The Role of the Business vs. IT in Supporting Cloud Applications

For companies considering the move to a Cloud Enterprise Resource Planning (ERP) or Software as a Service (SaaS) platform, one of the key drivers is likely the perceived opportunity for reduced IT overhead costs and maintenance responsibilities. While hosting and general monitoring activities are delegated to the SaaS provider, there will be both new and continued responsibilities for IT that will require planning and resources to support the cloud environment. Additionally, moving to the cloud does not diminish the role of the business in supporting the application; in most cases this transition will require increased time and ownership from business subject matter experts (SMEs), not only during the implementation but in perpetuity.

Therefore, it is important to proactively define the distinction between business and IT production support responsibilities prior to going live.

Business vs. IT Ownership

The key to establishing a successful production support model is formally defining responsibilities between the business and IT. The earlier this distributed support model is architected, the better prepared organizations will be to support and maximize usage of their new application. As cloud applications have become more commonplace, certain support practices have evolved and become generally accepted over time, including:

  • Internal Business:
    • Often reside with a “super user” from the original implementation team, or multiple module centric super users (i.e., Finance, HR, Payroll)
    • Certain business responsibilities, periodic regression testing for example, can be supported by IT, assuming IT personnel effectively comprehend both application and business processes
  • Internal IT:
    • Often reside with an internally designated application team, and/or outsourced to a third-party managed support function
    • For companies that do not have in-house IT capabilities or capacity, they may consider a third-party support plan that includes a pool of hours for ad-hoc/anytime activities, such as periodic enhancements or reporting and analytics needs

The table below outlines common support activities that we see with cloud applications and the breakdown of organizational responsibility.

Cloud Application Support Activities Internal Business Responsibility Internal IT Responsibility (or Third-Party Managed Support)
Periodic Release Management ·       Plan around outages

·       Review upcoming changes/release notes for business impacts

·       Apply the releases after the business has executed regression testing (this may include opening/approving tickets with the SaaS provider)
Periodic Regression Testing ·       Manage test-script library and data sets

·       Review impacts and tailor test plan

·       Execute tests and sign-off

·       Provide testing tools and testing automations
Periodic Enhancement Projects* ·       Requirements definition

·       Functional design and sign-off

·       Solution testing,

·       Training

·       Technical design

·       Configuration/build

·       Environment/migration management

Ad-hoc Break-Fix Incidents* ·       Issue identification and severity articulation

·       Resolution testing

·       Triage/troubleshooting

·       Escalation to SaaS provider if applicable (i.e., Opening an SR with Oracle)

New Users or Job Function Changes** ·       Initiate and approve access requests

·       Train users

·       User provisioning (once approved by business)
Reporting and Analytics ·       This is one of the most varied by ownership; depending on the sophistication of tools available and knowledge of users in the business, this might be federated to power users in depts or in an FP&A function; or might follow traditional business requester/IT delivery model.
Data Management ·       Establish standards and govern master data

·       Monitor transactions for quality and adherence

·       Where possible enact technological gates or monitoring to maintain data standards

·       Schedule periodic environment refreshes to keep TEST and TRAIN instances current

Knowledge Management ·       Maintain process maps/procedures and role-based training content

·       Train users

·       As appropriate, provide knowledge management repository/training tools

* Could apply to core functions, integrations, or security roles  ** For a Segregation of Duties review, IT may be responsible for producing certain access reports, with a business and/or audit individual reviewing/approving exceptions

In Summary

Business and IT cloud application responsibilities do not taper off after go-live. Instead, they shift to a support-centric focus where each wears unique hats that vary significantly from on-prem or locally hosted applications. Make the most of cloud investments by defining and assigning organizational support responsibilities early on.

Additional Resources:

5 Ways to Prepare for the Next Oracle Cloud Quarterly Release

Plan Ahead: 5 Best Practices for the Switch to Oracle Cloud


To learn more about Protiviti’s cloud capabilities, contact us.

Kimberly Starnes

Senior Manager
Technology Consulting - Enterprise Application Solutions

Subscribe to Topics

Privilege access credentials are a main target attackers use to carry out #cybersecurity breaches. Join #ProtivitiTech to learn how to apply #zerotrust measures to thwart attacks.

#identity #security #cloud #devops #cyberattack

September is National Preparedness month and we’ve updated our Guide to Business Continuity and Resilience. Download your copy today for answers on key questions and industry perspectives.

#ProtivitiTech #businesscontinuity #businesscontinuitymanagement

“I’ve seen some amazing advancements in #qubit fidelity,” #ProtivitiTech @KonstantHacker said. “We don’t need perfect qubits and we need enough to do what’s called error correction.” Read more of the @CNBC interview on #quantum investing.

Next week, #ProtivitiTech Greg Hedges and @KonstantHacker will discuss post #quantum cryptography in this new #cybersecurity webinar series. Learn the benefits and risks of #quantumcomputing and understand the post quantum #cryptography timeline.

Let's transform together. Migrate and modernize your @SAP applications on @Azure increasing flexibility, scalability and security with Protiviti. Learn more:

#ProtivitiTech #Microsoft #Azure #SAP #scalability #security

Load More