IT Change Management
The next area we need to discuss is IT change management. This relates to the approach we take to implement a new IT system. We shouldn’t simply choose one IT system and persistently stick with it.
As our risk assessment continuously changes and evolves, our systems should mirror this development. However, when introducing new systems, we must first consider potential risks. For instance, what if we have a new system and we lack sufficient support to troubleshoot that system? Or what if it crashes and disrupts our entire business operations?
We must establish clear policies for managing the change. What steps are necessary, and who’s responsible for each step? One person should not oversee the entire change. Implementing segregation of duties can help prevent fraud. Additionally, we need to consider what happens if a significant issue arises, and we need to revert to our old system. How will we manage that transition?
Plan-Do-Check-Act
One model to consider for this is Plan-Do-Check-Act. Initially, we need to plan out which software we’re going to implement and our approach for doing so. Once we’ve crafted our plan, we need to implement the new software, install it and start using it. After initiating usage, we need to check whether it’s operating correctly, similar to the monitoring step of the internal control framework. After checking and monitoring it, we need to evaluate what modifications are necessary to ensure it operates at its optimal level.
When it comes to changing IT systems, a company needs to be systematic about how it implements changes, and how it transitions from old software over to new software. Consider a situation where a company decides on a direct changeover, meaning it transitions entirely from the old software to the new software instantly. With this approach, there’s no opportunity to work out potential issues with the new software because the company is now entirely dependent on the new software, which can be highly risky.
Instead of a direct changeover, the company should ideally adopt a gradual approach when implementing new systems, which involves conducting the necessary amount of testing. For instance, the company could execute a parallel transition, where it operates both the old software and the new software simultaneously.
This affords the company time to verify whether the new software functions effectively without fully relying on it.
Business Process Re-Engineering and Business Process Management
Next, let’s briefly discuss two IT terms: business process re-engineering and business process management. Although they sound similar, they signify two distinct concepts.
Business process re-engineering refers to a substantial change in the IT system, a radical shift. On the other hand, business process management pertains to a minor, gradual change in the IT system.
Cloud Computing
Now, let’s explore cloud computing. Cloud computing is the on-demand access to IT resources over the internet.
A simple way to conceptualize this is in terms of data storage. A company has a vast amount of data that it needs to store. Rather than purchasing physical servers to store data on-site, it can pay for the service to store its data on the cloud. This means that major service providers manage their own physical servers at a separate location, so the company doesn’t need to invest in its own servers. Instead, it rents out the storage space, resulting in cost savings. Google Drive is an example of cloud storage.