Compliance

Conclusion:

The choices when selecting and designing an Enterprise Resource Planning (ERP) solution are immense and typically require industry specific considerations. Executives rightly desire fully-integrated IT services across all departments within an organisation. The end result is a reliable, fully-integrated, and secure solution whether it is deployed in a public or hybrid Cloud solution.

What should not be up for negotiation are the essential, human-facing critical controls (CCs) that maintain the effectiveness and security of this critical asset during business operations. In all, IBRS sees organisations needing to address 10 human-facing CCs from a group of 20 CCs. The remaining 10 CCs will cover the technical controls later in this research series.

Conclusion: As-a-Service solutions offer organisations agility, flexibility and scalability but the graveyard of unused software piling up should ring alarm bells. Neglected software utilisation and compliance will be factors that should drive a new Software Asset Management (SAM) investment. The impact of an unmanaged Cloud SaaS or IaaS solution will be quickly revealed during audits. At a time when management is a focus, this should be an easy win.

Organisations will need to quickly identify if they are running single or multi-tenanted instances and whether production and non-production environments are being managed efficiently for the purposes of SAM product selection.

Selecting a SAM tool should be proportionate to the cost of non-compliance. Unmitigated software licence costs can be eye-watering. Consider these factors when selecting your SAM product for Information Technology Asset Management (ITAM):

  1. Data points
  2. Software overspend
  3. Inefficiency
  4. Compliance

Conclusion:

Chargeback of enterprise-wide ICT costs were developed to assign ICT costs to the point of usage. The outcome is twofold; it ensures the initial allocation of ICT assets and services are identifiable, and it enables reallocation of underutilised or unnecessary services. This relies on IT creating assets and services which are commodified and transferable.

A chargeback arrangement can increase tension between ICT and the department managers. Allocating all ICT costs to achieve a zero-sum IT department can exacerbate that tension. Making IT fully responsible and accountable for IT costs can create insular behaviours which stifle innovation and investments in new IT services for departments. Departments will feel entitled to explore ICT improvements without an effective relationship with IT. Creating a chargeback governance model that manages disputes and builds trust in the process is preferable.