First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

How do I ensure accountability for IT systems?

If you want to control something, you first need to measure it. One of the key elements needed to ensure accountability is reporting the right statistics and metrics. Each user department is responsible for ensuring that its information technology needs are addressed, and the IT department is responsible for providing overall cost-effectiveness, quality and coordination. The IT department can play its role by ensuring that IT metrics are captured and disseminated. User departments and the IT department must both be involved; neither may be permitted to abdicate its responsibilities.

There is always a challenge in maintaining the balance between not buying too much capacity too early (particularly as costs are constantly declining) as opposed to leaving the IT area under-resourced. Organizations must anticipate future functional requirements. This will allow technical support to do timely evaluations of software solutions and acquire the necessary skills to provide implementation and user support.

While accurate estimates for processing requirements are important, complete accuracy is impossible. Some processing requirements may be over or underestimated to some extent without significant impact, but it is important to be as accurate as possible. Underestimates may make it difficult to carry on the business satisfactorily, and overestimates may divert money from other areas. Some underestimates—such as processor memory or the number of personal computers—can be corrected easily, while others, such as the volume of data and network capacity cannot.

Accountability for estimates of systems requirements lies with department managers, who have the responsibility to gather requirements as accurately as possible. Users are responsible for prioritizing their requirements. If all requirements cannot be met during a plan cycle because of budgetary or time constraints, it will be necessary to establish a cut-off line on the prioritized requirements list, postponing those requirements below the line to a future planning cycle.

As part of the planning process, it is important to gather statistics on actual resource usage in total and by reporting group to provide a baseline for future estimates. Comparing actual usage to stated requirements provides the basis for:

  • Gaining experience in estimating resource requirements
  • Judging the accuracy of individual department estimates (for which management may be held accountable)
  • Future planning decisions based on department estimates

Several of the COBIT 5 processes provide additional guidance. The following COBIT 5 processes all tie into measurement and accountability:

EDM01 – Ensure governance framework setting and maintenance
EDM02 – Ensure benefits delivery
EDM03 – Ensure risk optimization
EDM04 – Ensure resource optimization
APO08 – Manage relationships

Information Technology PolicyPro

Information Technology PolicyPro

For more on COBIT 5, please see the introduction to Information Technology PolicyPro

learn more

Jeffrey D. Sherman, BComm, MBA, CIM, FCPA, FCA
Author of Information Technology PolicyPro

Follow me

Jeffrey Sherman

Chief financial officer, author, lecturer and professor focussing on corporate finance at Atrium Mortgage Investment Corporation, Canadian Mortgage Capital Corp., Trimel Pharmaceuticals Corporation, and Anagram Services
Jeffrey D. Sherman, BComm, MBA, CIM, FCA, is a director or CFO of several public companies and has had over 20 years of executive management experience. He is the author of Finance and Accounting PolicyPro, Not-for-Profit PolicyPro and Information Technology PolicyPro (guides to governance, procedures and internal control, all published by First Reference and the CPA). Read more
Follow me

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments are currently closed.