Published: June 16 2009, 10:32 AM | no comments
by Steve Romero

Are you looking for "the" solution to a specific problem in IT? Are you looking for a single solution for all of your problems in IT? Do you seek the "one" best practice that will make things better? Do you want that silver-bullet?

Don't look here, because I can't give it to you.

I have said this, time and time again. And there have been occasions when it was not well received at all. In fact, you might be wondering why you should even continue reading this post. You likely know plenty of sources to which you can turn that are more than willing to give you "the" answer.

I have been working as CA's IT Governance Evangelist for more than 2½ years now. I have had the honor to present and speak to thousands of people around the world. In those interactions I have been asked over and over, "Steve, here is our situation, what do we do?" My answer (though it makes my stomach hurt each and every time I say it) is always the same, "It depends." Even in those cases where there is a single solution, the approach, starting point, sequence and implementation roadmap will vary greatly from instance to instance.

I am certain this is not what they want to hear. Some are openly frustrated by my response. A few dismiss me outright and turn quickly towards others who will be delighted to tell them exactly what to do. Thankfully, most folks let me explain.

I am sure I don't need to convince you that the world of IT is incredibly complex. This intricate atmosphere creates multifaceted challenges, problems, issues and opportunities. The circumstances and variables are countless. Given this complexity, how can there be any single or simple answer? In fact, it will be a series and sequence of integrated solutions that will simplify and unify their complex IT environments, ultimately reduce its complexity, and make it far more manageable.

I tell everyone they have some homework to do before they can adequately answer their question. I provide them a laundry list of things they need to understand:

• Business problem or opportunity and related risks
• Industry and business sector
• Current capacity and capability
• Strengths and weaknesses
• Culture and organizational constructs
• Governance and decision-making mechanisms
• Policies, Standards, Processes and Procedures

In addition to understanding the elements I list above, they then need investigate:

• Disciplines and frameworks
• Approaches and Best Practices
• Standards and conventions
• Solutions, systems and tools
• External resources and potential Partners
• Mountains of research

Confronted with these lists (and please, I entice you to add to them) they will find they have a sometimes overwhelming myriad of choices and alternatives. This approach requires acute understanding, in-depth analysis, accurate interpretation and courageous decision. Most importantly, it requires time. If you don't have sufficient and adequate time then you must understand, mitigate and potentially accept the risk of not taking the time.

I was inspired to broach this subject because in addition to being asked what to do, I have had the luxury of immersing myself in research and interacting with countless brilliant and astute people in my profession. I enjoy their ideas, insights and theories. At the same time, I am bothered by some of their conclusions. I have witnessed a propensity if not an obligation to accompany investigation with one-size-fits-all recommendation. Why? Go back to the first paragraph of this post. Too many of us want "the" answer. We want the solution to be singular, simple, and even easy. As I have said countless times, if it was easy, we would already be doing it.

I urge caution in those instances when specific recommendations follow research. I will give said researchers the benefit of the doubt that these recommendations are based on their devoted and fervent desire to help others succeed. It is quite reasonable to accept the notion that following the singular recommendation is better than doing nothing. Enterprises are likely subscribing to the 80/20 rule, which is many cases is adequate. My hope is that those adopting this approach are doing so due to reasoned and rational necessity as opposed to expediency or worse, recklessness. I also hope they luckily if not accidentally select a recommendation that is "coincidently" appropriate for them.

Whatever the case may be, I will continue my quest to evangelize IT Governance and resist the urge to downplay its complexity. I will try to persuade folks there is power and promise in the discipline when it is applied thoughtfully and appropriately. I will try to convince them to take the time to do the right things, and to do them right. I will inform them that their approaches and paths to success will vary greatly from their contemporaries as well as their counterparts. I will tell them it is a journey that requires audacity, courage, perseverance and resilience. I will continue to insist there are no easy answers, and I will warn everyone to question any "one size fits all" recommendation or solution.

One last note, I drafted this post on my flight to Boston to attend MIT's CISR Executive Summer Session. This is my third trip to MIT and I don't want to give you the impression my time with these incredible minds (led by Peter Weill and Jeanne Ross - both heroes of mine) inspired this post, quite the contrary. I have never seen them oversimplify the answers to the incredibly complex question of how enterprises derive value from technology. MIT CISR has been addressing that question for 35 years and they are the first to admit, there are no easy answers.

Steve Romero, IT Governance Evangelist

Share this post:  Email

Share

Published: June 11 2009, 11:52 PM | 2 Comment(s)
by Steve Romero

Have you been "reorged" lately? I would bet if you have been in the same IT organization for more than three years you have been involved in at least one reorganization. And this is under "normal" circumstances. Given the disastrous economic downturn, I am sure countless Enterprises have turned to the infamous reorg as a response to the need to do things differently in IT.

Do you recall your response to the news of your last reorganization? Were you excited and encouraged? Or were you dismayed, frustrated or even angry? What was the outcome of the reorganization? Were things notably better? Were they worse? Was there any change at all (other than to whom you reported)?

I can't begin to recall and recount all of the reorganizations in which I have been involved in my over 30 years working in IT. And I must confess, I was not always on the receiving end. I participated in driving and implementing a few reorgs in my time. One thing I can recall, none of the reorganizations resulting in substantial change or marked improvement. (I can admit this now, needing also confess to the myriad rationalizations that followed our inability to transform IT.)

And consider these reorganizations are seldom met with optimism and hopefulness. In fact, they are almost always met with resistance, incredulous apathy or even subversive ridicule. So when things aren't working, why do Enterprises turn to this convention over and over again?

I contend it is a lack of adequate and appropriate IT Governance. Yes, I know. You saw that coming. So here is my argument:

In my last two blog posts I noted how I declare all organizations have IT Governance, even if they don't recognize it. I base this assertion on the simplest definition of governance: the processes and relationships that lead to reasoned decision-making in the use of IT. I maintain if an organization is making technology decisions, they have IT Governance. I merely point out that their governance is comprised primarily of relationships (people) and non-existent, ad-hoc or chaotic processes.

Given this line of reasoning, I can explain and understand why Enterprises reorganize IT over and over again. What else can they do? If you don't have adequate processes in support of your IT Governance, then your only alternative is to turn to the other dimension of the discipline - relationships. People! Hence, reorg.

When IT is not aligned with the business, not delivering value, not managing risk, resources and performance, then we have to do something. We have to change. We have to change our IT Governance. Given the immaturity and inadequacy of IT Governance processes in Enterprises today (based on abundant research) we have little choice but to turn to the people and their relationships that result in technology decisions. How do we overtly affect relationships? Reorg.

So until you establish, manage and optimize your IT Governance processes to support the people making technology decisions, brace yourself for your next reorg. It is just a matter of time.

Steve Romero, IT Governance Evangelist

Share this post:  Email

Share

Published: June 08 2009, 10:16 PM | no comments
by Steve Romero

In my last blog post I noted how I use the basic definition of governance to convince organizations they have IT Governance, even if they don't recognize it. I make this assertion so often that I hardly took note of my brevity in presenting the argument. Upon reflection I thought I should elaborate on this position and invite others to share their thoughts on my contention.

First, I must admit that I did not always have this belief. In fact, I spent a lot of time and energy during my first year as CA's IT Governance Evangelist pondering and attempting to help other folks solve the challenge of persuading their organizations to embrace and establish IT Governance. The question of how to "convince" leadership came up soon after I delivered my first IT Governance presentations. I spent the months that followed refining my opinions and suggestions to bolster my endeavor to help people gain Executive Sponsorship for IT Governance.

My favorite suggestion was to understand the challenges and opportunities of their Enterprises. I told folks if they understood what kept their Leaders up at night they could map those concerns to the appropriate aspect of IT Governance to showcase its potential. I am not a process-for-the-sake-of-process person and I believe we should always have an acute understanding of the business problem we need to solve before undertaking any process effort.

In addition to understanding the problem or opportunity I suggested variations of the following:

• Understand how your organization defines value and establish a business case that shows the value of IT Governance
• Understand and speak the language of your organization to ensure your message and recommendations resonate with Executive Management
• Find a willing and influential Sponsor on the Leadership Team to advocate your cause
• Work at the grass-roots level to identify and solve a problem using an IT Governance construct in the hopes of showcasing the discipline's potential if it is applied at an Enterprise level

As I continued to amass these clever ideas I decided one evening to write them done for future reference and continued refinement. As I began listing them in my head I had an epiphany, I don't need to help convince organizations to "do" IT Governance...they are already doing it!

Let's begin with the most basic, if not simplest definition of IT Governance: The processes and relationships that lead to reasoned decision-making in the use of IT. This simple definition has three major components:

• Processes
• Relationships
• Decision-making

So to test if an Enterprise has IT Governance, we need ask only 3 questions:

1. Are they making technology decisions?
2. Do they have relationships (people interacting with other people)?
3. Do they have processes?

It is practically incomprehensible to think there are enterprises not making technology decisions, so the answer to Question 1 is most likely "yes." Every organization I have ever seen has people, so the answer to Question 2 is also "yes." Question 3 is a little less straightforward, as I have encountered numerous organizations that mistakenly claim, "We are not a process shop." Yes, mistakenly.

I have heard the following from many people, "My organization does not have processes." I then hear one of the two following statements, "We've tried to put processes in place and they failed," or "We decided we are not a process shop." Let's dispel this mistaken notion right now, ALL organizations, enterprises, companies etc., have process. It is simply a matter of whether or not the processes are informal or formal and to what degree.

I follow a process when I brush my teeth. I don't have a documented process design, and I never formally implemented my tooth brushing process, and I don't officially manage the process. But it is a process none-the-same. For those organizations claiming they don't have processes, they in fact do. It is just that their processes are:

• Ad hoc, informal, inconsistent
• Unknown, unnamed, unrecognized
• Fragmented, haphazard, disjointed, disconnected
• Incoherent, complex, chaotic
• Lacking continuity, uncoordinated, not integrated
• Not managed, not measured

So if you accept my contention that all organizations have process, and the other two aspects of IT Governance are a given (relationships and technology decisions) then ALL Enterprises have IT Governance. The major differentiator from one organization to the next is simply the nature and formality of the processes in place to enable IT Governance. For those that don't have processes, all of their technology decisions are simply based on relationships - people making decisions about technology.

So the question is not, "Should we have IT Governance?" The question is, "How well is our IT Governance working?"

If your making money hand-over-fist, if your shareholders and constituents are delighted, if your employees are happy and self-actualized, if you have enough resources to get all of the work done, if your programs and projects are successful, if everyone loves IT, then you are good to go. If your technology is aligned with your business, if your technology investments deliver appropriate value to the business, if you are properly managing technology risk, resources and performance, then don't change a thing. If not, then take a look at your IT Governance framework, constructs and mechanisms. I'll bet we can do something about the IT Governance processes needed to help people in your organization make reasoned and rational technology decisions. We can introduce and establish the IT Governance required to make them successful.

Did I convince you that any Enterprise making decisions about the use of technology has IT Governance? Let me know.

Steve Romero, IT Governance Evangelist

Share this post:  Email

Share