An intranet success story: auditors at a large financial services organization discover the power of intra-enterprise connectivity

Internal Auditor, June, 2004 by Antonio Carlos Correia, Eder Luiz Menezes De Faria

The intranet also allows for easier software deployment. Because our system uses an open-source software infrastructure, it is easy to expand, both in terms of users and functions. This results in reduced expenditures related to lifetime systems acquisition, development, and maintenance. Furthermore, the intranet has minimized our need for client-side software.

The Web-based system supports server-side logic, which reduces the amount and variety of client software to install and support.

BEYOND THE SYSTEM

When assessing the potential benefits of establishing an intranet, auditors need to recognize that the introduction of this technology must go hand-in-hand with the development of appropriate employee work practices. Intranets will only deliver benefits if workers are motivated to exploit the facilities. The motivation may be personal, such as facilitation of work tasks, or business-results-driven, providing new opportunities or greater efficiency for the enterprise. In either case, the technology is merely a supporting agent, and utilization will depend on the system's ability to offer benefits to those expected to use it.

RELATED ARTICLE: Building an Intranet

Based on our experience at Banco do Brasil, we've developed guidance that may be useful to other auditors who are thinking about setting up an intranet for their department. The following tips can help practitioners avoid common pitfalls and ensure successful system development.

DETERMINE SHORT- AND LONG-TERM GOALS What does the audit department expect from the intranet? Will the system serve only as an information-sharing device, or will it constitute a fully functional application environment? What purpose will it serve two years from now? Four years from now? These are just some of the questions that need to be answered during the planning process. Failure to address these basic issues early may result in wasted money and time on software, hardware, communication infrastructure, and personnel training.

ESTABLISH A POLICYMAKING GROUP Specific individuals within the department should be designated to develop intranet policies and procedures. Otherwise, the site can become a "Wild West" of disjointed, poorly organized information and resources. The policymaking group should consider issues such as access policies, system security, critical transactions, and screen layout. Furthermore, the group should ensure that the site is aligned with the organization's rules and policies.

DEFINE USER BASE To ensure the intranet will meet all user needs, auditors must determine in advance who will require access to the system. Consider future growth and plan accordingly. For example, two years after implementing our intranet system, we were asked to provide access to regulators. Fortunately, we were prepared for this request. If we had not anticipated the need for external access, however, we would have needed to upgrade our application and acquire new software and hardware to accommodate security requirements.