The IT Budgeting Process Chapter 9 The IT Budgeting Process © 2015 Pearson Education, Inc. Publishing as Prentice Hall
IT Budgeting Five steps IT budgeting, 1:06 Case: TimeForge (http://www.timeforge.com/site/) is a Lubbock based start-up company. It is to adopt big data technology for the tasks of fraud detection, loss prevention, and item level forecasting. How much will be budgeted for the project? Which combination of IT will be adopted? What equipment will be procured? How many people will be hired? For sure, a business plan will be developed. This is the type of Strategic Investment ©2015
Factors affecting budgeting Which combination of IT will be adopted? Platform: Hadoop or SQL Server? Tools: SAS, R or Python? What IT equipment will be procured? In-house, outsourcing, or partnership? How many people will be hired? Data analyst, statistician, software engineer, or Given the celling of $10,000/month budget (operations costs) and one time investment of $30,000 (strategic investment), How the budge will look like? Could it meet the need from the big data demand? Shall the increased revenue be greater than the extra investment into IT? ©2015
IT Budgets IT Budgeting Process, 3:07 Problems Takes too long. Process may be disconnected from the business objectives. Rigid adherence to annual plans may inhibit responsibility for performance. May inhibit the business needs to be flexible.
Functional IT budgets Used by IT managers as spending plans and are based on: -- Operations costs -- Strategic investment
Fiscal IT budget (i.e., those prepared for the CFO) -- Capital expenditures – consist of large expenses spread over multiple years. -- Operating Expenses – consist of the annual costs of running the business.
The IT Budget and Planning Process What is budgeting and planning, 5:59
Capital budgets IT Expenditures that may be capitalized include: -- Project development -- Infrastructure -- Consulting fees -- Major technology purchases
IT Budgeting Categories Operations costs: -- Costs to “Keep the Lights On”. -- Includes maintenance costs, computing and peripheral functions, in-house support and outsourced support. -- May include operating and capital costs.
IT Budgeting Categories (continued) Strategic investment: -- Consists of “New” technology spending. -- May include business improvement initiatives, business- enabling initiatives to transform company operations or new technology business opportunity projects. -- May be classified as capital or operating costs.
Economic Issues The Economics of IT Budget Allocation - Economics of I.T. (Part 1), 7:09 The Economics of IT Budget Allocation - Economics of I.T. (Part 2), 5:57 Cost allocation -- The process of allocating IT costs to others’ budgets. -- Allocation may be based upon a formula using factors such as size of business unit, prior year spending, or percentage of use of IT services. -- May lead to artificiality in allocating development resources.
Importance: Fiscal Discipline “IT Costs too Much”. Demonstrating the realities of business finance has become a significant part of IT leadership. IT budgets may be used to limit or manage demand. Used to hold IT leadership accountable for what it spends.
Importance: Strategic Implementation Budgets link long-term goals to short- term execution through the allocation of resources. Where IT dollars are spent can impact corporate performance. How discretionary IT dollars are spent impacts project outcomes. The budget process reinforces strategic decision making.
Corporate processes -- Establish corporate fiscal policy. -- Establish strategic goals. -- Set IT spending levels.
Factors that Affect IT Spending Levels External factors Number of competitors Uncertainty Diversification of products and services Internal factors Affordability Growth Previous year’s spending
IT Processes Set functional IT budget – determine what is spent on IT operations and strategic investment. Set the fiscal IT budget – transform the functional IT budget into operating and capital spending categories.
IT Budgeting Practices that Deliver Value Appoint an IT finance specialist Use budgeting tools and methodologies Separate operations from innovation Adopt enterprise funding models Adopt rolling budget cycles
Conclusion The IT budget process can be a critical lynchpin between many different stakeholders: finance, business units, corporate strategy, and IT. IT budgets play a key role in implementing strategy and controlling costs.
Managing IT-Based Risk Chapter 10 Managing IT-Based Risk © 2015 Pearson Education, Inc. Publishing as Prentice Hall
IT Risk Management Risk management, 4:58 The five IT risks, 3:05 Incidents Harm constituencies both within and outside companies. Damage corporate reputations. Dampens an organization’s ability to compete.
A Holistic View of IT-Based Risk INTERFERENCE CRIMINAL Legal/ Hazards Third Regulatory Parties External Risk Operations Information Systems Development People Processes Culture Controls Governance Internal Risk ENTERPRISE RISK Figure 10.1 A Holistic View of IT-based Risk
Sources of External Risks Third parties (i.e., partners, software vendors, service providers, suppliers, customers). Hazards (i.e., disasters, pandemics, geopolitical upheavals). Legal and regulatory issues (i.e., failure to adhere to the laws and regulations).
Sources of Internal Risks Information risks (i.e., privacy, quality, accuracy, and protection). People risks (i.e., poorly designed business process, failure to adapt business processes). Cultural risks (i.e., risk aversion and lack or risk awareness). Control (i.e., ineffective controls). Governance (i.e., ineffective structure, roles).
Criminal Risks Come From: Viruses Computer Virus, 5:08 Antivirus & Internet security, 2:38 Hackers Organized crime Industrial spies Terrorists
Holistic Risk Management (RM): A Portrait Focus on what’s important Expect changes over time View risk from multiple levels and perspectives
A Risk Management Framework The goal of a risk management framework (RMF) is to ensure that the right risks are being addresses at the right levels. The RMF guides the development of risk policies and integrates appropriate risk standards and processes into existing practices (e.g., the SDLC).
A Basic Risk Management Framework Includes: Risk category Policies and standards Risk type Risk ownership Risk mitigation Risk reporting and monitoring
Actions to Improve RM Capabilities Look beyond technical risk Develop a common language of risk Simplify the presentation Right size Standardize the technology base Rehearse Clarify roles and responsibilities Automate where appropriate Educate and communicate
Conclusion IT risk is involved in many types of business risks and therefore should be managed holistically. An integrated risk management framework helps organizations understand risk and make better decisions associated with it.