Business Assurance and the Changing Role of IT


In todayís do-more-with-less business environment, with increasing demands from customers, shareholders, and regulators, the IT organization is not only asked to work harder and smarter, but is being asked to take on the role of assuring the business. Businesses donít succeed if they canít measure their success against objectives, which must be prioritized and supported by an effective information infrastructure. Business governance demands that financial reporting is accurate and secure, that assets are effectively managed, and that employees, the most valuable but the most expensive asset the organization has, are enabled and productive. Yet there is a constant struggle to free up time to think and work more strategically, in the midst of todayís challenges and fire-fighting mode. Technology is an enabler for more effectively managing the business, but does not solve the problem unless it is tied directly to business and governance objectives. Utilizing technology more effectively enables businesses to address many of the challenges they face everyday, such as how to improve commercial performance, increase business up-time, raise output per employee, improve customer service and satisfaction, reduce business and security risks, cut operational costs, comply with multiple regulations, and keep staff happy and motivated.

ďIT organizations must have the confidence to make key decisions on new technology if they are to move from being a business enabler to a business contributor and play a central role in the future of business strategy," said Peter Sondergaard, global head of research at Gartner who spoke at the 2005 Gartner Symposium/ITxpo in Barcelona. By aligning IT with business objectives, IT becomes a business contributor, in a sense - assuring that the business meets its vision and goals.

This paper discusses some critical issues and opportunities for the IT organization to think through before it invests in technology, including: 1) an approach that Touchpaper has developed for IT to define and address business objectives - IT Business Management (ITBM), 2) Compliance, 3) Asset Management, and 4) Employee Productivity.


ITBM enables businesses to maximize their potential by providing the highest levels of service to their internal and external customers. An ITBM enabled organization will have identified Key Performance Indicators (KPIs) that are critical to its success. Investment in IT will then be a direct contributor to the productivity of the organization and the success of the business. The exact KPIs will be specific to each organization. Touchpaper has identified a standard set that is likely to form the core measures. The management, tracking, and reporting of KPIs around these goals can be facilitated by the use of sophisticated, yet easy to use reporting tools.

Key Performance Indicators:

Measurement of Growth and Value:

  • Revenue growth against IT investment and utilization
  • Linkage between IT investment and business strategy

Cost management:

  • Cost avoidance and cost reduction, budget management
  • Re-use and sharing of services, infrastructure, architecture such as networks, customer databases, hardware, service desks, servers, middleware and security
  • Adoption of standard IT principles
  • Asset utilization, asset status and tracking


  • Continuity and availability
  • Access management
  • Security Management
  • Integrity and accuracy of information
  • People risks, Staff turnover and retention
  • Disaster recovery processes


  • Customer satisfaction and feedback
  • Awareness and knowledge
  • Service levels and availability


In the past, financial regulations and safeguards were aimed at the CEO and CFO and the department that manages the finances. With the advent of Sarbanes-Oxley (SOX), HIPAA, and GLBA, the focus is on Internal Controls that reach beyond the finance department (i.e. rules and practices that corporations must follow to keep financial reports correct and reliable and information accessible only to the right people.). IT has a role to play in supporting the accurate management, tracking, auditing, security of access, processes and data. IT organizations are key in the collection and transportation of financial information and are therefore charged with implementing controls that assure compliance with these regulations. Effective IT governance aligns IT actions with compliance targets and ensures that accountability for meeting those targets is assigned and owned.

To help IT organizations manage compliance, the Information Systems Audit and Control Foundation and the IT Governance Institute developed COBIT (Control Objectives for Information and related Technology). COBIT defines a set of Control Objectives, as well as a set of prepared questions and checklists to guide IT organizations in the development of internal controls and processes. Auditing firms also utilize COBIT to evaluate a corporationís SOX compliance.

IT, and more specifically the service desk, must manage and record anything that might indicate a delay in financial reporting, or an attempt to manipulate or mis-state financial information, including such things as system downtime and failures, problems and requests for changes, or access to systems. Although SOX and COBIT do not mandate the use of technology or automation to implement Control Activities, manual reporting can be inconsistent and subject to error, which may raise Material Weaknesses concerns with auditors. A service-based approach can guide responses with the proper procedures, including predefined workflows, automatic notifications, and prioritized service levels for different activities. The key is to ensure a consistent response to specific breaches, problems or threats, and to document those procedures as well as the response, in a way that stands up to an audit.


To effectively manage IT spending and utilization, better use must be made of existing assets. As IT assets have become increasingly prevalent and complex, it has become more difficult to keep track of assets, to establish a real-time view, understand the risk and impact analysis of any change, and ensure that all assets are being used to best address current needs. Many organizations still use manual processes and standalone databases to maintain asset information, spread across various repositories. A Configuration Management Database (CMDB) is becoming a prerequisite for a view of how IT can adapt to changing business needs while providing a highly available and secure infrastructure. A practical approach for a successful implementation of a CMDB will require a federated data model with a consistent view that receives at least some data from element-specific tools (for example, desktop configuration management, server configuration management, network management, and storage management). A CMDB should be able to integrate data from industry-standard automatic discovery tools such as LANDesk, Novell ZENworks, Microsoft SMS, Altiris, and SAP Financials to maintain a consolidated view of asset definition and structure through a service management console.


Employee productivity requires an infrastructure that allows them to access the appropriate information when and where they need it, and the ability to quickly resolve simple issues themselves. This increases satisfaction and reduces the pressure on the IT department, allowing service desk analysts to spend more time solving complex issues, and less time logging tickets and managing common problems. Systems designed to provide easy access to user information, sophisticated knowledge bases, and remote access, as well as seamless Incident, Problem and Change Management are helping to revolutionize the analystís role. Role-based functionality provides both customers, employees and IT service management personnel with access to the information they need at the time they need it. User-friendly, "smart" interfaces can be accessible through multiple formats (e.g. PC, Internet, PDA).


Instead of focusing on basic service provision and problem resolution, organizations need to start thinking of IT as an enabler of business objectives. Organizations must not only anticipate and address problems before they arise, they must identify and prioritize their business objectives and develop business processes and supporting information infrastructures that optimize performance of the business. Rather than forcing through highly structured but inflexible procedures, they need to introduce intelligent, learning based processes that adapt to experiences and situations, and operate pro-actively rather than reactively. Discovery and automation, diagnosis and resolution, and knowledge and learning are the fundamental principles that define the changing role of IT in assuring the future success of the business.

About the Author

Carl Grieves, senior vice president at Touchpaper in the Americas, has been providing information solutions to customers in vertical applications in Healthcare, Financial, Education and Legal sectors throughout the Americas and Europe. Prior to his current post, Carl was General Manager of Touchpaper Ireland, and worked at Reuters plc, where he managed key accounts. With over 20 years of experience across the UK and Europe, the USA and Asia Pacific, Touchpaper is one of the most established and respected international providers of IT Business Management (ITBM) solutions. Instrumental in redefining the move away from simple help desk products to complete ITBM solutions and services encompassing IT Service Management (ITSM), Customer Service Solutions (CSS) and Systems and Network Management, Touchpaper now has over 1700 customers around the world, supporting over 3 million users.

More by Carl Grieves

About Touchpaper

With over 20 yearsí experience across Europe, the USA and Asia Pacific, Touchpaper is one of the most established and respected international providers of IT Business Management (ITBM) solutions, encompassing IT Service Management (ITSM), Customer Service Solutions (CSS) and Network and Systems Management (N&SM).

Touchpaper sells its solutions directly and through an extensive international network of resellers to private and public sector organisations across various vertical markets including education, financial services, healthcare, IT, law, manufacturing, professional services, retail, transport and utilities. Customers include The Bodyshop International, Friends First, Harvey Nichols, London Business School, Merrill Lynch and WWF (World Wildlife Fund).