Diapositive 1
Download
Report
Transcript Diapositive 1
Office of the Auditor General of Canada
Agenda
Why auditing IT investments is
important
A new approach to auditing IT
investments
Example with the Canada Revenue
Agency
Challenges/Lessons learned/Rewards
Questions
Office of the Auditor General of Canada
The Importance of
Reliable Investment
You wouldn’t buy a car that failed to
start 20% of the time.
You wouldn’t invest in a mutual fund that
consistently lost 20% of its value.
Yet more than 2 out of 10 enterprise IT
projects are outright failures.*
*The Standish Group, 2006
3
Office of the Auditor General of Canada
IT Investments Bring
Both Value and Risk
IT investments are about enabling business change
and can bring enormous returns if managed properly
Yet, without effective governance and good
management,
there is an equally significant risk to destroy value
“The concept of value relies on the relationship between meeting the
expectations of many differing stakeholders and the resources used in doing
so. The aim of value management is to reconcile these differences…”
— John Thorp, CMC, ISP
Val IT researcher and developer
and author, The Information Paradox
[as adapted from the Institute of Value Management]
4
Office of the Auditor General of Canada
A New Approach is
Needed
Managing IT-enabled change requires that we manage IT
investments
One approach is to apply the principles of financial portfolio
management to evaluating, selecting and managing IT
investments over their full economic lifecycle
“Recent Massachusetts Institute of Technology (MIT) (USA) studies of more
than 300 enterprises in 23 countries found that faster-growing and more agile
firms such as 7-11 Japan, United Parcel Service (UPS) and ING Direct all had a
portfolio approach to IT management…”
— from “Enterprise Value: Governance of
IT Investments, the ING Case Study”
by the IT Governance Institute (ITGI)
5
Office of the Auditor General of Canada
A Comprehensive Approach
The strategic question
The value question
The architecture question
The delivery question
* Based on the ‘Four Ares” as described by John Thorp in his book The Information
Paradox, written jointly with Fujitsu, first published in 1998 and revised in 2003
6
Office of the Auditor General of Canada
Val IT Domains
Office of the Auditor General of Canada
Example with the Canada
Revenue Agency
Office of the Auditor General of Canada
Background
CRA collects some $346B in taxes
per year
Processes up to 3.0 million
transactions per hour
Spends about $500 million annually
on IT
Demand for IT investments always
exceed available funding, requiring
to balance competing priorities
Office of the Auditor General of Canada
Scope of the Audit
How does CRA know that:
they are making the right
investments
They are getting the best value in
their investments
Office of the Auditor General of Canada
Main Points
Management practices for IT have
improved significantly
A more strategic approach is needed
to manage IT investments
A more comprehensive performancereporting framework is needed
Office of the Auditor General of Canada
Main Points (2)
The Agency has not complied with its
own guidance for managing IT
projects
Only two of the eight audited pojects
met all four criteria
Project review procedures need to be
strenghtened
Office of the Auditor General of Canada
Challenges/Lessons Learned
Difficulty to get agreement with the audit
criteria
When something is new, how can we refer
to it as best (leading) practices
Framework such as VAL IT often perceived
as being utopia » and theoretical
Developped mainly for the « for profit »
organizations, needs to be adjusted for
« not for profit » organizations
Office of the Auditor General of Canada
Rewards
Help being recognized as a leader
Adds credibility to the end product
Potential influence to effect changes
in other entities
Promotes best (leading) practices
Office of the Auditor General of Canada
Questions/Thank You
Jessica L Perkins
Richard Brisebois
Violaine Guillerm
Office of the Auditor General of Canada
Questions/Thank You
Richard Brisebois CGA, CISA
Principal, IT Audit Services
Office of the Auditor General of Canada
Tel: (613)952-0213 ext. 2235
Fax: (613)947-9736
E-mail:
[email protected]
240 Sparks Street
Ottawa, Ontario, Canada
K1A 0G6
www.oag-bvg.gc.ca
Office of the Auditor General of Canada