Is your IT system a source of competitive advantage or of risk?

Aug 01, 2017
Risk consulting Technology risk consulting

Many companies are missing out on some of the most attractive ways to improve efficiency and productivity offered by their IT systems. At the same time, they may be opening themselves up to significant new risks. Step back from the day-to-day operation to evaluate the opportunities and risks to make sure your company is successful and secure.

Missing out on new ways to serve customers and business partners

Current IT systems can be extremely powerful, and may be meeting the company’s current goals. But many companies don’t release full value from their investment and are missing out on the potential their existing systems offer.

This might include a company that diverts many of its routine sales to online ordering and fulfilment, freeing up the salespeople to focus on customers that need more hands-on service. Or, it could be making simple changes to the accounting system so that invoices are generated and sent out automatically – reducing the potential for error that comes from human involvement, particularly the re-keying of data.

There are also possibilities to completely re-think the way the company does business. This may become even more essential at a time when new, disruptive business models are changing the landscape – much as Amazon is disrupting retail and the delivery of goods, and Uber is causing huge changes in the personal transportation sector.

New security threats demand new approaches to IT management

Just as there are new opportunities with existing IT systems, the existing ways of  technology management can leave companies wide open to new and growing threats.

As an example, consider ‘ransomware’ – in which a hacker installs malicious software that encrypts files on a user’s computer so that they cannot be accessed, unless the victim pays a ransom in exchange for unlocking the data. According to security firm Symantec, Canada is fourth on the list of countries on the receiving end of ransomware attacks, averaging 1,641 attacks per day. This may not be detected or prevented by just using anti-virus software.

There is also the threat that a company’s computers can be accessed without the intrusion being detected, the computers then being subverted to participate in large-scale attacks on large,  secure sites or government institutions.

Even companies as security-savvy as Yahoo! and Google have made the headlines recently with news stories about successful hacking attacks and theft of confidential information.

Taking action on IT threats and opportunities

Many of the ways to deal with these situations can be accessed by using the company’s existing systems, without any investment in new equipment.

Current accounting packages generally make it easy to automate many functions, including sending out documents such as quotes, statements and invoices.

And, many of the vulnerabilities can be addressed by simple steps such as changing the passwords on equipment such as routers, replacing the easily-guessed factory-set default passwords. Many ransomware attacks come when employees mistakenly open attachments on emails sent by hackers; Some training in IT security practices, or tips on good practices can help forestall such attacks.

Other steps can be more complex. For example, many attacks on computer systems involve the hacker installing software that ‘fools’ the computer – and the user – into thinking that the computer has downloaded all the current security patches, when in fact it has not, leaving the computer vulnerable.

The benefits of conducting an IT health check

Many of these problems can be avoided and managed by stepping back from the day-to-day realities of the business, and determining how to get the best, and avoid the worst, from the IT system.

This might be called an ‘IT health check’ and like a medical physical examination, it involves a situation analysis to see if everything is as it should be. Like a good medical exam, it goes further, to point to opportunities to do better.

There are three ways that this IT health check can be conducted:

  1. The company uses its own personnel to conduct the check – which has its advantage in that these people are familiar with the system and what it needs to do. The downside is that they may not have the specialized skills or the experience to do the check effectively.
  2. The company can outsource all the work to an external IT provider – which can ensure that the right skills are available, and it allows employees to focus on their existing work. However, it can be costly, and the insider perspective may be lacking.
  3. A hybrid – in which internal staff and external professionals each contribute their strengths to the project. This often produces the best results – both in identifying vulnerabilities as well as the potential for improvements in the way business gets done.

The external team will need an inventory of equipment, a compilation of policies and procedures, and a schematic of the IT network. Based on experience elsewhere, and working with the internal staff, the consultants can analyze the system and make recommendations for improvement.

The benefit is that the company’s management team can sleep better at night, secure that it has done what is possible to safeguard the company from external threats and is aware of all the possibilities of increasing value realization without additional investment.

Related insights

Stay up to date on what matters most to your business.

Let us know your personal preferences for topics, industries and services to start receiving RSM updates in your inbox. Get the most from insights, events and offers from our team of first-choice advisors.