A real-life medium to large size organization will have hundreds (if not thousands) of small to medium sized ‘applications’ which are owned by business and are not on IT radar. The key reason is that IT is not able to (rightly so) meet all the business demands within the time and money constraints it has. Therefore, working units in the business create their own applications, which may range from excel based to a full-fledged IT platforms. Many a times, these business units have their own ‘captive’ IT units.
Many of these systems, over time grow, spread and become an important link within the business processes. While being critical, they don’t have the level of robustness and reliability, which is inherent with IT-owned systems. This generates a financial, operational and compliance risk.
These applications also become an important part of your data quality and BI agenda. This is because they carry important and business critical information. In my experience, a fair proportion of effort on any enterprise level Data quality or BI initiative goes into mapping, extracting and transforming the data from these sets of apps.
The response of an organization may range from ‘fight’ to ‘flight’. My recommendation is to accept the reality, formalize it and mange it. The informal business applications are here to stay and you cannot take away the reasons, which lead to their existence. Here are the steps one can follow:
- • Step 1- First of all, one needs to have a sponsorship from the owning business functions to open-up their world and let the teams working on Data Mapping or data quality program.
- • Step II- One can create a quick inventory list of all informal applications, and do a first level prioritization.
- • Step III- More detailed analysis of the inventory list by using a standard set of questionnaires. Some of the questions in that questionnaire would be:
- - Will the key business processes come to stand-still if the application does not work for one day, one week, and one month?
- - Does this application stores or processes the financial data?
- - Does this application stores or processes the data related to the privacy laws, like credit card numbers, personal contact details?
- - Does this application have a disaster recovery in place?
- • Step IV- Short-list the applications, where you to have the first go. Make a road-map to bring the critical applications into IT fold.
- • STEP V- Issue guidelines on the management of information applications. As part of these guidelines, you can include:
- - What can be part of the informal applications and what can’t be.
- - Procedure of periodic check on the inventory
- - Procedure for aligning with IT principles and architecture for a given class of applications
- - Sign-off from IT on controls and quality related areas etc…
There are multiple benefits of this approach:
- • Business and IT can work collaboratively.
- • Awareness of risk is half the battle won. Once you know the soft spots, you can work on them.
- • Your Data Quality, Data Integration and BI initiatives will be smoother and efficient.
In other words, formalize this reality and you will be able to manage the risk much better. For more details on this subject, you may refer Business Applications are a reality- Manage it in my portal Business Intelligence and Performance Management Institute .
