Odds are, when you started this whole compliance thing, you did so because you “had greatness thrust upon you.” You got pulled in because auditors found problems with IT and you had to address it.
Further, odds are the errors they found were in one or more of the following six areas: User Access Management, Change Management, Code and Release Management, Configuration Management, Resolution Management and Service Level Agreements. Sure, there are lots and lots of places problems can come up. There are lots and lots of things auditors look at. Certainly some of their findings will be in other areas. In the main though, the vast majority of the issues we see come in these six areas.
I don’t believe this is an accident, either. If you’ve ever been in a shop that can’t manage their users, struggles with managing change, have troubles with stabilizing their configuration, creates “one-off” solutions via development or has poor resolution and service level agreement standards, you know how painful it can be. The business is probably beating IT up day in and day out over these issues. IT struggles to gain and maintain credibility. New projects don’t get approved because the business doesn’t trust the IT organization to deliver. In the worst of these cases, people start looking for silver bullets in the form of reorganizations or outsourcing. These audit issues simply confirm for the business and the Board of Directors, IT doesn’t know what its doing. But is that really true? No, of course not, but it’s certainly an easy conclusion to jump to if you don’t know any better.
A 2007 study by the IT Process Institute (www.itpi.org) found that well defined controls in these six areas correspond to predicting the top performing IT organizations, and that the lack of these controls conversely predict the lowest performing IT organizations. When we talk about performing, we’re not just talking about getting the job done – we’re talking about radical, bottom-line differences between the high and low performers.
The difference between the high and low performers, again according to ITPI, is enormous. High performing organizations manage and deliver on more projects with fewer staff. They manage a significantly greater number of servers per administrator. They experience fewer outages and return to service more quickly when they do experience outages. They deploy changes more effectively. They are better, stronger and more agile than their low performing counterparts.
For practitioners in compliance and governance, this has a very real implication – we can drive the organization to deliver higher value at a lower cost while making it more compliant and more agile. Holy cow! Think about that for a minute – If I came to you and said I can cut your costs, improve your performance and make you more agile as an organization for a limited investment of money and a willingness to address cultural issues, and could back that up with studies demonstrating what I’m saying, how would you react? More importantly, how many organizations would walk away when that proposition is on the table?
But how much value, you ask? Let’s take just one area noted above. Jack Keen and Bonnie Digrius, in their book Making Technology Investments Profitable, determined a typical public enterprise could boost share prices by 3% simply by improving the rate of successful project delivery. Translated into terms we all can understand, this seemingly meager amount, for a company with a $2B market capitalization, results in $60M for the corporate investment coffers. This massive boost comes from the accelerating cumulative effects of successful control. Deliver more projects that improve the products and overall business in a shorter period of time and you’ll create more value for the organization.
Over the next few installments, we will develop a roadmap which can help take you from being a cost-center compliance organization to a value generating governance organization. We’ll start by looking at what each of these controls mean, what they do and why they are important. Then, we’ll explore how you can bring them into your environment and make them a living, breathing part of your organization. It’s a fun ride.
No comments:
Post a Comment