It is not unusual to experience, that what seems like a simple solution in data collection, over time become so complex that it might turn into a critical issue for the organisation. But is it possible to handle the situation, where things like small spreadsheet solutions slowly develop into systems, and over time become business-critical and get character of daily IT production? It is, but you need to consider recognition, security and agreement on IT policies to make it turn into an advantage for the organisation.
By Peter Jørn Jensen, Senior Manager | 25th of January 2017
At some point, most financial companies will experience a need for a quick solution to smaller spreadsheets, either to serve a customer, create an internal report or data required by regulators. Typically, this type of task will flow like water, and find the easiest way, where it will meet the least resistance – with a fast result and the simplest way to get the job done.
In many cases, the fastest way to get the job done is carried out by someone closely related to the business. It is easier than having to cut through the jungle of prioritization in the IT department. This way, the problem is solved, delivery is made, the customer is satisfied and the business goes on.
Instead, the complexity of the “easy” solution slowly expands as more and more tasks are handled.
But very often, this kind of solution is not lifted out of the business area and properly placed in IT. Instead, the complexity of the “easy” solution slowly expands as more and more tasks are handled. Over time, a small IT-production arises to support the increased complexity and business-critical solutions.
Then the production is often characterized by being run from personal workstations, and small databases with limited or no backup. It is run by a limited number of key resources and the documentation is at a minimum. What was previously handled as a simple spreadsheet, can then turn into a business-critical issue with the character of daily IT production.
How can you ensure that your data do not lose quality, is being backed up and secured, while your organization is still being fast and agile?
As this in fact takes place in almost any organization, the obvious question is: How do you ensure that your business does not suffer from making this choice?
How can you ensure that your data do not lose quality, is being backed up and secured, while your organization is still being fast and agile? Therefore, it becomes a business-critical issue that needs to be recognized and acknowledged in order for the organization to move forward.
Recognition and acknowledgement of the issue
Firstly, the organizations must recognize that this is an issue. It is important that management from both business and IT recognize and subsequently acknowledge that it takes place. It seems simple, but this is much easier said than done. The business areas want quick solutions without too much prioritization, and IT does not want development to happen outside of IT. This is the usual course of things.
But it is not possible to move forward until the state of matters are acknowledged and it is accepted that IT development might have to take place outside of IT. It is not until after this, you can move forward and agree on how to work together.
Secure the data
Secondly, once it has been accepted that some IT-development takes place outside IT, you should make the best possible tools available to those who need it. This can be done by providing access to safe environments for the systems used. Make sure that there is access to servers and databases, where data is backed up daily, to make it possible to restore systems and data in case of a breakdown.
There must be introduced development and test environments for the business area in order to follow normal procedures in IT-development, and thereby reducing risk.
Also the company must make sure to restrict the access to systems and data to authorized personnel only.
Agreement on IT policy and development
There should be an agreed policy for IT-development and operation in the business areas. The policy must have specific guidelines. These should include how and when determining if a system that has been developed is growing too big or too important to keep outside of the regular IT-landscape, and the areas in which IT must be involved. This could be external communication, firewalls, etc..
It is possible to handle the situation where small spreadsheet solutions slowly develop into systems, and over time become business-critical and get character of daily IT-production. But it requires that both parties put in an effort and can settle on common ground.
In short; IT must accept developments made outside their turf, and the business areas must accept the introduction of safety rules.