We are all expected to visit the doctor once a year for a
thorough checkup. We take our cars for regular oil changes and
tune-ups. We meet with our children's teachers once a semester
to review their progress. If we are business people, we consult
with our board and advisors from time to time to discuss everything
from financial results to the competitive market. Yet, how many of
us apply this same discipline to our computer systems? You know
those ubiquitous machines that produce our financial statements and
control our inventory and manufacturing? The same machines that
calculate staff payroll, store our trade secrets and help us manage
our enterprises in a smarter and more effective way?
Not very many!
Why is this? Senior managers often cite these reasons for not
spending more time and effort on their computer systems:
Complexity – "Computer systems are simply too
complex to understand. Leave it to the
If it ain't broke, don't fix it – "The
system produces many useful reports, so why worry?"
Computers are simply tools – "We should focus on
our core business, not on computers."
If it breaks, we can simply replace it – "After
all, we don't use any custom software."
Nothing valuable is stored on our computer – "We
are a bricks-and- mortar business, not a bank."
In most cases, these arguments are flawed and without
Complexity – Computer systems are complex, but they
support business processes which should be well under- stood by
management. Technical staff is not necessarily qualified to make
decisions about these processes or about the needs of end users.
They should, however, be qualified to explain technology in simple
terms, so that managers can make informed decisions about new
systems and overall technology direction.
If it ain't broke, don't fix it –
Yesterday's reports are static, historical, somewhat inflexible
and based principally on financial information. Today's reports
(which your competitor may well be using) are flexible, analytic,
and predictive, and support complex decision-making and
optimization in real time. They can make a business operate better,
identify opportunities sooner and be more responsive to the
Computers are simply tools – Yes, but they are very
sophisticated tools imbued with more and more intelligence and the
ability to operate autonomously. The very smartest computer systems
are those that are the easiest to operate and provide the greatest
payback in the shortest time to end users.
If it breaks, we can simply replace it – Yes, but a
computer system is more than hardware and software. It is
configuration, system settings, firewalls, user profiles and dozens
of other features, each of which needs to be re-created if a system
breaks. Employing a data backup is the beginning and having a
system backup is a good start. Although, neither will ensure that a
system outage can be addressed without days or even weeks of some
type of costly disruption to the business.
Nothing valuable is stored on our computer – Well,
that is, except possibly personnel records (personal information),
customer lists, confidential emails, financial projections and
results, research results and tax records for the CRA. Even the
most non-technological company probably stores information which
provides a tempting target to hackers, competitors or disgruntled
employees – not to mention providing an opportunity for
the Privacy Commissioner to audit and publically sanction the
company for improperly safeguarding personal information after a
data breach occurs!
In my next article, we will look in some detail at the
components of an annual computer health check. However, for those
of you who can't wait, a typical health check takes between
three days to two weeks and normally entails:
Computer security assessment (external, hackers)
Computer security assessment (insiders, trusted systems
Privacy risk assessment – control of personal
Computer controls assessment – development, programme
changes and patches, data base controls, web application controls,
IT organizational effectiveness assessment – people,
processes and value for money
IT strategy assessment – using technology to move the
The health check is a very high-level review, but it can
nevertheless provide a good starting point for reducing business
and legal risks, improving business processes and controls, and
increasing the overall strategic value of IT to the
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).