Taking Charge of Dynamic Enterprise Information – Infogix Enables IT to Control their Enterprise Information
By Fern Halper, Partner
Controlling the information flowing through an enterprise is critical
Hurwitz & Associates believes that there is a disconnect between how companies implement business rules and ensuring that these rules propagate through their business processes. This can have a direct impact on how trustworthy the information flowing through an enterprise really is. While many companies are implementing data quality initiatives to ensure that their static data resources are trustworthy, they may be missing the mark when it comes to dealing with dynamic data that flows through their business processes. I was recently reminded of this fact when I met with Infogix (formerly Unitech Systems), which provides IT with automated internal information controls.
So, what is an internal control? The Committee of the Sponsoring Organizations of the Treadway Commission (COSO) defines internal controls as “a process designed to provide reasonable assurance regarding the achievement of objectives in the effectiveness and efficiency of operations, reliable financial reporting, and compliance with laws and regulations.” This rather broad framework has been widely adopted by public companies subject to compliance regulations like the Sarbannes-Oxley (SOX) Act of 2002. Section 404 of SOX states that management must issue an internal control report that includes an assessment of the internal control structure and the procedures used to report financial information.
It is critical to control the information that moves within and between systems. Problems with information flowing though a business process typically occur between the systems supporting the process. If a company can deploy their own set of controls across the information flowing into and out of their enterprise, they will be well positioned with auditable systems. If the controls are automated, so much the better. A good set of information-related controls should include tests for completeness and accuracy of input and output, processing controls, validity, and correctness of information. Reconciliation tests between these systems ensure that data can be balanced from one process to the next. Other application-information-related controls include timeliness and reasonableness of the information. The absence of these controls can severely impact their top and bottom line revenue.
Here is a true example that I heard about recently. A telecommunications company had a business process in place for their VoIP services. The process includes customer proposal generation, ordering the service, billing the service and ultimately posting and reporting account revenue to the general ledger. A well-intentioned developer, working with sales, decided to change some of the discount plans in order to make the company’s services more appealing. However, these changes never found their way to the billing system. The result?
- A large number of customers who were promised one price but were billed another
- A data quality problem in booked verses billed revenue appearing in management reports
- A company that can’t make good decisions because of unreliable data
- A potential compliance issue if this is a public company
Thankfully, in this case, an astute employee found the problem and averted a potential catastrophe. There are two important points in this example. First, a control should have been put in place to ensure that the new business rules input into the customer proposal system relating to the cost for service were propagated to the order system, which should have had a new discount field added to it, as well as the billing system, which should have had the discount rule in it, and so on. This is often a manual control. Second, a reconciliation control that compares expected revenue from new customers versus what was actually billed would prevent problems like this from occurring.
Infogix and Information Controls
Companies in the telecommunications, financial services, insurance, and retail industries are using Naperville, Illinois-based Infogix automated controls platform to detect errors in business processes in real time and to prevent problems from occurring. Infogix’s focus is on automating information controls, from an enterprise perspective, in order to provide what they term “information integrity” and to reduce information risk that arises in and between systems as a result of unreliable and inaccurate information. Infogix provides a series of products that are part of their Automated Controls Portfolio. These include products that address the following areas:
- Information verification validates content and fields, provides logic and reasonableness tests, checks for duplicates, provides for external list tracking, and performs cross-referencing. Areas such as validating content and fields as well as checking for duplicates are similar to some data quality software that is out in the market. Included here are logic checks that entail checking business rules.
- Information balancing performs file-to-file, report-to-report, point-to-point, run-to-run, and application-to application balances to detect totaling errors or inconsistencies. Infogix also provides facilities to detect out of sequence steps. This balancing can be done on daily, weekly, or monthly processing cycles.
- Information reconciliation reconciles information from multiple sources and processes to make sure they align. Infogix can reconcile on a one-to-one, one-to-many, and many-to-many basis from reports, files, and databases. So, for example, Infogix can provide balancing and reconciliation of totals and counts, at various levels of detail, from one report, file or database to another report file or database in or across application platforms, and so on.
- Information process monitoring provides transaction path validation, sequence monitoring, and transaction timing and latency. This area also deals with the paths that a transaction takes over time and the actual process integrity.
The goal is to examine the integrity of information flowing into and out of an enterprise through automated controls. Automating the controls makes the controls preventive rather than detective. Infogix captures information from source systems and compares the information with a series of rules. If there is a problem, the user is alerted.
Infogix is also looking at addressing information controls in an SOA environment by offering their products as consumable services as well as enabling their products to work with Web services that may act as a receiver.
The value of automating information controls
Information moves and changes through an organization. Automating controls can result in:
- A decrease in costs associated, as compared to utilizing manual controls
- Eliminating potential revenue loss
- A decrease in cost associated with resolving problems found well after the fact
- A higher level of trust in a company’s data leading to better decisions and a more competitive company
- Audit-worthy systems
Technologies like Infogix that are aimed at how IT can deal with enterprise information controls are solving a critical business issue: ensuring the validity of the information flowing through business processes and alerting IT to problems and potential issues before they become major problems. While the idea of automating internal controls is certainly not new – auditors have been addressing this for at least the last decade – Hurwitz & Associates believes that this kind of technology will become increasingly important in the IT space, especially as systems continue to increase in complexity.