The budget of the Department of Information Systems is considered very high by business leaders most of the time. Information systems are treated as a cost center, rarely a service center, and their managers receive more or less clear instructions every year, including “reduce this budget by 3% for me”, “your team is very important”. “Your licenses are too expensive”, etc…
However, the Chief Information Officer is in the best position to decide how to make the best use of his budget. He alone, according to his company’s strategy, knows what are the priorities, innovations to be made, orientation to be given to his department.
Calling an outside party to conduct an IS audit can then prove to be very useful, on the one hand because it provides perspective and on the other because it is necessary to find avenues for objectivity improvement. under constraints.
think outside the box
An IS audit provides an outside perspective, one that the CIO may not necessarily have because he or she does not necessarily have to take into account what is practiced elsewhere, what standards and practices are in force in his area of activity. . This serves as a benchmark and allows it to justify its costs in comparison to its general management.
IS Budget, Consolidation of Essentials and Business Requirements
A budget is made up of a collection of essentials (keep the lights on) and projects articulated by businesses. For example, there are several possible avenues of improvement at several levels:
- Consistency: Are all my expenses IT related? Telephone expenses should be IT related, but how can such a budget item be justified in the case when the purchase of laptops is the responsibility of the user departments? A little consistency is needed.
- Priority: Can my projects be prioritized in any other order, keeping in mind the imperative of providing them with the required infrastructure and network? Does prioritizing these same projects honor my company’s strategy?
- Cost: Implementing the new enterprise solution will require huge expenditure on user training. Will this have a positive impact towards lowering my support cost?
- Customization: Do I have a comprehensive database of machines, equipment and licenses and are their maintenance contracts reasonable at the right cost? Can I pool my maintenance contracts?
- Security: Given the nature of my company’s activity, is the security that has cost me so much, justified?
An IS audit then makes it possible to address each of these points.
Don’t settle for a shot
A budget is prepared every year, it is monitored continuously and re-allocations are common during the year. So doing IS audits on a recurring basis would certainly be relevant. don’t necessarily come back to it every 6 months; The second audit should take into account the points addressed during the first as well as those that were identified and measure deviations.
The first audit should serve as the basis for the following audit, the context will remain the same but the needs of the business have evolved.
In any case, the CIO may not be satisfied with a one-off audit.