Boštjan Delak (2012) Universal framewor for information technology due diligence delivery. PhD thesis.
Information system (IS) in the company (hereinafter referred to as organization) is a broader term, which apart from Information Communication Technology (ICT) defines how users should use technology and how they can interact with technology in delivering day-to-day business activities and support processes within the organization. We can say that IS encompasses ICT, users, processes, data, events and activities in a particular organization or environment. Nowadays the majority of organizations face the issues of ICT governance. In order to obtain effective information on the status of ICT or IS in general, organizations can perform IS due diligence activities. Islovar - Informatics Terminology Dictionary defines this term as an analysis of a particular area of business in the organization in order to provide the management or client with real information on the reviewed segment. In the past two decades, organizations used various ways to increase the volume of business, including mergers and acquisitions (M&A). Prior to any acquisition or capital investment, several activities need to be carried out with initial due diligence playing the key role. In most cases the initial DD focuses on reviewing liquidity, investments (credit and equity investments), and risk management. With the ever-growing impact of IS on the organizations’ daily business support, reviewing the IS of an organization has become very important, if not vital. This is mainly due to the large dependence of the IS segment on substantial investments in quality and up-to-date support, ensuring the integrity, confidentiality, and availability of information. IS initial due diligence is very comprehensive and demanding as it covers a range of segments, such as information security and operational risk assessment. Furthermore it should ascertain and assess compliance with the local regulation, security aspects of the implemented information system and establish and analyze any deviations. In addition due diligence of information system should establish the possibility of adjustments to the corporate information system in the event of a positive decision on capital investment. It is necessary that these activities be performed in a short period of time. Between 1996 and 2006, I conducted over 60 IS due diligences in financial organizations in 15 European countries. Through the implementation of due diligence and analysis of different methods, tools, standards, best practices and procedures (hereinafter approaches) the Universal framework for IS due diligence delivery was formed. The presented framework is not a completely new method to be placed alongside others, but an attempt at creating a comprehensive synthesis method using existing approaches upgraded with innovations that proved useful through extensive personal experience with the use of standard approaches. With this framework it is possible to perform an IS due diligence in small and large organizations a in a very short period of time. It includes a decision model enabling a transparent, uniform and effective decision-making process. This universal framework has been tested with a case study of four financial institutions in 2007 and 2008. Moreover, for the purpose of this thesis, it was verified in one non-financial organization. Contrary to typical financial organizations subject to our universal framework, this organization only has 7 % of users and others are ICT experts, whereas the financial institutions have 2 % to 7 % of ICT experts. The non-financial organization develops ICT solutions for their clients and offers daily operational support for their IS. The case study has shown that the universal framework for IS due diligence is also applicable in such organizations. Case studies confirm that with this universal framework IS due diligence can be conducted in a short period of time and the integrated decision model facilitates decision-making for investors.
Actions (login required)