First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT strategy – avoiding problems, getting the most from your investments

Information technology has infiltrated just about every aspect of business, to the point where it’s nearly impossible to avoid developing a dedicated IT strategy in order to support your main business goals.

glitchTake the new book by Jeff Papows, veteran tech executive. In Glitch: The Hidden impact of Faulty Software, Papows describes how even minor software troubles can lead to big headaches for organizations, especially if they rely on the software to carry out their business. Software glitches can affect an organization’s technology infrastructure, its business operations, and its customers, and damage an organization’s brand, reputation, productivity and ultimately its profitability.

Naturally, the book also “provides sound recommendations on how to reduce the proliferation of these glitches.”

What first caught my eye though were Papows’s “10 tips to get the most from your IT investments“. You can just navigate to Computerworld to read the complete list, but I thought I’d highlight a couple of his salient points here:

  • Establish benchmarks and evaluate progress according to agreed-upon metrics
  • Promote IT governance as a positive contributor to the company’s bottom line, and offer employee bonuses to help negate unfavourable connotations
  • Create reporting dashboards that reflect business goals
  • Apply governance at each stage of the software development life cycle to avoid gaps that lead to glitches
  • Automate where possible, but don’t abandon the human review cycle

The common themes are vigilance, measurement and alignment of IT strategy to business goals. And activating each of these themes means engaging employees (not just IT staff) in all aspects of the process. Maybe that sounds like a heavy burden, but remember two things: the potential damage of a software or general IT glitch—in terms of profits, reputation and so on—can easily outweigh the cost to prevent such events; and when employees are on board and have clear direction—in the form of a policy and procedures—the costs should become predictable.

Information Technology PolicyPro (ITPP) from First Reference covers the IT planning process from beginning to end. For example, Chapter 1 — Planning features a section on strategic planning that “identifies critical elements of the IT strategic plan and ensures that IT planning is aligned with the organization’s strategic goals”, as well as a section on Implementation that “provides overall policies for implementing and modifying systems and applications”.

Adam Gorley
First Reference Human Resources, Compliance and Internal Controls Editor

Follow me

Adam Gorley

Editor at First Reference
Adam Gorley, B.A. (Phil.), is a researcher, content provider and editor. He contributes regularly to First Reference Talks and Internal Control blogs, HRinfodesk and other First Reference publications. His areas of focus include broad human resources issues, corporate social responsibility, corporate governance and government policies, information technology and labour market trends.Read more
Follow me

, , , , , , , , , , , , , , , , ,

Comments are currently closed.

4 thoughts on “IT strategy – avoiding problems, getting the most from your investments
  • Adam Gorley says:

    And of course, the stakes for weak security are rising. Countries are attacking other countries’ IT infrastructure seeking sensitive data. Chinese hackers did it to Canada just a few weeks ago.

    In that case, the weak link was high-level government employees who accepted compromised e-mail attachments that executed hidden tasks. Surely good reason for a strict training regimen for all employees at all levels.

  • Adam Gorley says:

    Thanks for the comments Jeffrey!

    It really seems like we’ve entered a new dimension when it comes to IT security, and nobody really has a grasp on the implications, although many proclaim their expertise.

    I read the other day some talk about backing up data. The author—a purported expert—said “Don’t bother with tape backup; it’s slow and won’t last.” Well, in the Google story you pointed out, it was tape that saved Google’s e-mail subscribers’ data. A true expert would have heard about that story and at least acknowledged the continued value of tape.

  • An amazing story about how an IT security consulting company was itself hacked and badly damaged because of poor selection and use of passwords.
    See: Anonymous speaks: the inside story of the HBGary hack,

  • We just had a reminder of the importance of robust and multiple backup procedures. Last week, “0.02%” of Gmail customers lost their accounts. Google’s attempt at on-line real-time backup (from multiple sites!)failed due to a software glitch, so Google backed up from tape. See:

    And an interesting analysis at: