Professional Documents
Culture Documents
Green-IT FINALwCover
Green-IT FINALwCover
H
Glen L. Gray, PhD, CPA Opportunities for Internal Auditors
Government regulators and other stakeholders are increasing their
C
demands on organizations regarding corporate social responsibility (CSR)
and sustainable development. A key component of CSR is reducing an
R
The report summarizes what organizations and internal auditors are currently
doing in the green IT domain and what they should be doing in this area.
Selecting the best green IT solutions — and prioritizing those solutions — for
A
an organization requires careful analysis of all the lifecycle costs (front-end
and ongoing), benefits, and risks before selecting the appropriate solutions.
E
opportunities for internal auditors to provide a wide variety of value-added
green IT services in auditing, facilitating, and consulting.
R
S
C
IIA members US $0
R
Nonmembers US $25
ISBN: 978-0-89413-707-5
5/11349/PM/GS
GREEN IT OPPORTUNITIES FOR
INTERNAL AUDITORS
By
The IIA and The IIARF work in partnership with researchers from
around the globe who conduct valuable studies on critical issues affecting
today’s business world. Much of the content presented in their final
reports is a result of IIARF-funded research and prepared as a service to
The Foundation and the internal audit profession. Expressed opinions,
interpretations, or points of view represent a consensus of the research-
ers and do not necessarily reflect or represent the official position or
policies of The IIA or The IIARF.
ISBN 978-0-89413-707-5
6/11
First Printing
CONTENTS
Acknowledgments.................................................................... vii
About the Author..................................................................... ix
Preface...................................................................................... xi
Executive Summary................................................................... 1
Introduction.............................................................................. 5
The Green IT Domain............................................................... 9
IT Acquisition and Deployment........................................... 10
Electrical and Cooling Management..................................... 14
Moving to the Cloud............................................................. 15
Paperless Workflow............................................................... 17
Telecommuting..................................................................... 18
E-commerce.......................................................................... 19
Software Design and Deduplication..................................... 19
Manufacturing...................................................................... 20
Disposal and Recycling......................................................... 21
Survey Results......................................................................... 23
General Opinions Regarding Climate Change
and Green IT........................................................................ 23
Organizational Green and Green IT Activities...................... 25
Calculating a Carbon Footprint............................................ 26
General and Green IT Initiators........................................... 28
Relationships of General and Green IT Activities................ 29
Green IT Drivers.................................................................. 30
Monitoring IT Energy Use and Setting Goals...................... 31
Green IT Activities that Organizations Practice.................... 32
iii
Green IT Opportunities for Internal Auditors
iv
FIGURES
TABLES
v
Green IT Opportunities for Internal Auditors
vi
ACKNOWLEDGMENTS
vii
ABOUT THE AUTHOR
ix
Green IT Opportunities for Internal Auditors
Before joining the academic world, Dr. Gray was a consultant with
national CPA firms and an engineer at an aerospace company. He
has a BSEE from Michigan Technological University, an MBA
from the University of California, Los Angeles, and a PhD from
the University of Southern California.
x
“If you don’t develop a strategy of your own,
you become a part of someone else’s strategy.”
— Alvin Toffler1
PREFACE
One major driver in the internal audit profession is the search for
value-added services that internal auditors can provide in addi-
tion to their traditional financial auditing activities. With the
passage of the U.S. Sarbanes-Oxley Act of 2002, internal auditing
in public companies had to shift significant resources to financial
auditing — and other value-added activities were put on the back
burner. But Sarbanes-Oxley activities have become less demanding
and internal auditing needs to reconfigure its future strategies. As
this report suggests, “green information technology (IT)” activities
should be considered part of those strategies.
Futurist and author of Future Shock and The Third Wave, as well as
1
xi
Green IT Opportunities for Internal Auditors
Good luck,
Responsibility/Sustainable Development.
xii
EXECUTIVE SUMMARY
1
Green IT Opportunities for Internal Auditors
The Big Four and other accounting and consulting firms are aggres-
sively selling green IT consulting, assessment, compliance, and
assurance services to organizations. Many of these green IT services
seem like a natural fit for internal auditors to offer. Borrowing from
an IIA advertisement in the February 2011 issue of Internal Auditor,
internal auditors have unique insight into improving the organiza-
tion’s processes, procedures, performance, and risk management.
Internal auditing can provide assurance on whether green IT poli-
cies are being followed, controls are effective, and the organization
is operating as management intends. In large organizations in
particular, in addition to financial auditing, the internal auditors are
already heavily involved in operational and IT-related activities.
2
Executive Summary
3
Green IT Opportunities for Internal Auditors
4
INTRODUCTION
Although the CSR practice guide does not specifically discuss IT,
IT provides many opportunities for organizations to reduce their
environmental impact, which is a critical component of CSR.
Organizations are becoming increasingly interested in green IT.
According to Murugesan (2008), green IT is:
5
Green IT Opportunities for Internal Auditors
This report does not debate the degree to which human activities
impact the global climate. Although the specific metrics and key
performance indicators (KPIs) can vary for different organiza-
tions, as the above definition indicates, green IT is synonymous
with efficient IT, which in turn means lowering costs (e.g., elec-
trical, water, and waste), increasing return on investment (ROI),
decreasing demand for natural resources, and decreasing various
forms of pollution. The key point is that management should
want assurance that the green IT KPIs being reported to them are
accurate, complete, and timely — and this could be the internal
auditors’ responsibility.
6
Introduction
7
Green IT Opportunities for Internal Auditors
The remainder of this report has three major sections. The first
section provides a broad overview of green IT. A key point of that
overview is that green IT requires a cradle-to-grave perspective
to minimize the environmental impact of IT. The second section
summarizes a survey of The IIA membership regarding what orga-
nizations and internal auditors are currently doing and what they
should (could) be doing in the future. The final section provides
concluding comments and suggestions for internal auditors to
become more involved in value-added green IT activities.
8
THE GREEN IT DOMAIN
Figure 1
Green IT Domain and Value Chain
9
Green IT Opportunities for Internal Auditors
3
Although the 155-page EPA report focuses on servers and data
centers, their observations and recommendations can be applied to
other IT uses.
10
The Green IT Domain
11
Green IT Opportunities for Internal Auditors
Table 1
Summary of Assumptions for Analysis of
Alternative Efficiency Scenarios
Site Infrastructure
Scenario IT Equipment
(Power and Cooling)
• Continue current trends 30% improvement in
for server consolidation. infrastructure energy
efficiency from improved
• Eliminate unused
airflow management.
servers (e.g., legacy
applications).
• Adopt “energy-efficient”
Improved servers to modest level.
Operation
• Enable power
management on 100%
of applicable servers.
• Assume modest
decline in energy use
of enterprise storage
equipment.
All measures in “improved Up to 70% improvement
operation” scenario, plus: in infrastructure energy
efficiency from all
• Consolidate servers to
measures in “improved
moderate extent.
operation” scenario, plus:
• Aggressively adopt
• Improved
Best “energy-efficient”
transformers and
Practice servers.
uninterruptible power
• Assume moderate supplies.
storage consolidation.
• Improved efficiency
chillers, fans, and
pumps.
• Free cooling.
12
The Green IT Domain
Table 1
Summary of Assumptions for Analysis of
Alternative Efficiency Scenarios (Continued)
Site Infrastructure
Scenario IT Equipment
(Power and Cooling)
All measures in “best Up to 80% improvement
practice” scenario, plus: in infrastructure energy
efficiency, due to all
• Aggressively
measures in “best
consolidate servers.
practice” scenario, plus:
• Aggressively
• Direct liquid cooling.
State of consolidate storage.
the Art • Combined heat and
• Enable power
power.
management at
data center level of
applications, servers,
and equipment for
networking and
storage.
13
Green IT Opportunities for Internal Auditors
14
The Green IT Domain
No matter what actions are taken, even the most efficient IT equip-
ment is going to generate heat. Some organizations have found
creative ways to use this heat instead of just dissipating it into the
air or water. For example, Intel recycles the excess heat from a data
center to heat offices and provide warm water for cafeterias.4 A
Swedish company uses the heat to warm a community swimming
pool.
4
A podcast describing this heat recycling is available at http://www.
podtech.net/home/5053/data-centers-recycle-excess-heat.
Cloud_computing.
15
Green IT Opportunities for Internal Auditors
Since a third party will have the organization’s data, a whole new
set of risks will have to be assessed. For example, an organiza-
tion could discover it is sharing the same servers and databases
with a competitor. Even though the competitors are on different
virtual machines, knowing that they are sharing the same physical
machines could/would make management uncomfortable. Some
managers may even be uncomfortable with a competitor using the
same cloud computer vendor whether their data resides on the same
physical servers or not. Issues regarding stipulating and testing of
internal controls can be particularly challenging, depending on the
applicability of Sarbanes-Oxley (mainly Sections 302 and 404),
Payment Card Industry (PCI), Health Insurance Portability and
Accountability Act of 1996 (HIPAA), Basel Accords, as well as
the privacy and breach-notice laws that have been enacted by many
states.6
Default.aspx?TabId=13489.
7
One source of information regarding cloud security are available from
the Cloud Security Alliance at http://www.cloudsecurityalliance.org/
Their Top Threats to Cloud Computing is available at: http://www.cloud-
securityalliance.org/topthreats/csathreats.v1.0.pdf.
16
The Green IT Domain
Paperless Workflow
In the aggregate, paper has a major impact on the environment.
Nearly 4 billion trees are used annually for paper production, which
is about 35 percent of all trees harvested.8 Many of those trees, at
least in the United States, do come from tree farms. According
to Technical Association for the Worldwide Pulp, Paper and
Converting Industry (TAPPI), 2.5 billion trees are planted each
year in the United States.9 However, Velte et al. (2008) indicates
that deforestation has released 120 billion tons of carbon dioxide
(CO2) into the atmosphere. In addition, the EPA reports that each
year millions of pounds of toxic chemicals such as toluene, meth-
anol, chlorine dioxide, hydrochloric acid, and formaldehyde are
released into the air and waterways from papermaking plants.10
8
http://ecology.com/features/paperchase/.
9
http://www.tappi.org/paperu/all_about_paper/faq.htm.
10
http://www.epa.gov/tri/.
17
Green IT Opportunities for Internal Auditors
• Paper recycling.
Telecommuting
A significant CSR contribution of IT can be supporting telecom-
muting. With modern computers and the ubiquitous reach of the
Internet, there is no technological reason for not implementing tele-
commuting. Besides the obvious savings associated with reduced
transportation costs, telecommuting reduces required parking
and office space (and associated lighting, cooling, and heating).
Obviously, not every job is a candidate for telecommuting. On the
other hand, telecommuting is not an all-or-nothing proposition.
While some employees could work away from the office nearly
11
Chapter 6 of Green IT provides a broad overview of going paperless.
18
The Green IT Domain
E-commerce
E-commerce and e-procurement can greatly reduce trips to stores
both on the buying and selling side. As discussed before, reducing
vehicle transportation has an immediate and significant impact of
reducing fossil fuel and other energy uses and pollution.
19
Green IT Opportunities for Internal Auditors
Manufacturing
Moving upstream in the IT value chain, the manufacture, ware-
housing, and distribution of IT-related equipment have a very
large carbon footprint. For example, Apple estimated that in 2009,
it was responsible for 9.6 million metric tons of greenhouse gas,
which breaks down as follows:12
20
The Green IT Domain
21
Green IT Opportunities for Internal Auditors
13
U.S. Department of Defense standards are available in the NISP
Operating Manual (also called NISPOM or DoD 5220.22-M) and
Defense Security Service’s Cleaning and Sanitization Matrix (C&SM).
The National Institute of Standards and Technology (NIST) publishes
Guidelines for Media Sanitization (Special Publication 800-88), which
includes sanitation methods.
22
SURVEY RESULTS
23
Green IT Opportunities for Internal Auditors
Table 2
Opinions Regarding Green Statements
Disagree
Disagree
Not Sure
Strongly
Strongly
Average
Neutral
Rating
Agree
Agree
Statements
0 1 2 3 4 5
1. The weather/
climate is really 6% 7% 9% 20% 30% 28% 3.4
changing.
2. Human-
created carbon
emissions are 10% 9% 7% 20% 30% 25% 3.3
causing climate
changes.
3. Green IT has a
major role in
reducing our
12% 5% 8% 20% 37% 18% 3.2
organization’s
carbon
footprint.
4. Green IT is
important
8% 7% 7% 18% 39% 22% 3.4
to our
organization.
5. Green IT costs
more than
15% 2% 18% 28% 29% 8% 2.8
“business as
usual.”
6. The IT
department
uses green IT
25% 13% 32% 23% 5% 2% 1.8
to justify IT
projects too
often.
24
Survey Results
Table 3
Does Your Organization Have a General Green Statement?
Options Percent
Yes, it’s actually an integral part of our mission or vision
20%
statements.
Yes, it’s not part of our mission statement, but it’s on
our website — and employees are reminded that it’s 18%
there (e.g., via periodic emails to employees).
Yes, it’s posted to our website, but it’s not actively
6%
publicized to our employees.
There is no formal, written statement, but we do
30%
consider ecological impact in decisions.
No. 25%
Other. 1%
25
Green IT Opportunities for Internal Auditors
Table 4
Does Your Organization Measure Its Carbon Footprint?
Options Percent
Yes — IT is not separately calculated. 28%
Yes — IT is separately calculated. 10%
No, but we plan to do the measurement in the near
future. 14%
No, and we have no plan to do so in the near future. 46%
Other. 2%
26
Survey Results
Figure 2
Percentage of Organizations that
Measure Their Carbon Footprint
27
Green IT Opportunities for Internal Auditors
Table 5
Most Senior Person Driving General and Green IT Initiatives
General
Green IT
Options Green
Initiatives
Initiatives
Board member 24% 14%
Chief executive officer (CEO) 36% 17%
Chief financial officer (CFO) 2% 2%
Chief operating officer (COO) 10% 6%
Chief information officer (CIO) 2% 42%
Chief audit executive (CAE) 2% 1%
Business unit managers 24% 18%
28
Survey Results
Table 6
Relationship Between Green IT Activities
and General Green Activities
Options Percent
Green IT activities parallel other general green activities. 40%
Green IT activities lead (are more advanced than) other
general green activities. 10%
Green IT activities lag behind other general green
activities. 47%
Other. 3%
On the other hand, Table 7 shows that a third (34 percent) of the
participants indicated that green IT is expected to become more
important over the next 12 months.
29
Green IT Opportunities for Internal Auditors
Table 7
Expected Change in Green IT Importance
Over the Next 12 Months
Options Percent
More important 34%
About the same 62%
Less important 4%
Green IT Drivers
Table 8 shows the importance of various potential green IT
drivers. The drivers are listed in order based on the driver’s rating
average. The fact that the top four drivers have similar rating aver-
ages indicates that green IT is multifaceted. As the last driver in
the table indicates, the action of competitors is a relatively minor
driver, with 28 percent of participants indicating that it was not
important.
30
Survey Results
Table 8
Importance of Various Potential Green IT Drivers
Somewhat
Important
Important
Important
Important
Average
Rating
Very
Not
Drivers
1 2 3 4
Reducing operational
5% 13% 40% 42% 3.2
costs (e.g., energy use).
Socially responsible thing
6% 15% 43% 36% 3.1
to do.
Government regulations. 8% 17% 35% 40% 3.1
Meet organization’s
12% 19% 44% 26% 2.8
overall green initiatives.
Actions of competitors. 28% 29% 30% 13% 2.3
31
Green IT Opportunities for Internal Auditors
Table 9 Table 10
Does Your Organization Does Your Organization
Monitor IT-related Have Measurable
Energy Spending? Green IT Goals?
32
Survey Results
Table 11
Considering All the Computers in Your Organization
Essentially 100%
Rating Average
26% to 50%
51% to 75%
76% to 99%
1% to 25%
None
Activities
1 2 3 4 5 6
What percentage of
desktop computers
is connected to
flat-panel displays 2% 7% 5% 13% 29% 43% 4.9
(as opposed to
traditional CRT
monitors)?
What percentage
of employees who
have an organization-
5% 37% 22% 17% 13% 7% 3.1
provided computer
have just a laptop
computer?
What percentage
of data processing
takes place in an
28% 37% 16% 9% 7% 3% 2.4
Internet-based
“cloud computing”
environment?
What percentage of
desktop computers is
38% 41% 8% 6% 4% 3% 2.0
“thin clients” (no hard
drive)?
33
Green IT Opportunities for Internal Auditors
Table 12
Potential Green IT Activities
34
Survey Results
Table 12
Potential Green IT Activities (Continued)
Yes
Modified data center cooling
29% 17% 12% 41%
infrastructure to improve efficiency.
Use cloud computing to reduce the
22% 25% 21% 33%
number of servers.
Build a new data center that is
18% 8% 14% 61%
energy efficient.
Moved a data center to another city/
state to reduce energy costs and/or 11% 7% 6% 76%
environmental impact.
35
Green IT Opportunities for Internal Auditors
Table 13 Table 14
Green IT Requirements Audit Provisions in Green
for Vendors IT Vendor Requirements
36
Survey Results
Table 15
Table 16
How Many Times
Who Conducted These
Have These Audits
Vendor Audits?
Been Performed?
37
Green IT Opportunities for Internal Auditors
38
Survey Results
Table 17
What Green IT Activities Could You Or
Your Internal Audit Department Do?
Done This, But They Have
My Department Hasn’t
My Department Could
the Skills to Do This
Department Skills
I Haven’t, But My
Department Has
Couldn’t Do This
With Current
Done This
Not Sure
Options
Design/develop
specifications for 3% 5% 14% 28% 27% 23%
green IT activities.
Design/develop
controls to monitor
green IT activities to
3% 4% 25% 26% 19% 23%
ensure compliance
with green IT
specifications.
Monitor controls
to determine
whether green IT 4% 6% 36% 23% 11% 21%
specifications are
being complied with.
39
Green IT Opportunities for Internal Auditors
Table 17
What Green IT Activities Could You Or
Your Internal Audit Department Do? (Continued)
My Department Hasn’t
My Department Could
Not Sure
Options
Provide assurance
that the green IT
monitoring controls
are being used 4% 5% 35% 21% 13% 23%
properly by others
(outside of internal
auditing).
40
Survey Results
Table 18
What Green IT Areas Have You Or Your
Department Been Involved In?
My Department Could
Not Sure
Options
Purchasing
computers
8% 10% 17% 24% 20% 21%
and related
equipment.
Designing data
center energy
2% 3% 8% 17% 44% 25%
and cooling
infrastructure.
Developing
equipment
disposal and 5% 6% 19% 31% 18% 21%
recycling policy
and procedures.
Complying with
green IT laws
and regulations 6% 4% 24% 29% 13% 24%
from government
agencies.
41
Green IT Opportunities for Internal Auditors
Figure 3
“Not Sure” Responses Sorted By Job Position
42
Survey Results
43
Green IT Opportunities for Internal Auditors
Table 19
In General, Should Internal Auditors Be
Involved in These Green IT Areas?
Maybe — It Depends
On Other Factors
Rating Average
Probably Okay
Definitely Not
Definitely Yes
Probably Not
Not Sure
Answers
1 2 3 4 5 0
Provide assurance
that the green IT
monitoring controls
are being used 2% 4% 8% 24% 54% 8% 4.0
properly by others
(outside of internal
auditing).
Monitor controls
to determine
whether green IT 4% 6% 11% 27% 44% 8% 3.8
specifications are
being complied with.
Design/develop
controls to monitor
green IT activities to
22% 17% 19% 20% 14% 8% 2.6
ensure compliance
with green IT
specifications.
Design/develop
specifications for 29% 25% 19% 14% 5% 8% 2.2
green IT activities.
44
CONCLUDING COMMENTS
45
Green IT Opportunities for Internal Auditors
The Big Four and other accounting and consulting firms are
aggressively selling green IT consulting, assessment, compliance,
and assurance services to organizations.15 Many of these green
IT services seem like a natural fit for internal auditors to offer.
Internal auditors are the ultimate organization insiders and have a
unique organizational perspective. In large organizations in partic-
ular, besides financial auditing, the internal auditors are already
heavily involved in operational and IT-related activities.
Auditing Metrics
46
Concluding Comments
47
Green IT Opportunities for Internal Auditors
Auditing Controls
48
Concluding Comments
49
Green IT Opportunities for Internal Auditors
Some of the questions and issues that the gap analysis could
include are:
50
Concluding Comments
51
APPENDIX A:
DEMOGRAPHICS
Responding Organizations
To solicit IIA members to complete the survey, emails were sent
to those members of the North America jurisdiction who classi-
fied themselves as internal auditors (as opposed to consultants,
students, etc.). As a secondary method, requests were posted on
Facebook and in IIA newsletters.
53
Green IT Opportunities for Internal Auditors
Table 20
Annual Revenue of Responding Organizations
54
Appendix A: Demographics
Table 21
Industries Represented
Industries Percent
Aerospace and defense 2.5%
Agriculture/forestry/fisheries 0.2%
Communication/telecommunication services 2.3%
Construction 0.9%
Consulting services 5.2%
Educational services 5.2%
Energy/oil and gas 2.6%
Financial services/real estate 14.5%
Gaming/lotteries 2.1%
Health services 4.9%
Insurance carriers/agents 5.8%
Local government 6.7%
National/federal government 5.4%
Manufacturing 7.0%
Mining 0.2%
Nonprofit sector 2.6%
Public accounting/accounting services 2.1%
State/provincial government 9.2%
Technology 2.1%
Transportation 2.5%
Utilities 4.1%
Wholesale/retail 2.8%
Other (please specify): 9.0%
55
Green IT Opportunities for Internal Auditors
The Respondents
Table 22 shows the respondents’ distribution of job positions. In
response to a separate question, 14.5 percent of the respondents
consider themselves to be IT auditors (no matter what their current
position is, as illustrated in Table 22).
Table 22
Current Position
Positions Percent
Internal audit staff 40.3%
Internal audit manager 20.2%
Internal audit director 9.3%
Chief audit executive 8.2%
IT audit staff 5.6%
IT audit manager 3.6%
IT audit director 0.8%
External public accountant providing internal audit
1.4%
services
Audit services contractor providing internal audit
2.0%
services
Other 8.7%
56
Appendix A: Demographics
Table 24
Table 23
Primary Job/Position
Primary Education or
Before Becoming an
Training Background
Internal Auditor
57
Green IT Opportunities for Internal Auditors
Table 25 Table 26
Personal Experiences With Personal Experiences With
General Green Activities Green IT Experiences
58
REFERENCES
59
Green IT Opportunities for Internal Auditors
60
References
61
The vision of The IIA Research Foundation is to understand, shape,
and advance the global profession of internal auditing by initiating
and sponsoring intelligence gathering, innovative research, and
knowledge-sharing in a timely manner. As a separate, tax-exempt
organization, The Foundation does not receive funding from IIA
membership dues but depends on contributions from individuals
and organizations, and from IIA chapters and institutes, to move our
programs forward. We also would not be able to function without
our valuable volunteers. To that end, we thank the following:
63
THE IIA RESEARCH FOUNDATION
BOARD OF TRUSTEES
65
THE IIA RESEARCH FOUNDATION
COMMITTEE OF RESEARCH
AND EDUCATION ADVISORS
Chairman: Philip E. Flora, CIA, CCSA, FloBiz & Associates, LLC
Vice-chairman: Urton L. Anderson, PhD, CIA, CCSA, CFSA, CGAP,
University of Texas-Austin
67
Green-IT
Opportunities for Internal Auditors
Green IT
H
Glen L. Gray, PhD, CPA Opportunities for Internal Auditors
Government regulators and other stakeholders are increasing their
C
demands on organizations regarding corporate social responsibility (CSR)
and sustainable development. A key component of CSR is reducing an
R
The report summarizes what organizations and internal auditors are currently
doing in the green IT domain and what they should be doing in this area.
Selecting the best green IT solutions — and prioritizing those solutions — for
A
an organization requires careful analysis of all the lifecycle costs (front-end
and ongoing), benefits, and risks before selecting the appropriate solutions.
E
opportunities for internal auditors to provide a wide variety of value-added
green IT services in auditing, facilitating, and consulting.
R
S
C
IIA members US $0
R
Nonmembers US $25
ISBN: 978-0-89413-707-5
5/11349/PM/GS