ARTICLE
26 July 2011

It’s About Time For An Annual Computer System Health Check-up

CS
Crowe Soberman LLP

Contributor

Crowe Soberman LLP logo
Providing audit, tax, and advisory services to mid-sized businesses, individuals, NPOs and public companies. Based in Toronto, our unique size allows us to provide a wide range of services while focusing on providing close partner attention to clients. We serve clients worldwide as an independent member of Crowe Global. Visit crowesoberman.com.
Explore
We are all expected to visit the doctor once a year for a thorough checkup. We take our cars for regular oil changes and tune-ups.
Canada Media, Telecoms, IT, Entertainment
Person photo placeholder
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

Originally published in Comments - Summer 2012

We are all expected to visit the doctor once a year for a thorough checkup. We take our cars for regular oil changes and tune-ups. We meet with our children's teachers once a semester to review their progress. If we are business people, we consult with our board and advisors from time to time to discuss everything from financial results to the competitive market. Yet, how many of us apply this same discipline to our computer systems? You know those ubiquitous machines that produce our financial statements and control our inventory and manufacturing? The same machines that calculate staff payroll, store our trade secrets and help us manage our enterprises in a smarter and more effective way?

Not very many!

Why is this? Senior managers often cite these reasons for not spending more time and effort on their computer systems:

  • Complexity – "Computer systems are simply too complex to understand. Leave it to the 'techies'!"
  • If it ain't broke, don't fix it – "The system produces many useful reports, so why worry?"
  • Computers are simply tools – "We should focus on our core business, not on computers."
  • If it breaks, we can simply replace it – "After all, we don't use any custom software."
  • Nothing valuable is stored on our computer – "We are a bricks-and- mortar business, not a bank."

In most cases, these arguments are flawed and without substance.

  • Complexity – Computer systems are complex, but they support business processes which should be well under- stood by management. Technical staff is not necessarily qualified to make decisions about these processes or about the needs of end users. They should, however, be qualified to explain technology in simple terms, so that managers can make informed decisions about new systems and overall technology direction.
  • If it ain't broke, don't fix it – Yesterday's reports are static, historical, somewhat inflexible and based principally on financial information. Today's reports (which your competitor may well be using) are flexible, analytic, and predictive, and support complex decision-making and optimization in real time. They can make a business operate better, identify opportunities sooner and be more responsive to the market.
  • Computers are simply tools – Yes, but they are very sophisticated tools imbued with more and more intelligence and the ability to operate autonomously. The very smartest computer systems are those that are the easiest to operate and provide the greatest payback in the shortest time to end users.
  • If it breaks, we can simply replace it – Yes, but a computer system is more than hardware and software. It is configuration, system settings, firewalls, user profiles and dozens of other features, each of which needs to be re-created if a system breaks. Employing a data backup is the beginning and having a system backup is a good start. Although, neither will ensure that a system outage can be addressed without days or even weeks of some type of costly disruption to the business.
  • Nothing valuable is stored on our computer – Well, that is, except possibly personnel records (personal information), customer lists, confidential emails, financial projections and results, research results and tax records for the CRA. Even the most non-technological company probably stores information which provides a tempting target to hackers, competitors or disgruntled employees – not to mention providing an opportunity for the Privacy Commissioner to audit and publically sanction the company for improperly safeguarding personal information after a data breach occurs!

In my next article, we will look in some detail at the components of an annual computer health check. However, for those of you who can't wait, a typical health check takes between three days to two weeks and normally entails:

  • Computer security assessment (external, hackers)
  • Computer security assessment (insiders, trusted systems staff)
  • Privacy risk assessment – control of personal information
  • Computer controls assessment – development, programme changes and patches, data base controls, web application controls, e-commerce
  • IT organizational effectiveness assessment – people, processes and value for money
  • IT strategy assessment – using technology to move the business forward

The health check is a very high-level review, but it can nevertheless provide a good starting point for reducing business and legal risks, improving business processes and controls, and increasing the overall strategic value of IT to the organization.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.

Authors
Person photo placeholder
Jerrard B. Gaertner
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More