Shadow system is a term used in information services for any application relied upon for business processes that is not under the jurisdiction of a centralized information systems department. That is, the information systems department did not create it, was not aware of it, and does not support it.
Shadow systems (a.k.a. shadow data systems, data shadow systems, shadow information technology, shadow accounting systems [1] or in short: Shadow IT) consist of small scale databases and/or spreadsheets developed for and used by end users, outside the direct control of an organization's IT department.
The design and development process for these systems tends to fall into one of two categories. In the first case, these systems are developed on an adhoc basis rather than as part of a formal project and are not tested, documented or secured with the same rigor as more formally engineered reporting solutions. This makes them comparatively quick and cheap to develop, but unsuitable in most cases for long term use. In the second case, the systems are developed by experienced software developers that are not part of the organization's information systems department. These systems may be off-the-shelf software products or custom solutions developed by contract programmers. Depending on the expertise of the developers, these solutions may exceed the reliability of those created by the organization's information systems department.
The term can also refer to legitimate, managed replicas of operational databases that are isolated from the user base of the main system. These sub-systems can be used to track illegitimate changes to the primary data-store by 'back doors' exploited by expert but un-authorized users.
As stated in Price Waterhouse Coopers [2] report on Spreadsheet Risk Management "The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act" :
"Many companies rely on spreadsheets as a key component in their financial reporting and operational processes. However, it is clear that the flexibility of spreadsheets has sometimes come at a cost. It is important that management identify where control breakdowns could lead to potential material misstatements and that controls for significant spreadsheets be documented, evaluated and tested. And, perhaps more importantly, management should evaluate whether it is possible to implement adequate controls over significant spreadsheets to sufficiently mitigate this risk, or if spreadsheets related to significant accounts or with higher complexity should be migrated to an application system with a more formalized information technology control environment."
An organization that has a centralized Information Services department usually requires rigorous guidelines for developing a new system or application. Simultaneously, with the rise of powerful desktop applications that give savvy end-users the ability to author sophisticated tools on their own, a business group often finds it more expedient to create the application themselves.
Any organization faces a multitude of pressures to change and respond to new government regulations, customer demands and action by competitors. In order to respond to these changes, organizations need to be able to understand all aspects of their business and often ask questions of itself that have never been asked before.
Ongoing pressure for change creates an ongoing pressure to analyze data in new ways and get information quickly into the hands of people who need it. Only through creative and flexible reporting are businesses able to spot new trends and identify new opportunities rapidly enough to take full advantage of them.
The type of data analysis that most frequently necessitates the development or purchase of Shadow Systems usually comes from the needs of the user. Since the centralized information systems department usually reports to the organization’s CFO or COO, the systems that they develop are designed for their needs. The needs of departmental managers are often quite different, requiring more detailed analysis that incorporate variables not contained in the solution designed by the central information systems department.
The greatly increased power of personal computer hardware and software analysis tools has meant that individual users now have all of the computing power they need right in front of them. Large databases containing all of an organization's customer, supplier, or accounting information; the kind that could once only be stored on a central corporate mainframe, can now be contained easily on a single laptop.
Quite properly, when a reporting system is put together by IT professionals, they need to consider all aspects of how the system will be used. In addition to just putting the information together they need to consider the following:
The various skills that are required to achieve all of this means that inevitably a number of different people will all be involved in the task of creating the new report. This increases the amount of time and effort it takes to put a rigorously engineered solution in place. Shadow Systems typically ignore this kind of rigor, making them much faster to implement, but less reliable and more difficult to maintain.
When Shadow Data Systems are created by end users whose main area of expertise is something other than software engineering, they are subject to the following problems:
Shadow Data Systems often suffer from poor design. Errors may be hard to find, modifications may be difficult, and long-term support may be troublesome.
Typically, Shadow Data Systems are only used by one or two people. Unless they are developed by experienced programmers, it may be difficult to scale them up to support tens or hundreds of users.
Shadow Data Systems are often lack adequate documentation. Knowledge about the system is passed by word-of-mouth and can be confined to a very small number of people. This knowledge is then lost completely if one or two staff members leave.
Around two thirds of the effort involved in professional software development is expended in testing. Shadow Data Systems undergo much more cursory testing and may have latent errors that only become apparent after a long period of production use.
Shadow Data Systems hold substantial chunks of company data and can include confidential information about customers, suppliers or staff. The access control processes for these systems are often much more lax than for a centralized company database and may not even exist at all. Physically locating sensitive data on desktop or laptop computers can leave an organization very exposed if the computer is stolen.
Data in local databases and spreadsheets can very easily be modified, either intentionally or otherwise. Once changed it can be hard to track what changes have been made and what the original data looked like. Where the system manipulates the data it can introduce more subtle errors that remain completely undetected for long periods.
Shadow systems existing on a single computer are often not regularly backed up. It is best to have these systems on a computer that is regularly backed up or on a server.
There may be many different shadow systems within an organization reporting against the same data. Each one may add filters and manipulate the data in different ways. This can lead to apparent inconsistencies in their output. Where two shadow systems disagree, either or both of them may be wrong.
When Shadow Data Systems are created by an experienced programmer or software engineer with significant input from departmental management, the resulting solution frequently exceeds the capability of those created by the organizations centralized information systems department. The experience of the programmer / software engineer easily removes most of the previously stated problems. And, when combined with input of departmental management, the resulting product actually meets the needs of the end user.
Software is a collection of programs and data that tell a computer how to perform specific tasks. Software often includes associated software documentation. This is in contrast to hardware, from which the system is built and which actually performs the work.
In computing, a database is an organized collection of data or a type of data store based on the use of a database management system (DBMS), the software that interacts with end users, applications, and the database itself to capture and analyze the data. The DBMS additionally encompasses the core facilities provided to administer the database. The sum total of the database, the DBMS and the associated applications can be referred to as a database system. Often the term "database" is also used loosely to refer to any of the DBMS, the database system or an application associated with the database.
A spreadsheet is a computer application for computation, organization, analysis and storage of data in tabular form. Spreadsheets were developed as computerized analogs of paper accounting worksheets. The program operates on data entered in cells of a table. Each cell may contain either numeric or text data, or the results of formulas that automatically calculate and display a value based on the contents of other cells. The term spreadsheet may also refer to one such electronic document.
A management information system (MIS) is an information system used for decision-making, and for the coordination, control, analysis, and visualization of information in an organization. The study of the management information systems involves people, processes and technology in an organizational context.
An application program is a computer program designed to carry out a specific task other than one relating to the operation of the computer itself, typically to be used by end-users. Word processors, media players, and accounting software are examples. The collective noun "application software" refers to all applications collectively. The other principal classifications of software are system software, relating to the operation of the computer, and utility software ("utilities").
A Laboratory management system (LIMS), sometimes referred to as a laboratory information system (LIS) or laboratory management system (LMS), is a software-based solution with features that support a modern laboratory's operations. Key features include—but are not limited to—workflow and data tracking support, flexible architecture, and data exchange interfaces, which fully "support its use in regulated environments". The features and uses of a LIMS have evolved over the years from simple sample tracking to an enterprise resource planning tool that manages multiple aspects of laboratory informatics.
In computer programming, a software framework is an abstraction in which software, providing generic functionality, can be selectively changed by additional user-written code, thus providing application-specific software. It provides a standard way to build and deploy applications and is a universal, reusable software environment that provides particular functionality as part of a larger software platform to facilitate the development of software applications, products and solutions.
Business software is any software or set of computer programs used by business users to perform various business functions. These business applications are used to increase productivity, measure productivity, and perform other business functions accurately.
An accounting information system (AIS) is a system of collecting, storing and processing financial and accounting data that are used by decision makers. An accounting information system is generally a computer-based method for tracking accounting activity in conjunction with information technology resources. The resulting financial reports can be used internally by management or externally by other interested parties including investors, creditors and tax authorities. Accounting information systems are designed to support all accounting functions and activities including auditing, financial accounting porting, -managerial/ management accounting and tax. The most widely adopted accounting information systems are auditing and financial reporting modules.
Stages-of-growth model is a theoretical model for the growth of information technology (IT) in a business or similar organization. It was developed by Richard L. Nolan during the early 1970s, and with the final version of the model published by him in the Harvard Business Review in 1979.
Write once, compile anywhere (WOCA) is a philosophy taken by a compiler and its associated software libraries or by a software library/software framework which refers to a capability of writing a computer program that can be compiled on all platforms without the need to modify its source code. As opposed to Sun's write once, run anywhere slogan, cross-platform compatibility is implemented only at the source code level, rather than also at the compiled binary code level.
Customised software is software that is developed specifically for some specific organization or other user. As such, it can be contrasted with the use of out-of-the-box software packages developed for the mass market, such as commercial off-the-shelf software, or existing free software.
In business and accounting, information technology controls are specific activities performed by persons or systems designed to ensure that business objectives are met. They are a subset of an enterprise's internal control. IT control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC includes controls over the Information Technology (IT) environment, computer operations, access to programs and data, program development and program changes. IT application controls refer to transaction processing controls, sometimes called "input-processing-output" controls. Information technology controls have been given increased prominence in corporations listed in the United States by the Sarbanes-Oxley Act. The COBIT Framework is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches. IT departments in organizations are often led by a chief information officer (CIO), who is responsible for ensuring effective information technology controls are utilized.
Enterprise software, also known as enterprise application software (EAS), is computer software used to satisfy the needs of an organization rather than its individual users. Enterprise software is an integral part of a computer-based information system, handling a number of business operations, for example to enhance business and management reporting tasks, or support production operations and back office functions. Enterprise systems must process information at a relatively high speed.
End-user development (EUD) or end-user programming (EUP) refers to activities and tools that allow end-users – people who are not professional software developers – to program computers. People who are not professional developers can use EUD tools to create or modify software artifacts and complex data objects without significant knowledge of a programming language. In 2005 it was estimated that by 2012 there would be more than 55 million end-user developers in the United States, compared with fewer than 3 million professional programmers. Various EUD approaches exist, and it is an active research topic within the field of computer science and human-computer interaction. Examples include natural language programming, spreadsheets, scripting languages, visual programming, trigger-action programming and programming by example.
IT Application Portfolio Management (APM) is a practice that has emerged in mid to large-size information technology (IT) organizations since the mid-1990s. Application Portfolio Management attempts to use the lessons of financial portfolio management to justify and measure the financial benefits of each application in comparison to the costs of the application's maintenance and operations.
Accounting software is a computer program that maintains account books on computers, including recording transactions and account balances. It may depends on virtual thinking. Depending on the purpose, the software can manage budgets, perform accounting tasks for multiple currencies, perform payroll and customer relationship management, and prepare financial reporting. Work to have accounting functions be implemented on computers goes back to the earliest days of electronic data processing. Over time, accounting software has revolutionized from supporting basic accounting operations to performing real-time accounting and supporting financial processing and reporting. Cloud accounting software was first introduced in 2011, and it allowed the performance of all accounting functions through the internet.
In big organizations, shadow IT refers to information technology (IT) systems deployed by departments other than the central IT department, to bypass limitations and restrictions that have been imposed by central information systems. While it can promote innovation and productivity, shadow IT introduces security risks and compliance concerns, especially when such systems are not aligned with corporate governance.
GrapeCity, inc. is a privately held, multinational software corporation based in Sendai, Japan, that develops software products and provides outsourced product development services, consulting services, software, and Customer relationship management services. GrapeCity also has established WINEstudios, a media design and digital production facility in Japan.
Customer data management (CDM) is the ways in which businesses keep track of their customer information and survey their customer base in order to obtain feedback. CDM includes a range of software or cloud computing applications designed to give large organizations rapid and efficient access to customer data. Surveys and data can be centrally located and widely accessible within a company, as opposed to being warehoused in separate departments. CDM encompasses the collection, analysis, organizing, reporting and sharing of customer information throughout an organization. Businesses need a thorough understanding of their customers’ needs if they are to retain and increase their customer base. Efficient CDM solutions provide companies with the ability to deal instantly with customer issues and obtain immediate feedback. As a result, customer retention and customer satisfaction can show marked improvement. According to a study by Aberdeen Group, "above-average and best-in-class companies... attain greater than 20% annual improvement in retention rates, revenues, data accuracy and partner/customer satisfaction rates."