Published: August 26 2008, 11:34 AM | 1 Comment(s)
by Steve Romero

It is inappropriate, if not impossible, to talk about IT Governance without focusing on transparency. The term is used again and again and has become an aspiration for IT organizations that increasingly understand the importance of providing and sharing information with the business. This is critical for the decision-making process. I would bet that providing transparency is likely a goal of your enterprise as well.

So given its prevalence, I encounter and use the word frequently. Each time I do, I pause to reflect on the use of this word in IT. When somebody says, "Steve, you're transparent," I don't take it as a compliment. I don't aspire to be transparent because unless you're a window, it is not a compliment. Yet when we use the term in IT, it is a stated goal, despite the fact that if you ask most business units, they will tell you they can already "see through IT."  Personally, I prefer the word "visibility." I entice folks to provide visibility into IT decision-making and visibility to information regarding IT's capability and performance.

I share this view of the word with my audiences and it is always good for a chuckle. I say I intend to research the genesis of its usage in IT to find out who first coined the term. I finally took the time to do so. Enter the word in a Google search and you get tons of hits, but I could not find who said it first. When all else fails, there's Wikipedia.

From Wikipedia, the free encyclopedia:

Transparency (optics), the physical property of allowing the transmission of light through a material

Literal uses:

• Electromagnetically induced transparency, an effect in which a medium that is normally opaque at a particular wavelength is caused to become temporarily transparent
• Pentimento, an alteration in a painting, often revealed with growing transparency in paints with age
• Transparency (photography), a still, positive image created on a transparent base using photochemical means
• Transparency (projection), a thin sheet of transparent material for use with an overhead projector

Metaphorical meanings can amount to clear visibility, but also the opposite, invisibility (in particular of irrelevant details).

Transparency may also refer to:

In computing and mathematics:

• Transparency (computing), user and engineering design considerations, including
• Location transparency if the names used to identify network resources are independent of both the user's location and the resource location
• Network transparency if there is no difference between the centralized database and the distributed database
• Transparency (data compression), the ideal result of lossy data compression
• Transparency (telecommunication), the property by which a transmission system passes a signal through without changing its form or content
• Transparency (graphic), for overlay and translucency in PNG, GIF, and TIFF files
• Transparency (pseudo), or background translucency in the X or X11 Window System
• Referential transparency in programming designates a deterministic function

Notice the one sentence above in regard to its metaphorical use. It can amount to clear visibility (our intent when using it in IT), but also the opposite - invisibility! This is the only reference to how we use the term in IT. In fact, the subsequent computing and mathematic usage examples lean toward invisibility.

In my opinion, this is yet another example of our affinity with jargon. We have this apparent need to invent words to convey our message. Our desire is to be more open, forthright and straightforward, so we invent a new meaning for an existing word!

So I implore every IT organization to establish IT Governance and the associated governance processes and mechanisms to provide visibility into IT decision-making and the information used to make those decisions. They need to provide this visibility to their customers, their constituents and to their stakeholders. (Stakeholder: The person assisting the vampire killer.)

If you got to the end of this blog, you are a geek like me.

Share this post:  Email

Share

Published: August 20 2008, 07:33 AM | 3 Comment(s)
by Steve Romero

I attended the ISACA International Conference in Toronto the last week of July to speak on IT Governance. The presentation was to provide an overview on the genesis and purpose of IT Governance along with my views of how IT Governance addresses the goals and challenges of an enterprise. I had mixed feelings about the conference.

I have been a member of ISACA for almost 6 years now. I have never worked in an IT audit organization but I have always believed in a strong partnership between IT audit and the IT organization. I have spoken at a number of regional ISACA conferences but this was my first international conference. It was also taking place in Canada and I always enjoy my trips to the Great White North - especially in the summer.

The downside of the visit was my assigned timeslot in the 3-day event. You guessed it, the last presentation on the last day. To make matters just a bit worse, it was a full day so I was scheduled to start at 3:30 and finish at 5:00. I am sure you have been to your share of multi-day conferences. What happens on the last day? There is an early exodus so people can catch planes and get back home to family and work. Many conferences acknowledge this by ending the last day early--not the case for this conference.

I didn't attend any forums on the last day, opting instead to get some work done before my presentation at 3:30. I could not help but continue to wish my presentation had been scheduled for Day 1. Instead, here I was relegated to presenting my view of what IT Governance is at the end of an IT Governance conference. This was coupled with the fact I would probably have about 15 folks in attendance out of the 400 registered.

Despite the less-than-optimal circumstances, I managed to muster my usual level of enthusiasm. I sincerely enjoy talking about IT Governance, no matter how large or small the audience. I arrived in the large conference room early so I could make some adjustments. I moved 3 easels to the center of the room and wrote "This Section Closed" on them. This cut the room in half so the 15 people attending my session would be forced to sit on the same side and choose from 75 seats instead of 150.

To my complete and utter shock, we had to open the side of the room I had closed. Here it was the final session of the final day of a 3-day conference and I had about 80 people attending the session. Even more shocking was that only two left before 5:00! Everyone stayed for the Q&A and quite a few stayed to chat with me after the forum.

So I once again found inspiration in the level of interest in the power and promise of IT Governance.

Share this post:  Email

Share

Published: August 15 2008, 06:50 AM | no comments
by Steve Romero

I met with Senior IT project and portfolio decision-makers of a major financial institution last week. I gave two presentations: the first on IT Governance and the next on Project and Portfolio Management (PPM). We had two hours for each presentation so we had plenty of time for questions and discussion.

As with most of the companies I encounter, this organization is struggling with IT Project and Portfolio Management. They don't have enough resources to get the work done. Many projects are behind schedule, over budget or performing below expectations. They have conflicting priorities if they have priorities at all. Executive Management provides oversight for only a subset of the work, neglecting to oversee the entire IT portfolio.

The presentations were well received and there was a significant exchange of ideas between participants. Almost everyone in attendance was eager to participate in an overall approach to addressing the lack of governance and they agreed to a number of action items and next steps.

After the presentations a few of us got together for lunch and informal conversation. The team continued to describe their numerous issues and challenges. After 45 minutes or so, one of the team members looked to me and asked, "Are we the only ones with these problems?"

This is the perception for many IT professionals mired in the problems and issues caused by inadequate IT Governance in their enterprise. They think the problems are unique to their organization. They are convinced others must be doing things differently. Surely, these problems cannot be industry-wide.

I assure them that indeed, others are suffering from the same problems and issues. I explain how I personally struggled with these challenges in each of the IT organizations in which I have worked. I tell them that in my almost two years as IT Governance Evangelist, I have met 1:1 with over 3 dozen major companies in 5 different countries and I have presented to IT professionals from 100s of companies. Despite this massive exposure to countless professionals in just about every type of enterprise, I can count the number who have mastered IT Governance on one hand. Throw in my other hand and a few toes and I can count the folks who have solved their PPM challenges. (Obviously I am not including CA Clarity PPM customers in this tally.)

PPM is still a very immature process across all industry sectors. There are some great examples of spectacular success, but these are much more the exception than the rule. But there are new success stories being written every day.

I'm not sure if this news is reassuring or not. Yes, misery loves company, but when somebody finds so many others are suffering as they do, does this motivate them or discourage them?

The effect of that single question aside, this particular group of folks at the financial institution was very encouraged by the prospect of IT Governance and well managed PPM processes. They are forging ahead in their efforts and believe they can greatly improve their performance and ability to meet their goals. And I can speak from experience, in this, they are not alone.

Share this post:  Email

Share

Published: August 04 2008, 07:34 AM | no comments
by Steve Romero

Measuring the value of governance is a daunting challenge shared by IT Governance practitioners.  Yet, without empirical evidence, it is difficult to prove strategic business advantage.

At best, most folks can only show IT cost savings or cost avoidance--which perpetuates the perception that IT is a cost-center or overhead, as opposed to a strategic asset they should leverage for competitive advantage.

I was reminded of this issue by this message I saw on an ITG forum I belong to. I've changed the content just a bit from the original:

"I'm probably the nearest thing we have to a local IT governance evangelist and we've been working on improving controls for several years.

There is no question in my mind that we are doing things "better" from a control perspective. Good account management, change control and so on are now part of the regular modus operandi. That being said, I'd be really hard-pressed to prove to our CEO that there have been material benefits to the organization.

I may be wrong but I doubt that many companies have the level of sophistication with respect to metrics for example, to be able to say; ‘see, we used have 3 failures per 10 changes, now through better governance we have 1'.

Yes, we can say that we have reduced the risks because we now process employee terminations in 24 hours instead of say a week (example only) but let's not kid ourselves - that has little value in the eyes of most CEOs. .

I know what we have done is good for the organization and I believe in what we have done but demonstrating that in a meaningful way to a CEO...I'm not sure I could do that."

I feel his pain!

There is no doubt that capturing metrics takes time and resources.  And in most cases, the most drastic improvements have taken place since a point in time when metrics were not captured at all--meaning that your most significant success cannot be measured. 

When compelling metrics are not available, the key to showing value to the business is to speak to stakeholders in terms they understand and value--and talking about reducing errors per change isn't going to do it.

If you are faced with the same issue, my following edited contribution to the ITG forum may help:

"Below is a cheat-sheet I use to make the connection between IT Governance and enterprise success. It is a list I culled over 4 years ago from ITGI collateral and I use it still today. The challenge (MAJOR challenge) is to make the connection between the operational level metrics associated with controls and the talking points in the list below. You will note that these talking points align with the principles of IT Governance. The idea here is to elevate your metrics to this level of discussion with Executive Management.

The process for collecting and aggregating task level metrics to these higher-level measures requires an organization that has implemented a very sophisticated performance management and the associated metrics and measures systems. Many IT organizations report on these elements, but they can't 'prove the math.' Good luck!"

1) To Show That IT is Aligned with the Business

• Show how IT supports the Enterprise strategy (show how the future IT supports the future Enterprise)
• Show how IT Operations are aligned with current Enterprise operations

Possible talking points

Show how IT:

• Delivers against the strategy
• Balances investments between systems that support the enterprise as is, and transforms the enterprise to create an infrastructure that enables the business to grow
• Adds value to products and services
• Improves customer satisfaction and customer retention
• Assists in competitive positioning
• Contains costs and improves administrative efficiency
• Increases managerial effectiveness

2) To Show that IT is Delivering Appropriate Value to the Business

• Show how IT delivers appropriate quality on-time and within budget
• Show how actual cost and return on investment is managed

Possible talking points

Show how IT:

• Is fit for purpose, meeting business requirements
• Flexible to adopt to future requirements
• Provides required throughput and response times
• Enables ease of use, resiliency and security
• Provides integrity, accuracy and currency of information

3) To Show That IT is Appropriately Managing Risk

• Show how IT manages Risks

Possible talking points

Show how IT:

• Mitigates risk by implementing controls (e.g. Risk Management Systems, Audit controls, acquiring and deploying security technology to protect the infrastructure, Business Continuity Planning, Disaster Recovery, etc.)
• Transfers risk by sharing risk with partners or transfers risk to insurance coverage
• Accepts risk by formally acknowledging that the risk exists and it is being monitored

4) To Show That IT is Appropriately Managing Resources

• Show how IT optimizes the infrastructure
• Show how IT optimizes human resources

Possible talking points

Show how IT:

• Manages system procurement
• Benefits from service procurement
• Manages the lifecycle of hardware, software licenses and services contracts
• Applies appropriate methods and adequate skills to manage and support IT Projects and Systems
• Improves workforce planning, recruiting and workforce retention
• Provides IT education and development

5) To Show That IT is Appropriately Managing Performance

• Show how IT measures performance (balanced scorecard, metrics and measures, etc.)

Possible talking points

Show how IT:

• Establishes and measures financial objectives
• Maps financial objectives to customer requirements and needs
• Measures process performance, effectiveness, efficiency and criticality to the business
• Addresses innovation requirements and future needs
• Determines how business executives and users view the IT department

Share this post:  Email

Share