It is interesting to contemplate business risk and business benefit in today’s commercial world. If we think about how the world has changed over the past thirty years (I am of course referring to information systems – and am completely ignoring other somewhat less momentous issues such as the end of the cold war, the rise of Islamic extremism, and the invention of Viagra), there originally were computer mainframes that the well-heeled business could put in place to process transactions. The diagram below gives a flavour of the history here:
Mainframes were heavily customised – heck, at the beginning each one was a custom job. So they were heavily customised, had a long life to get anything like ROI out of them, and were expensive to maintain.
The rise of end-user computing – aka the rise of the PC – put computing in the hands of the masses, but those masses didn’t have too many options to customise their computers given that most programs were off-the-shelf unless you were a dab hand at Pascal.
Client-server architectures, and the rise of enterprise computing, lead to fairly extensive customisation of systems, but in hindsight they were not nearly as complex as modern systems and were less integrated (it was still considered novel to integrate information from two databases into a data warehouse).
Todays’ internet computing, though, is all about reliance upon the information systems and their inter-dependence. It is increasingly difficult to change one information system without affecting others – this is particularly the case for core information systems such as accounting information systems or human resource information systems.
This has all occurred at a time when business, due to competitive pressures and the impact of globalisation, is increasingly turning to automation and information tools to ‘produce the goods’. Increasing reliance on information systems, and increased customisation, results in increasing business risk:
So despite the maturity of the information industry (e.g. with the development of common approaches, architectures, and ubiquitous development tools), the forces of evil are being brought to bear due to the requirement to have ‘business on-demand’ (a resurgent long-term reliance upon the vendor, increased customisation of business processes and software, and the use of a wide range of software development tools to undertake these tasks).
These factors are leading to increased systems integration risk, and the only solution that seems to exist at this time is to promote the use of methodologies, standard enterprise tools, and, as always, to document, document, document your customisations. And of course, as I often say to clients, have a Bex and a good lie down before seriously thinking about customising an off-the-shelf system. Having high information systems risks due to a customisation of a system to achieve business benefits is somewhat disconcerting; to have a high level of information system risks for customisations that did not achieve their supposed benefits is a more disturbing outcome.
(PS – BDO Kendalls is running an Emerging Issues in Risk Management Seminar on 8 November 2005 – see you there).