isaca presentation - isaca melbourne · isaca presentation ... an australian partnership and a...

ISACA Presentation IT Cost Optimisation How can an assurance function add value in this topical area? AUGUST 2009

© 2009 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

Contents

• Purpose • Why am I standing in front of you today?

• What is Cost Optimisation?

• Challenges and benefits of IT Cost Opt

• Typical IT Cost Structure • Where can you look?

o Full spectrum o Tactical o Strategic

• How do we turn this into value for the business? – timeframes – real deliverables - measurement

• General focus areas o Physical Asset Reviews o Software Asset Management o Contract Compliance Reviews o Business Risk vs Service Level Alignment

• Key issues re-cap

• Questions

• Presenter details


Purpose of tonight’s presentation

To address members of the ISACA and their guests who are interested in delivering efficient, effective and innovative assurance services for organisations of all sizes and industries.

Specifically…

How can IT assurance engagements can be structured to meet assurance objectives whilst identifying and delivering cost optimisation benefits to all areas of the IT landscape?


About me

• Line of Business Lead for IT Cost Optimisation at KPMG Australia

• Significant experience delivering assurance engagements including: designing, implementing and assessing controls

• Implementation of an IT Cost Optimisation approach which has been recognised by KPMG worldwide

• Recently delivered a number of highly successful IT Cost Baselining and IT Cost Optimisation engagements


What is Cost Optimisation?

IT Cost Optimisation is not only focussed on reducing IT spend – we work with our clients to strike a balance where acceptable IT service levels continue to be delivered under an optimised cost structure.

The devil is, definitely, in the details. In our experience, isolated quick fixes and conventional cost-cutting exercises often fail to identify and address the underlying cost and value drivers. While this statement holds true for cost optimisation programs enterprise-wide, it is particularly relevant for IT as a significant component of the total spend relates to intangible assets where cost and value drivers are not easily identified.


Some challenges and benefits…

Challenges

• Datasets – most likely, there will be many (and conflicting)

• Sources of truth – related to above

• Communication – you may find that you become a communication bridge between teams

Benefits

• Positive return on the assurance dollar

• Real savings – most IT cost optimisation initiatives provide measurable real dollar results

• Increased monitoring/reporting controls

• A balance between cost savings and business risk

• Increased cost disciplines


Typical IT structure

Est. % Cost Savings

Server Hardware Support and Leasing

Infrastructure Operating Systems (OS)

Software License / Maintenance

Application Software License / Maintenance

Data Centre

Flow on savings from higher level optimisations

>10%

>10%

Significant, although can be challenging to realise

Cost Stack

Help Desk / Other Support Up to 10%


Strategic

Tactical

Where can you look – the full spectrum…

Access to areas of deep specialisation

Procurement Investment

and Divestment

Treasury Finance Function Real Estate Supply Chain

and sourcing Human

Resources Tax Cash and Working Capital

Infrastructure Optimisation

Software Licensing

Archiving & Data Management Decommissioning Service Level

Optimisation

Physical Audit & IT Asset

Management

Sourcing Organisation Restructure Governance PMO Sustainable IT

Vendor Management

Strategy Portfolio

Management

Systems and IT

Full spectrum cost optimisation

Focus areas for IT Cost Optimisation


Tactical – for clients seeking short-term, tangible, cost optimisation we suggest they consider beginning with the tactical focus areas below…

Infrastructure Optimisation

Software Licensing Archiving & Data

Management

Decommissioning

Service Level Optimisation

Physical Audit & IT Asset Management

• Business criticality vs service level

• Infrastructure capacity management

• Purchase or re-purpose

• Re-purpose of software from decomm devices

• Check re-purpose pool prior to purchasing

• Duplicate functionality

• Over-spec software

• Licence compliance

• Invoice reconciliation

• Complete and current information

• Data centre floor space management

• Variable and fixed costs for each location

• Deletion of data following retention period expiry

• Full vs incremental back-up

• Daily vs periodic back-up

• Invoice reconciliation – removal of decomm items

• Power & floor space costs for items awaiting decomm

• Minimise service for items awaiting decomm

• Decomm legacy following transformation or upgrade projects


Strategic – we suggest that clients seeking to adopt a more strategic approach for longer term cost optimisation would consider the additional strategic focus areas below…

Sourcing

Organisation Restructure Governance PMO

Sustainable IT

Vendor Management Strategy

Portfolio Management

• Economies of scale – central management

• SLA/KPI monitoring • Flexible vendor contracts • Are you getting what you’re

paying for?

• Regular review of sourcing options

• Sourcing strategy • In-house activities that are not

part of your core business • Breadth of in-house skills to

deliver the expected business outcomes in the timeframes required

• Alignment of IT Services to business requirements

• Transparency of IT costs • Ability to influence re-

charged variable costs • Centralised verses de-

centralised model • Available budget versus delivery expectations

• Assessment of projects to park or discontinue

• Correct identification and focus on critical business projects

• Oversight of project schedules

• Root cause identification of trends in the delivery of IT Projects

• Measurement of benefit realisation post-delivery • Better IT Sustainability practices often deliver cost savings

• Value creation through improved corporate reputation

• Additional revenue creation from being a more sustainable company


How does an assurance function create value from the focus areas?

Controls

Risks Process

Cost savings Cost avoidance

As a generalisation, most assurance functions tend to focus their programs on the following areas:

To add value to the business, the aim is to address the above requirements while identifying / delivering one, or both of the following outputs:


So what could an assurance program of work look like?

The following slides provide high-level examples of these programs:

• Physical Asset Review

• Software Asset Management

• Contract Compliance

• Service Support Levels


Physical Asset Review

Focus: Undertake an assessment of the validity and completeness of IT assets and assess whether this information is being effectively applied to improve IT management decisions.

Procedures:

This work may include activities such as:

• Select a sample of IT assets and confirm physical existence and location

• Select a broader sample than above and “ping” live servers through the network to confirm existence and functionality

• Reconcile a sample of vendor invoices against the IT asset register and the live servers as a result of the above step

• Understand controls and procedures in place for the updating of the IT Asset Register and confirm, through sample testing, that controls are operating and effective

Possible IT Value Add Outputs:

• Is the corporation being invoiced for assets that no longer, or do not, exist?

• Is there value to be gained from changing the configuration of which applications are running on which servers?

• Is the existing physical IT landscape information being utilised in the planning for future data centre requirements and locations – consider associated costs such as power, rent, capex, etc?

Saving Est. $

$ - $$

$$ - $$$


Software Asset Management

Focus: Undertake an assessment of software licences held to confirm that the appropriate software licences are held in relation to the applications, operating systems, and IT management tools currently used by the organisation

Procedures:


• Undertake sample testing to provide evidence that desktop licences are held for all application installations;

• Are software licences re-claimed when employees leave the organisation or when hardware (desktop and infrastructure) is decommissioned;

• Reconcile existing employee headcount with the total number of licences deployed for all applications.

• Do any application licences appear to be over-specified – particularly consider development environments Possible IT Value Add Outputs:

• Over-spec licences

• Reclamation of licences as part of decommissioning for re-allocation

Saving Est. $ - $$

$ - $$


Contract Compliance

Focus: Consider the vendor management processes planned or implemented, including defined metrics to measure and evaluate vendor performance.

Procedures:


• an assessment of vendor performance against contracted SLA KPIs – including reconciliation of a selection of invoices over the period of engagement;

• an assessment of the adequacy of SLA reporting against expected benefits;

• a review of the process to monitor, change or amend SLAs;

• consideration of the strength of communication with the vendor and whether the vendor has brought value-adding options or ideas to the attention of the organisation.

Possible IT Value Add Outputs: • Has the vendor delivered any operational savings (perhaps efficiencies) outlined in the

original contract?

• Has the organisation reconciled performance against SLA/KPI prior to payment of invoices?

• For outsourcing contracts – has there been a measurable reduction in resources to reflect the outsourcing of services?

Saving Est. $ - $$

$ - $$

$$ - $$$


Service Support Levels

Focus: Consider the alignment of service levels against business criticality within the IT environment – this may include Application Support, Mid-range Support, Mainframe Support or Hardware & Maintenance.

Procedures:


• obtain baseline information for application and infrastructure criticality to the business;

• obtain an understanding of the different service support levels available pursuant to vendor contracts;

• match the vendor service support levels against business criticality – this may require considerable data matching and modelling.

Possible IT Value Add Outputs: • Identify areas of support that are below the level required to meet business criticality –

e.g. the core business application is receiving minimal service support in order to minimise costs.

• Identify service support levels that are excessive as compared to business criticality – opportunity exists to reduce service levels and therefore reduce costs

• Challenge the assessment of business criticality where it no longer appears appropriate – e.g a legacy system that was previously critical to the business may no longer provide the same business risk exposure

Saving Est. $ - $$

$$ - $$$

$ - $$


Key issues re-cap

• Clarity of data extracted from the business and establishing “sources of truth” are two challenges that are often encountered when undertaking an IT Cost Optimisation program

• Real Savings, demonstrating a positive return on the assurance dollar, is a key benefit that can be achieved through a focus on IT Cost Optimisation

• A tactical focus, working within existing business parameters (such as existing vendor contracts), can provide immediate or short-term savings

• A strategic focus will most likely require additional time and resource investment, but can result in more significant business value

• There are many different ways in which existing control, risk and process focussed assurance programs can deliver IT cost optimisation benefits – today we have only touched on four examples of where an assurance function can add value


Questions?


Contact details

Luke Wretham Associate Director Advisory KPMG 161 Collins Street Melbourne VIC 3000 Australia [email protected] KPMG is an Australian partnership

Tel 03 9288 5181 Mob 0416 229 240

isaca presentation - isaca melbourne · isaca presentation ... an australian partnership and a...

Documents