What is IT Governance?

Hello,

'IT Governance' is a term we're hearing more about these days, yet if you ask any number of people what they understand from it, you might receive a fair number of explanations. Hence, what follows is a simple definition which will help in gaining a clearer understanding of this often, misunderstood term.

I've based this concise description on 'the' framework for IT Governance, namely COBIT [1]. COBIT (Control Objectives for Information and related Technology), currently in version 4.1, it is the principal IT Governance framework available today and, can be used to implement IT Governance effectively.

"IT Governance is the responsibility of executives and the board-of-directors and, consists of the leadership, organisational structures and processes which ensure that the enterprise's IT sustains and extends the organisation's strategies and objectives."

It should be noted that:

• The drivers for IT Governance vary from regulatory compliance requirements (e.g. SOX), to the need for Corporate Management to access reliable information for effective decision making.
  
• One of the core reasons for IT Governance is to have a business-focus in order to facilitate alignment between the business and IT objectives.
  

COBIT stipulates five (5) IT Governance Focus Areas, these are:

1. Strategic Alignment: ensuring that IT is in-line with the business direction
   
2. Value Delivery: ensuring IT is providing value to the business, gaining the expected returns and focusing on what will deliver maximum value to the business
   
3. Risk Management: ensuring that risks are identified and managed appropriately
   
4. Resource Management: diligent management of resources, COBIT includes here applications, information, infrastructure and people
   
5. Performance Measurement: COBIT uses a number of techniques to ensure that IT performance is measured not only from an IT perspective, but also from the business perspective

These are shown graphically below [2]:

Hence, IT Governance avails tools (such as COBIT, ITIL, Balanced Scorecards) and techniques (such as formal structures, reporting, audits) to ensure that:

• IT is aligned with the business
• IT is more responsive to business needs
• Resources are utilised effectively
• IT Risks are identified and managed in the correct manner
• There is an improved relationship between IT and related stakeholders

Regards,

Musab Qureshi

References:

[1] http://www.isaca.org/cobit

[2] Image source: http://www.itsmf.org.sg/newsletter/0705/newsletter.html

The IT Management Blog 2009 Calendar - free download

Hello,

You're welcome to download the exclusive IT Management Blog 2009 calendar from the following link:

http://www.slideshare.net/secret/poJyMlBBjw59Po

As a guest you can view the presentation using the arrow controls or by clicking the 'full' link to view it across the screen.

It is advised to download the original PowerPoint file by clicking the 'Download file' option (requires registration).

The seasons theme along with quotations from various protagonists from the corporate world enhance the presentation of the calendar.

Regards,

Musab Qureshi

What is PRINCE2?

Hello,

PRINCE2 (Projects In Controlled Environments) provides a common, structured method for effective project management, it is the de facto UK government standard, is widely recognised and used within the UK and abroad. PRINCE2 embodies proven, good practice in project management and can be applied to any project of any scale, encompassing the organisation, management and control of projects.

Project failure rates according to a number of research reports are not very optimistic, e.g. seven out of ten UK government projects failing despite a £14 billion annual IT spend [1]. The reasons for failure vary, from inadequate planning, insufficient definition of the business case or required outcomes to lack of quality control causing delivery of products which are unacceptable or unusable.

Hence it is a vital to adopt a standard project management method to provide a common term of reference for all stakeholders to be aware of their mutual responsibility, accountability, authority, what's expected from them, why the project was started in the first place, what the end product will be, what work will be carried out to achieve that and the responsibility of each party in contributing to that product.

PRINCE2 defines a 'project' as a management environment that is created for the purpose of delivering one or more business products according to a specified Business Case. Hence a project has:

• a defined start and end date
• defined and measurable business products
• a corresponding set of activities to achieve those business products
• a defined amount of resources
• an organisation structure with defined responsibilities to manage the project
  

PRINCE2 is scalable, customisable, repeatable, teachable, built on experience, it helps clarify roles and responsibilities, it proactively provides early warnings of potential problems.

PRINCE2 defines 8 Components, 8 Processes and 3 Techniques as explained below.

Figure 1: PRINCE2 Components and Processes:


© Crown Copyright 2005

Hence the 8 Components defined by PRINCE2 are the:

1. Business Case
2. Organisation structure
3. Project Plans
4. Controls
5. Management of Risk
6. Quality in a Project Environment
7. Configuration Management, and
8. Change Control.

The 8 Processes are:

1. Starting up a Project (SU)
2. Initiating a Project (IP)
3. Directing a Project (DP)
4. Controlling a Stage (CS)
5. Managing Product Delivery (MP)
6. Managing Stage Boundaries (SB)
7. Planning (PL)
8. Closing a Project (CP)

Although PRINCE2 is not prescriptive by nature, guidance is provided in 3 areas, these are called Techniques:

1. Product Based Planning
2. Change Control
3. Quality Review

Some of the unique characteristics of PRINCE2 are:

- Pivotal nature of Business Case
The Business Case answers the why? or the viability of the project; it is created at the start and then updated and checked against at key points throughout the project. The Business Case embodies the rationale and the business justification for the project.

- Management by Exception
Resources are assigned work and given flexibility to complete the tasks. Disruption is decreased thru minimal meetings, the Project Board and stakeholders are kept informed via agreed regular, brief Reports.

- Adaptability
PRINCE2 can be tailored to any project, and complements or even enhances other project management frameworks such as the PMBOK (Project Management Body of Knowledge); specific examples where PRINCE2 helps bridge the gap with PMBOK include the below:

• The PMBOK contains no specific pre-project process equivalent to PRINCE2's 'Starting Up a Project (SU)' process, the SU process is extremely valuable in providing guidance in who or what should be in place before project start.
• The PMBOK offers Project Plans, however PRINCE2 recognising the challenge of accurate detailed planning at an early stage (especially for long or complex projects), divides plans into the Project, Stage and Team plans - this facilitates easier and more accurate planning.
• The PMBOK offers high-level advice on Product-based planning; PRINCE2 provides more detailed guidance on defining Product Descriptions, Product Breakdown Structures and Product Flow Diagrams - thus facilitating clearer communication of specialist products (those geared towards the customer and what they expect from the project) with stakeholders.

Conversely the PMBOK complements PRINCE2 in certain areas (as it is more detailed and prescriptive in nature).

In brief, PRINCE2 provides a methodical and proven approach to project management, this can be applied in selected areas or across the entire project. It can be used to complement existing processes & if followed correctly will help manage risks and ensure greater chances of project success.


[Note: The author, Musab Qureshi is a certified PRINCE2 Practitioner]

References:
[1] http://news.zdnet.co.uk/itmanagement/0,1000000308,39287110,00.htm

What is Enterprise Architecture?

Hello,

Due to the confusion which the term 'Enterprise Architecture' seems to reflect, attempting to articulate a precise definition could be challenging. Here my effort will be to gain some clarity at a simplistic level.

In essence, the scope of Enterprise Architecture can be gathered thru the acronym 'BAIT' as follows:

1. Business Architecture (business processes, perspective, plans, drivers etc)
2. Applications Architecture (applications development and management standards)
3. Information Architecture (structure, assets, relationships)
4. Technology Architecture (IT infrastructure standards including hardware, software etc)
   

The distinction therefore, between Enterprise Architecture (EA) and IT Architecture is that EA includes all 4 elements above. The focus of IT architecture however, is restricted to the applications, information and technology areas (excluding the business architecture).

EA hence documents the relationship between these 4 layers & with the external environment (e.g. customers, stakeholders, regulatory compliance requirements etc).

Enterprise Architecture provides a model in order to:

1. Capture the current state architecture
2. Capture the desired future state architecture
3. Develop an actionable roadmap to make the transition to the desired state architecture (achieved thru a governance process)

Enterprise Architecture defines Principles which are high level statements defining how IT will be used to support and be aligned with the business.

In brief, Enterprise Architecture provides a top-down approach, starting with the organisation's Business Strategy, then studying the IT Strategy. Models such as TOGAF [1] or Zachman [2] are used to capture the architecture.

To gain tangible benefit, a roadmap of initiatives/projects is developed to progress the organisation from the current state to desired state. Once executed, the result will be an organisation more effectively managed, better aligned and more agile.

This could be a somewhat simplified description considering the wide-reach of Enterprise Architecture and its interfaces across the business (e.g. with IT Investment planning, Project Management etc), however it suffices as a simple description allowing the reader to gain clarity on understanding one of IT's most challenges areas.

Enterprise architecture helps to close the gap between IT and the business at all levels. It takes a 360 degree view by gaining an intimate understanding of the business and how technology supports existing and future requirements.

References:
[1] http://www.opengroup.org/togaf/
[2] http://www.zifa.com/framework.html

Does your organisation have an IT Strategy Officer?

Hello,

Organisations have historically had CEOs, CFOs, CIOs, COOs and so on, each of these roles fulfilling a distinct area of responsibility.

The increasing trend of the Chief Strategy Officer (CSO) role however, indicates the growing importance and challenge of executing successful strategies in today's complex, and rapidly changing technical and business environments.

The McKinsey article 'How chief strategy officers think about their role: A roundtable' by Renée Dye [1] raises some beneficial observations from the inside.

It would not be surprising to observe further predominance of, for want of a better title, the IT Strategy Officer (ITSO). This function would be responsible for supporting the CIO for the IT-strategy related arena, just as the CSO supports the CEO for the corporate planning arena.

Reference:
[1] http://www.mckinseyquarterly.com/How_chief_strategy_officers_think_about_their_role_A_roundtable_2143

Myths of the CMDB...

Hello,

All the more for organisations starting out with implementing ITIL, there can understandably be some level of confusion surrounding the CMDB (Configuration Management Database) due to it's seemingly mysterious pervasiveness in supporting ITIL processes and functions.

The 'Myths of the CMDB' article by Michele Hudnall addresses some of the more common misconceptions encountered [1] along with some valuable insight.

ITIL v3 it must be said, has made endevours to extend the CMDB from what was considered ultimately a 'database' modelling the IT infrastructure, holding details of Configuration Items (CIs) thru their lifecycle, into a powerful resource more business aligned and focused. [2]

The transition to a CMS in brief encompasses the following updates:

• The CMDB was understood by many to be a single database incorporating all information possible on your IT infrastructure along with their inter-relationships; the CMS provides clearer guidance by introducing 4 layers each with it's own perspective or view of the IT infrastructure. This makes for easier comprehension and implementation.
• The CMS scope is wider than being an information repository; it includes the database part along with a tool & will provide a federated view linking all CMDB information.
• The CMS information extends to include details on customers, users, business units etc.
• The CMS concept recognises the need in some organisations for multiple physical CMDBs, but ensures the top layer (the Presentation Layer) provides a unified view showing respective layers of complexity as one drills down.
• The CMS is referred to and used by all of the IT Service Management processes

In summary, the CMS builds upon CMDB principles to reduce the scope for confusion thru a more structured and prescriptive approach to modelling and managing your IT infrastructure.

Reference(s):
[1] http://datacenterjournal.com/index.php?option=com_content&task=view&id=1477&Itemid=40
[2] http://community.ca.com/blogs/itil/archive/2007/10/26/promoting-the-cmdb-to-cms.aspx

Indices help comprehend IT adoption capability...

Hello,

A trusted source of information for measuring a country's ability to adopt and effectively benefit from their IT investment is the EIU (Economist Intelligence Unit) annual e-readiness ranking.

Written in conjunction with the IBM Institute for Business Value, it's input is taken from a number of sources including Pyramid Research, the World Bank and World Information Technology and Services Alliance (WITSA).

The report evaluation and ranking methdology has been updated for 2007 reflecting gobal changes such as increased penetration of affordable internet, the maturity of respective e-Government efforts and consumer utilisation of technology.

The report highlights a number of key findings which can provide a beneficial perspective on business opportunities and risks.

References:
[1] http://www.eiu.com/site_info.asp?info_name=eiu_2007_e_readiness_rankings&rf=0
Also at: http://www.ibm.com/ibm/ideasfromibm/us/ereadiness/071607/index.shtml

How can we do more to encourage young people to pursue careers in science and technology?

Hello,

There has been much talk about an increasing IT skills shortage which unless if addressed, could have serious impact on the industry overall. Considering the UK for example, the CBI has predicted we'll need 730, 000 more graduates to meet the expected demand. [1]

Relevant somewhat to the same theme, Bill Gates asked the following question on his blog:

'How can we do more to encourage young people to pursue careers in science and technology?'

Over 3, 500 people have replied to date! A number of the replies make interesting reading and highlight the Internet's capability to support knowledge sharing in today's connected economy [2]

References:
[1] http://www.itweek.co.uk/2214524
[2] http://www.linkedin.com/answers/technology/information-technology/computers-software/TCH_ITS_CMP/179866-21879399

What goes into an 'IT Strategic Plan' (high-level)?

Hello,

If you're starting out with developing an IT Strategic Plan & are looking for simple guidance to get started, I would recommend the following to get things moving:

'Anatomy of an IT Strategic Plan' by Stephanie Overby; this is available from the following link:

http://www.cio.com/article/174253/Anatomy_of_an_IT_Strategic_Plan

Regards,

Musab Qureshi

ITIL v3 adoption slow, but picking up...

Hello,

• ITIL v3 adoption it seems, isn't a top priority for IT shops in 2008; two-thirds of UK IT Managers aren't prepared for the challenge [1]


• According to the IDC, majority of companies aren't rushing to implement ITIL v3 [2]

ITIL v3 can definately give you the edge so it's worth getting acquainted with it, but for deep-diving with the implementation, it's worth seeing how people are faring with their implementations & then to benefit from their experiences.

References:

[1] http://www.computerworlduk.com/management/it-business/it-department/news/index.cfm?newsid=6150

[2] http://www.computerworlduk.com/management/it-business/it-organisation/news/index.cfm?newsid=6594

IT Service Catalogue Guidelines...

Hello,

Back in 2005, I published simple yet effective guidelines for developing your own IT Service Catalogue from scratch. These were hosted for over a year on the EMA community portal (SLMINFO.com) before it's retirement.

Due to a great number of people requesting this, I've re-uploaded the document; you can get it from the following link; click here.

An alternative link is:

http://ia600703.us.archive.org/35/items/ItServiceCatalogueToolkit/IT_Service_Catalogue_Guidelines.pdf

Please do send me your feedback (mailto:musabqureshi4@yahoo.co.uk) on this document & your experiences in developing service catalogues.

The IT Management Blog - Welcome!

Hello,

Welcome to the IT Management Blog!

Here you'll find a somewhat random collection of interesting posts from the intriguing world of IT Management.

My domains of expertise are IT Strategy and IT Service Management; do check back for beneficial information & links to assist with your IT Management efforts.

Your comments & feedback are always welcome, my email is: musabqureshi4@yahoo.co.uk

Musab Q.