1st Edition

Operational Assessment of IT

By Steve Katzman Copyright 2016
    356 Pages 61 B/W Illustrations
    by Auerbach Publications

    356 Pages 61 B/W Illustrations
    by Auerbach Publications

    Operational Assessment of IT presents ideas and concepts of optimization designed to improve an organization’s business processes and assist business units in meeting organizational goals more effectively. Rather than focus on specific technologies, computing environments, enterprise risks, resource programs, or infrastructure, the book focuses on organizational processes. Throughout the book, the author presents concerns and environments encountered throughout his career to demonstrate issues and explain how you, too, can successfully implement the tools presented in the book.

    The assessment process reviews the economics as well as the effectiveness and efficiency of the process. Whether your organization is profit-based, not-for-profit, or even governmental, you cannot provide services or products at a continuous loss. For an operational assessment to be of value, the ultimate goal must be to insure that the business unit process is effective and efficient and employs the financial assets and resources appropriately or helps the business unit make adjustments to improve the operation and use resources more efficiently and economically.

    After reading this book, you will be able to devise more efficient and economical ways to meet your customers’ requirements, no matter who or where your customers are. You will learn that the goal of any process is to service or supply customers with what they want. The book provides tools and techniques that will assist you in gaining a 360-degree view of the process so that you can help the business unit improve the delivery of a quality product or a service to the customer.

    PRELUDE

    Introduction
    Overview
    Rationale

    GOALS

    The Organization
    Organizational Goals
    Measuring the Success of an Organization
    Voice of the Customer
    Process
    Productivity
    Measuring the Success of the Processes
    Summary

    OPERATIONAL ASSESSMENTS

    Operational Auditing
    Background
    Auditing
    Operational Assessment
    Operational Assessment Drivers/Impetus
    Operational Objectives
    Operational Factors: The Three Es
    Process

    Operational Assessment Planning
    Customer Relationships
    Risk Assessment
    Business Acumen
    RACI Matrix (or RASCI)
    Planning Memo
    Project Charter
    Adding Value
    Key Performance Indicator
    Operational Process
    Process Review (As Is)
    Activity: Procurement Audit Planning
    IT Support of the Business Unit
    Background
    Latency Delays
    Business Continuity Planning
    Planning Summation

    Operational Assessment Fieldwork
    Failure Mode and Effect Analysis
    Root Cause Analysis (RCA)
    The Five Whys
    Pareto Principle (80–20 rule)
    Metrics
    Standardization or Anarchy
    Control Charts
    IT and the Business Process
    The Fraud Red Flag
    The Process
    Business Continuity Management
    Fieldwork Analysis
    Purchasing Process

    PUTTING IT ALL TOGETHER

    Assessment Reporting
    Share the Picture
    Report Distribution
    Focus on the Issue/Concern
    A Picture Can Say Volumes
    Presenting the Report

    IT and COBIT
    COBIT Management Environment

    Epilogue

    Appendices
    Risk Assessment/Management
    Washington State Audit Report
    Typical Swim Lane Diagram
    Bibliography

    Biography

    Steve Katzman is a retired master sergeant who spent four years in accounting and finance and the rest of his 21-plus-year Air Force career in information technology (IT) and data communication. He has over 35 years of computer and technology experience and 14 years in auditing (internal and external). Mr. Katzman earned a BS degree in management information systems with a focus on business from Central Connecticut State University. He maintained several professional certifications, including CIA, CISA, CRMA, CRISC, and CISSP. During his military career, he held a top-secret security clearance.

    When I first received this book for review, I was a bit nervous. I am not an auditor, and have never been one. It is true that I have participated in hundreds of audits across different industries and disciplines, as both a customer and much more frequently, as an advisor, but I never had to put my name to the bottom of an attestation (except, I suppose, for a few PCI self-assessment questionnaires).

    In short, I was concerned that I would not be able to properly grasp it, and thus fail to do it justice.

    By the time I was done, I found myself with the same concern, but this time, coming from a completely different angle.

    Because Steve’s book is truly a delight. I have worked with hundreds of auditors, and only a couple of them have ever shown the scope and breadth of experience, the desire to go beyond following rote process, and the sheer interest in staying true to the purpose of an audit – any audit – that Mr. Katzman exhibits in his book.

    Steve’s personal stories shine through, and really help in framing the conversation. The little quips he embeds throughout his writing made me chuckle repeatedly, certainly not what I expected from a book about what is ultimately a rather dry subject matter. The planning chapter alone is worth the price of entry, as first and foremost it does such a great job at reminding all of us why audits exist in the first place.

    For me, this work provided a great insight into the mind of an auditor, in a way that I never quite grasped before. That is undoubtedly going to help me in future audits. Considering the way Steve seamlessly transitions between the client and auditor viewpoints, if you are an auditor (the stated target audience for this book), then I cannot imagine how it would fail to help in a mirrored fashion.

    I find it fitting to end this review by borrowing Steve’s own ending words from the book:

    "Stay well, stay happy, and stay productive".

    -- Barak Engel, CISO and author, Why CISOs Fail – The Missing Link in Security Management and How to Fix It