available if the worst does come to pass).

Business continuity / disaster preparedness is a business issue that cannot be addressed in a vacuum of just IT. This is a collaborative effort that must prioritize risk, response and how much we can afford to mitigate it all in developing a comprehensive threshold of what we are protecting against and what we are not.

Examples: A plan for building power loss or fire in the server room.

Legal and regulatory compliance

These projects are responses to external forces that are in some instances beyond our control of timeframes and budgetary considerations. In these projects, IT coordinates with our advisors, senior management and those external forces to meet the expectations of those legal or compliance demands.

For these projects, often budgetary input does not matter. When possible, we will review alternative solutions and in collaboration with advisors, often implement either solution with greatest overall long-term value or fastest to acceptance. Still, when this becomes a mandate of staying in business, we cannot dismiss it as unaffordable.

Understandably, these projects involve senior management and corporate advisors.

Examples: Data retention for SOX and HIPAA privacy.

Tina Turner ends her haunting song with the following verse. 

"What do we do with our lives
We leave only a mark
Will our story shine like a life
Or end in the dark
Give it all or nothing!"

It should be the rallying call of every IT project that we undertake, at least until organizational priorities change midstream. But that would be the subject of another column.
 
Chaim Yudkowsky, CPA, CITP, is director of IT for the American Israel Public Affairs Committee (AIPAC) based in Washington, D.C. He is also president of Byte of Success Inc., a technology consulting company specializing in helping small and mid-size business grow using technology. He is available for both consultation and speaking.