Description of risk
Because of the increased reliance on information systems to support academic, research and administrative processes, it is important for management within each unit to have a keen awareness of how those information systems resources will be utilized and managed. If unit management does not have a clear view of the required resources to support its mission critical processes, there is a risk that organizational objectives may be hindered. If there is not a connection between the strategic vision for the unit and the available systems and resources to support that plan, there is a risk that organizational objectives may not be met. This could lead to inefficient and ineffective use of resources and possible compromise of Institute data. Without adequate strategy and vision the following may occur:
- Loss of monetary resources
- Loss of proprietary data
- Loss of productivity
- Hardware damage
- Software corruption of proprietary systems
- Compromises of systems
- Expenditure of resources on equipment inadequate to support the business goals of the unit
Managing an information system in the campus environment is the most demanding role an administrator can have. Management practice surrounding an information system can affect virtually all aspects of campus business. Unit success is largely dependent on an organization that can take advantage of rapid changes in their field and in technology that support the education process. Management facilitates the executive tasks of strategic planning, budgeting, and assessing the adequacy of information systems to meet Institute needs. Astute units have a plan of progression tied to a timetable, how they intend to get there, and a clear understanding of how this will enhance the learning experience. Specific strategy for management of information systems is left to each campus unit head. There are several guides that can assist in managing the information systems of a unit.
- GAO/AIMD-10.1.13 Assessing Risk and Returns: A guide for evaluating federal Agencies’ IT investment Decision Making
- GAO/AIMD-10.1.23 Information Technology Investment Management
- GAO/AIMD-94-115 Executive Guide to Improving Mission Performance through Strategic Information Management and Technology
- ISO 27001 Standard: Information Security Management - Specification With Guidance for Use
- The IT Infrastructure Library (ITIL): A cohesive set of best practices for IT service management. It is comprised of a series of ITIL Books and is intended to assist organizations in developing a quality IT framework.
The previously listed documents provide models for affordable and efficient guides to management of information systems.
In this time of scarce resources, both human and monetary, strategic planning is essential. We are looking to see that management has a plan, in line with its resources, to maintain and focus the campus unit in line with the strategic plan of the Institute.
As an overall process:
- Recognize information resources as an essential organizational asset that must be protected.
• Information resources should be deployed to enhance the unit’s strategy, objectives, or business needs. Information systems are the catalyst for the transfer of all information and should be recognized as a critical component to achieving business success.
- Develop a practical information systems strategy and assessment model that links the information systems resource needs to your business plan.
• Ensure that there is a clear budget for IT investment and that it is tied to the unit and Institute goals.
- Hold program or business managers accountable for insuring that information systems projects, designs, implementations, and expenditures support a specific business need or strategic goal.
• Have a multi-year plan that addresses technology replacement, upkeep, and management.
- Manage risk on a continuing basis.
• Tools for doing this are provided by the Department of Internal Auditing (http://www.audit.gatech.edu/resources) and the Office of Information Technology (http://oit.gatech.edu/service/information-security/security-assessments )
- Designate a central group or authority within the unit to develop information systems priorities and to carry out and implement those key priorities.
- Provide the central group ready and independent access to senior executives or management within the campus unit.
- Dedicate funding and staff resources in each year's budget as well as the budget planning process to support technical (Information Systems) needs.
- Ensure departmental policies on information systems are related to business needs and business risks, in addition to supporting the strategic goals of the unit.
- Distinguish between policies and guidelines, ensuring that personnel understand the purpose of the information systems resources, the appropriate use of these resources, and how they support the business needs of the unit.
• Ensure training of users is adequate and is updated regularly.
- Monitor information system resources and their return-on-investment to determine how well they have supported the strategic goals, business needs, and the mission of the local unit.
• The Office of Information Technology should be able to assist in this process if necessary.
- Use these results to direct future efforts and to hold the managers accountable.
- Use these results to support the unit budgeting process.
• Prepare for situations such as unexpected monies becoming available and decisions being made to buy based on the unit’s long-term plan vs. impulse buying.
EMPOWER THE PEOPLE RESPONSIBLE
Strategic planning encompasses several areas of accountability: information systems, budget, technical, business, and vision. While management should designate a responsible party for each area of the strategic plan, management remains responsible for the overall strategic plan.
COMMUNICATE WITH EVERYONE IN THE UNIT
In order to maintain a relevant strategic plan, feedback/input from technical members, users and business managers is a necessity. Management is encouraged to use direct face-to-face methods of communications such as staff meetings, brown bags, and targeted training programs. Management also has at its disposal several supporting methods for communications such as email, the internet, and electronic messaging.
USE A SYSTEMATIC APPROACH
One approach to creating a successful plan is to take each of the goals outlined in the strategic plan of Georgia Tech and evaluate local unit approaches to supporting it with information technology.
Georgia Tech Strategic Plan