Report on ICT Strategy Issue
Introduction
DentDel, a wholesale distributor of dental supplies, adopted digital order entry system in order to make the order taking and delivery process more efficient. Since the business operates in highly competitive environment, timely ordering and delivery is the major differentiator hence technology was introduced to sustain the competitive advantage. An ad hoc committee was formed to oversee the project. However in the last project meeting several issues were raised after which the issue was brought to Dan O’ Reilly’s (Chief executive officer) attention. Following is the discussion document prepared for understanding of Audit Committee and CEO about what actually happened and what actions can be taken to solve the issue about lack of alignment between IT and business objectives
Ineffective Processes that allowed the situation to occur
Risk mitigation is an essential component of any project in order to ensure its viability, especially in IT related projects. Today companies understand that the information technology is a valuable asset and can offer value to business however it is also important to manage risk associated with information technology. It is important to ensure that IT and business objectives are aligned together for maximum value generation. COBIT is a widely used framework for risk mitigation as it presents activities in logical structure and optimize IT enabled investments (IT governance using COBIT and Val IT, n.d.). The COBIT framework defines IT activities in four domains; including Plan and organize (PO), Acquire and Implement (AI), Deliver and Support (DS) and Monitor and Evaluate (ME). According to Weber (2014) COBIT 5 is the most effective way of mapping incremental risk associated with technology. According to Benaroch and Chernobai (2012) various operational risks are associated with technology which can be controlled through COBIT framework. According to the case let following are some of the processes that allowed the situation to occur:
Lack of proper planning
In the DentDel Inc. case; Chuck Hernandez (Director of Systems Development) developed business case after listening to Cedric James’ (Chief Information Officer) idea. The business case was later presented to Cedric, and he forwarded it to Sarah Stein (Vice President Sales) and Rafael Colon (Chief financial officer) with recommendation of approving it. Hence the first ineffective process that led to occurrence of this situation was that no proper planning was done. According to COBIT framework in the “PO” stage proper strategic IT plan should be formulated, information architecture should be defined, technological direction should be determined, IT investment and human resources should be managed, and risks should be mitigated (IT governance using COBIT and Val IT, n.d.), however no such steps were taken to ensure that the project will be successful.
In this way the start of the project was ineffective as Cedric, Rafael and Sarah had limited discussion about the project. It was discussed in 10 minutes meeting and based on Cedric’s assumptions about cost and benefits the project was approved. Rafael approved US $20 million project and because of urgency of implementation of the project the project was not presented to executive committee.
Roles were not set in initiation stage
In any project it is important to set executive roles in the initiation stage however that was not done in DentDel’s case as shown in the caselet. Executive roles must be clearly defined in order to ensure successful completion of project (Kernzner, 2013). As mentioned above because of urgency of implementation the project was not presented to executive committee and hence no chairperson was nominated and an ad hoc committee comprising of Sarah, Chuck and Cedric was formed. This was the second major reason for the situation as an ad hoc committee was not enough, for proper implementation it is extremely important to ensure that executive roles are clearly defined. COBIT assists executives in aligning IT and business objectives hence that should have been done in the initiation phase (IT governance using COBIT and Val IT, n.d.).
Lack in management of IT investment
In the last meeting various issues were raised about the project viability and its alignment with overall business objectives. It was highlighted that the project team has already spent US $8 million whereas only 25 percent of project has been completed (the original plan was to spent US $3.5). If proper planning was done then that would not have happened. The IT investment was not managed properly because proper planning was not done hence it led to several other problems. An integrated framework such as COBIT (Othman, et al., 2013) is an effective way of managing IT projects. In the case of DentDel IT investment was not managed properly because COBIT was not used at all.
Issues in operations and usage
Similarly project team was facing some internal issues as business subject experts were only available in afternoon, limited resources were available, sales team was facing issues in phone service. However none of the issue was reported to executive committee.
The sales team should have been properly guided about the usage of new technology again that was not done because of lack of communication and coordination. The major concern again is lack of alignment due to lack of framework, COBIT is widely accepted framework and regarded as a benchmark ( Abu-Khadra, Chan & Pavelka, 2014) hence if that was incorporated properly human resource is managed and hence the problem would not have occurred.
Sarah questioned the project; based on market information about dentists and reported that the system could be converted into web only order entry system. However since US $8 million were already spent, Rafael was concerned and hence reported the issue to Dan O’ Reilly.
Steps the management should take to assess the situation and create an action plan
The management should assess the situation and take appropriate actions. Risk free environment is not present anywhere hence it is important to manage risk. IT governance is critical, it delivers value and reduces risk hence IT governance should be incorporated. It aligns IT strategy with overall business strategy hence that should be done at DentDel Inc. Following are the steps that should be taken in order to assess the situation and to further develop action plan for corrective measures.
Investment in best projects
It is important for top management to ensure that shareholder returns are maximized by investing in best opportunities available in the market (IT governance using COBIT and Val IT, n.d.). It is also their responsibility to invest in IT-enabled business investments for maximum value creation, hence top management at DentDel should also invest in IT-enabled business for value creation. The first step hence is to ensure that high return investments projects should be selected through proper planning. As mentioned above proper planning was not done at DentDel which led to all the problems mentioned above.
The Audit Process
Further the audit process should be initiated in this situation, planning and scoping is the first stage in this process, where accountability should be assigned. After which relevant applications should be inventoried and project plan should be developed and approved.
In the same way responsibility for application controls should be determined. In the next stage it is important to assess IT risk by assessing inherent risk of applications and subsystems. The controls should be documented by identifying IT entity level, application and general controls. Then control design needs to be evaluated and operating effectiveness needs to be assessed. It is also important to priorities and remediate deficiencies and finally sustainability should be built (IT governance using COBIT and Val IT, n.d.). the audit process will be done to assess the current situation and in this way corrective actions will be designed accordingly.
Dependency Structure Matrix
Dependency structure matrices are also effective and can provide useful information in risk detection (Florina et al., 2013) hence DentDel will also incorporate dependency structure matrix to effectively detect and mitigate risk.
The governance processes that should be initiated to prevent reoccurrence of a project failure such as this one.
It is important to prevent reoccurrence of project failure such as this one hence governance processes mentioned below are initiated. IT is important for managing resources and to sustain competitive advantage, governance processes initiation will ensure that IT is implemented properly with maximum value for the company.
IT governance is important as it fits in broader arrangement that will cover relationships between management and governing body. Through governance processes, issues can be analyzed and later risks can be reduced. COBIT framework is also effective for IT governance as through it project can be completed effectively (IT governance using COBIT and Val IT, n.d.).
Business objectives and governance objectives should be together aligned in order to ensure that IT and business are aligned together. The governance process should be implemented through four domains of planning, implementation, delivery and monitoring. In the same way IT assurance plan for DentDel Inc. should be initiated and then scope should be formed. It the execution stage, IT assurance subject should be refined, then scope should be refined, effectiveness should be tested, alternatives should be formulate, weakness should be documented and finally recommendations should be communicated.
Conclusion
Today companies understand that the information technology is a valuable asset and can offer value to business however it is also important to manage risk associated with information technology. In the DentDel Inc. the first ineffective process that led to occurrence of this situation was that no proper planning was done. In this way the start of the project was ineffective as Cedric, Rafael and Sarah had limited discussion about the project. The second major reason for the situation as an ad hoc committee was not enough, for proper implementation it is extremely important to ensure that executive roles are clearly defined. In the last meeting various issues were raised about the project viability and its alignment with overall business objectives. The management should assess the situation and take appropriate actions. Risk free environment is not present anywhere hence it is important to manage risk. It is important for top management to ensure that shareholder returns are maximized by investing in best opportunities available in the market. The audit process should be initiated in this situation. Dependency structure matrices are effective and can provide useful information in risk detection. It is important to prevent reoccurrence of project failure such as this one hence governance processes mentioned below are initiated.
References
Abu-Khadra, H. A., Chan, J. O., & Pavelka, D. D. (2014). Incorporating the COBIT Framework for IT Governance in Accounting Education.Communications of the IIMA, 12(2), 6.
Benaroch, M., & Chernobai, A. (2012). IT operational risk events as COBIT control failures: A conceptualization and empirical examination. InInformation Systems (ILAIS) Conference July 2, 2012 (p. 115).
Florina, P. A., Daniel, V., Florin, D., & Georgiana, S. O. (2013). Using Dependency Structure Matrix In Optimazing Financial Audit Process. Annals of Faculty of Economics, 1(1), 1345-1353.
Holm, C., & Zaman, M. (2012). Regulating audit quality: Restoring trust and legitimacy. In Accounting forum (Vol. 36, No. 1, pp. 51-61). Elsevier.
IT governance using COBIT and Val IT, Student book 2nd edition. Leading the IT Governance community
Kerzner, H. R. (2013). Project management: a systems approach to planning, scheduling, and controlling. John Wiley & Sons
Othman, M., Ahmad, M. N., Suliman, A., Arshad, N. H., & MARA, N. (2013). Towards COBIT-based Framework to Govern Flood Management. In PACIS (p. 118)
Weber, L. (2014). Addressing the incremental risks associated with adopting a Bring Your Own Device program by using the COBIT 5 framework to identify keycontrols (Doctoral dissertation, Stellenbosch: Stellenbosch University).