Reading the Tea Leaves

Top Technology Initiatives Explained

The AICPA published the 2007 edition of its annual Top Technology Initiatives list in February. The list identifies those technology initiatives expected to have the greatest impact on financial, risk, and performance management in the upcoming year.

Because this survey draws upon the opinions of practitioners across all industries and sizes of companies, it can be hard for companies to "read the tea leaves" to identify which of these items are most relevant to them. In this article, I am sharing some of my insights and experiences with these technology initiatives, developed over several year leading seminars based on the current year's list – and also nearly 18 years as a practitioner.

For reference, this year's top 10 vote-getters are:

1. Information Security Management
2. Identity and Access Management
3. Conforming to Assurance and Compliance Standards
4. Privacy Management
5. Disaster Recovery Planning & Business Continuity Management
6. IT Governance
7. Securing and Controlling Information Distribution
8. Mobile & Remote Computing
9. Electronic Archiving and Data Retention
10. Document, Content, and Knowledge Management

My Take on the List...

From performing and supervising over 90,000 hours of client service, I tend to group several of these technology initiatives together into primary "Themes," and also use terms that may be more familiar:

Most of the groupings are self-evident. My aggregation of items under the "Compliance Definition and Management" theme reflects similar tasks around defining and managing compliance with requirements – whether those requirements deal with identity, access, assurance standards, statutory, regulatory, or privacy issues.

Real World Relevance

I see the relevance of these topics in all businesses. What distinguishes them is the depth and formality of their application, which varies widely based on size of company and type of industry. For example:

• Highly regulated industries, such as banks or health care-related firms, are required to pay strict attention to most of the items on the list – in particular, Security Management, Compliance Definition and Management, and Risk Management.
• Public companies subject to Sarbanes-Oxley requirements, and other companies facing similar requirements, are highly aware of the issues surrounding Compliance Definition and Management.
• Larger companies must be more attentive in these areas – especially, Resource Management, and Compliance Definition and Management – than smaller companies. For example, larger companies obviously have more employees using its technology resources, so procedures to verify that a user is indeed who he or she purports to be – and appropriately controlling access based on this identity – are critically important.

So where does that leave non-regulated, privately held, small-to-medium sized businesses? In such firms, the Information Systems (IS) function:

• May consist of 1 to 5 persons, some or all of whom frequently have other duties.
• Often outsources functions, such as server and network maintenance, and help desk.
• Typically is informally organized.
• Has a good chance of reporting to the CFO, who may spend at most 10% of his or her time on IS matters.

To these firms, topics of most interest are what I would consider "The Fundamentals" – Security Management, Risk Management, and Collaboration Applications – because part of the workforce serves customers and clients in the field, and the entire workforce is involved in knowledge management or collaboration of some sort.

Infrastructure vs. Applications

Gadgets are cool, new, and sleek. New technologies are sexy. They are the things that grace the cover of PC Magazine. But, the basic major themes of the top 10 list have varied little over the past 7 years – they fall broadly into:

• Infrastructure
• Applications

Infrastructure is not sexy. Infrastructure is the "plumbing" of Information Systems. Think about your home plumbing – absolutely critical, and incredibly boring, at the same time. Infrastructure is hard to cost-justify, because certain things are presumed of all businesses. No one tries to cost-justify your home plumbing – it is an indispensable cost of any home. Even so, infrastructure must not be taken for granted, because it is the foundation of any business and its applications.

Applications can be flashy or mundane, but they are easier to cost-justify because these are the technology investments that are expected to yield incremental business results – that is, to increase the ROI of a business. Continuing our home example, remodeling a kitchen or bath can be cost-justified through the increase in a home's resale value.

On this year's technology initiatives list, I consider only two items to be truly Applications – and I have grouped these together as Collaboration Applications. I view the other eight items as Infrastructure.

Most items on the 2007 list – or past lists, and likely future lists – are not especially flashy. Why is this? This survey reflects the business use of technology – and not technology for technology's sake. As such, the list focuses more on functions – and less on specific tools.

• Security of information assets will always be a concern for every business.
• Defining and managing various aspects of compliance is ever present.
• Businesses cannot operate without technology, so assessing technology-related risks, and planning to mitigate them, will always be in vogue.
• Managing technology resources – where these resources are financial (budget dollars), human (what tasks are worked on), physical(servers), and data (information assets) – will always be necessary because all resources are limited.
• Improving how people work together – the goal of collaboration applications – is an indispensable part of business growth and development.

Ideas on How to Apply The Initiatives or Themes to Your Situation

Questions to ask yourself:

• Do I understand the concepts well enough to assess whether they apply to my business?
• Have I assessed – even informally, by just printing this article and jotting down some notes – whether this area of technology applies to my business?
• For technologies that do apply to my business, what impact do they have?
• Have I allocated time and funds to the technologies in proportion to how they impact my business?

Some Final Thoughts...

Many of you are tech-savvy – you have procedures in place to invest in, upgrade, and manage your technology initiatives. You likely have some level of governance in place and funds allocated to improve your business through technology.

Others of you know the steps that need to be taken to address some of the technology initiatives in this list – yet find it hard to actually do these steps because you are so busy running your business. (Trust me, I have been there many times myself.) For you, think about the gap between the amount of attention that an initiative or theme deserves against the amount it actually receives – and then consider obtaining assistance to close large gaps for those items.

Finally, I welcome the opportunity to bring our seminar on 2007 AICPA list of technology initiatives to your organization. Our goal is to provide not only education to you and your colleagues, but also guidance in defining and taking steps toward improving your business results through technology – and the related impact technology invariably has on your processes and your people. You may reply to this email, or contact Carol Dalgarn, directly, by calling 336.297.4200 ext. 18.

And, if you have an interest to "get moving" on your own technology initiatives, please contact me!

Sincerely,

Todd L. Herman