Business Information Systems & Return on

InvestmentInstructor: Michael Curry

Outline

• Review How BIS are used within an organization• Lifecycle of BIS and costs associated with BIS• The need for IT Controls and COBIT• Exercise: use COBIT to help with a BIS acquisition• Calculating project viability (CBRA)– Cost– Benefit– Confidence– Analysis and Recommendations

Review: How IS are Used in Organizations

• Productivity Paradox has been discredited

• Today organizations use heavily depend on functional IS systems– Many (legacy) are still isolated functional systems– BUT the trend is towards cross functional systems

• Cross functional systems though more expensive and more complex, help business run more efficiently– You should be able to explain how/why & give examples

Pros & Cons of IS in Business

₊ Faster calculations₊ Large data storage₊ Simplifies working at a

distance₊ Business rules can be

programmed₊ Less error (some things)₊ Cheaper than labor

(some things)

− Must be well planned in advance

− Difficult to engineer− Brittle: requires ongoing

support− Inflexible− Vulnerable to threat− Complex− Expensive

Lets Consider Just Cost

• Implementing a system is expensive– Example

• Recent SAP implementations at Oracle & Nike ran$500M each• High profile SAP failures for State of California, Fujitsu & Waste

Management

• Profitability is uncertain and difficult to predict

IT Controls & COBIT

• Increased dependence in organizations on IT and unpredictability of costs are two reasons for effective IT Controls

• COBIT is a business oriented framework for managing IT that seeks to reduce risks and increase performance

Predictability of CostsPredictability of Costs Increased Dependence on IT in Business

Increased Dependence on IT in Business

A need for controls to link IT with Business Goals and Objectives

COBIT: A framework for reducing risk and increasing performance

COBIT: Control Objectives for Information and related Technology

• COBIT is a process-oriented, business-goal focused, systematic framework for evaluating the IT operations within an organization. It is designed for:– Managers who need IT,– IT Providers – “Auditors” concerned with risk, security, privacy,

compliance, and assurance

• You may not know how to evaluate an organizations use of IT, but COBIT can help guide the process

COBIT Example

• What to do if you plan to undertake an IT initiative for your business?

• COBIT Process AI1: Identify Automated Solutions– “The need for a new application or function requires analysis to

ensure business requirements are satisfied– Completing these steps minimize costs while ensuring the

business will achieve its objectives”

– The AI1 process covers1. Defining the needs2. Review of technological and economic feasibility3. Risk analysis and4.

Cost-benefit analysis

Today Our Focus is the Cost-Benefit Analysis

Who should be Accountable and Responsible for analyzing costs of a project to determine feasibility?

Executive, CIO, Business Process Owner, & Project Manager

Add Confidence to Analysis

• Confidence is a variable in any project and should be factored into the analysis to create a more accurate view of the costs & benefits

Confidence Estimates

• Adjust a CBA with confidence estimates based on the information you have available to you

• This is not an exact science, but should be based on estimates, quotes and similar efforts

• Throughout the project, work hard to increase confidence of all estimates as high as possible

• A spreadsheet is helpful to model different scenarios as confidence increases/decreases

How to Account for Confidence• For COSTS, increase to account for worst case

Cost w/ Conf = (1+ (1- conf)) x Cost– Estimated cost = $1000– Confidence in a cost = 80%– Adjusted Cost (with confidence) = $1200

• For BENEFITS, decrease to account for worst caseBenefit w/ conf = conf x Benefit– Estimated benefit = $1000– Confidence in benefit = %80– Adjusted Benefit (with confidence) = $800

• Compensates for a tendency of positive bias in benefits and negative bias in costs

Analysis & Recommendations

• AI1.3 Feasibility Study … “assess the feasibility and make a recommendation to the business sponsor”

• Make a clear business case as to why a project should be undertaken (or not)

• You should have high confidence in all your estimates• Avoid absolutes! Instead, express in % confidence

– Even w/ high confidence, projects fail due to factors outside of your control

– “Under promise & over deliver”• Provide additional documentation of your analysis

especially your assumptions

Take Away

• Discuss the lifecycle of BIS in terms of cost• Explain the need for IT Controls such as COBIT

and how they help businesses manage costs• Explain how COBIT: AI6 recommends a careful

analysis of costs and benefits• Understand how to perform a CBA and how to

factor in confidence• Make a recommendation on the feasibility of a

project from a cost benefit perspective