ITIL starting point

June 11, 2006

Do you know what ITIL is? If don’t you can try quick search on the net, or you better read this excellent article from IIA’s IT audit. A digest that will clarify some questions on the topic that all auditors should read, it’s also a good staring point for approaching this IT Framework.

Specially interesting the implementation strategies:

1. Designate an ITIL adoption project owner and develop an implementation team
2. Train employees
3. Establish a Service-level Agreement (SLA) process
4. Evaluate IT needs
5. Perform a gap analysis.

Although it is self-evident that all steps would be mandatory to be successful in the endeavors of implementing ITIL, I’d recommend focusing on the 2nd and 4th items. Without employee empowerment and sound business alignment all the efforts in ITIL implementations would be lost of time and money.


Does IT matters?

May 20, 2006

Excellent interview with N. C. garr (the author of the famous essay IT doesn’t matter at HBR) at enterpriseleadership.org. Agree or not with his ideas about the “IT’s world” it is an very instructive podcast because it address most of the hot topics:

  • Commodisation of IT
  • Comparative advantage & Innovation
  • The end of the corporate IT (almost as we knew it)
  • Web 2.0 and collaborative technologies
  • Open Source

After all, a decent analysis of the state-of-art of paradigm’s shift ( or maybe switch) we are witnessing.


SOA as public good

April 29, 2006

BroadcastService oriented architecture (SOA) as other technologies and methodologies, is a good idea. The concept of design isolate services (modules, objects, …) interconnected is old. Software developers, analysts and researchers have promised this interoperability since software engineering became a structured discipline. Thus, the deployment of these logic pieces (business logic) should, theoretically, improve the overall IT’s performance through a unique service catalogue, better software control and maintenance, robuster interfaces, reusability and more scalable environments. That’s is better software, better response to business needs, lower costs and flexibility. For everyone that has been involved in a software development project it would be self-evident. But what’s happening with SOA? It’s another hype? . Christopher Koch from CIO magazine has asked the same thing in a recent post.

Following Koch’s arguments it’s clear that the real challenges aren’t technological or theoretical. The problem is the organization itself!.

Jeff Gleason, director of IT strategies for TransAmerica Life Insurance Company rolls his eyes. "I’ve heard this a hundred times, where a business sponsor said, 'Well, if you’re going to make me pay for creating this service the first time, you just blew away the cost benefit of my project, and it’s not going to get sponsored. And so I want you to go ahead and hard code it because I need that functionality.'”

Of course, why a decent manager must scarify a part (or all) of his ROI in order to provider a service to other business units and IT people? . This is a special example of public goods, considering the organization as the public (this isn’t unrealistic especially in huge corporations). Economists define it in different ways but the point is, that something is a public good if consumer don’t need to pay for its consumption so the producer can’t control who gets the good. A typical real-life example is Radio broadcasting, it is impossible to radio channels to control who listen the station and make them pay for it. Therefore, public goods are commonly underproduced. Is a matter of incentives and, consequently, it must be addressed as it is.

That means that all public goods are underproduced? Of course not, there are options. Internet and radio broadcaster have found a solution. They sell a valuable product with negative return (Contents) in a bundle with a negative value but positive return (Advertisement). The net benefit is a surplus for the producer (and for the consumer). Other option is to make the good private (or clubbed) using tech to make pay the customer (Cable TV, Subscription,…) or let the government (in this case the corporation bureaucracy) to provide those goods. The best solution for this particular case, is the so called Coasenian solution (Ronald Coase): The potential beneficiaries of the each SOA service could gather funds (or transfer cost) in order to produce the service.

As we saw, there isn’t an unique solution. Each organization has its own characterics and management style, cost profile and strategies. The Coasenian solution to produce SOA in high centralized and hierarchical organization could simply don’t work. And maybe the philosophy embedded in SOA doesn’t fit to them. They should better change their organization model before adopting these technologies, or simply use other models.

StrategIT Tip: SOA as other technologies are great ideas from engineers; but organizations a much more complex environments. Structural and strategic (as SOA) projects should take in account those issues as an integral part of the project.


Hasta la vista…. Vista.

April 2, 2006

vistaIt was the industry’s news of the month, Microsoft announced a delay in the release of the new Windows Vista again. And two days later, we have a new man in charge, Steve Snofsky. One may think that these events aren’t related, but it’s hard to believe. The fact is that Microsoft is actually having problems with their brand new OS. Nevertheless, the pending question (Why?) remains unanswered although we’ve some leads. I’d bet that the main problem is related with complexity. Humans do have limits and although there are means to deal with them (such organization, budgeting, planning and project management) they aren’t magic solutions, they are only tools attached to some extend to the same limitations than the acting men using them.

From a economics perspective: It’s true that when a company grows certain scale economies arise, but carrying other diseconomies as well. On the first is greater than the second, it takes place an efficiency gain. I think in this case the Microsoft’s monster has got out of control of their inventors – Monsters have these customs. The should better be rid of this complexity and sacrifice something. Backward compatibility could be abandoned as Apple did with X OS, do not suport old hardware, simplify the product line are options. But they may be unaffordable for Microsoft, because the liabilities attached to their scale diseconomies.

X OS and Linux supporters should be happy they use the newest technology in their computers… for the moment.

Funny stuff: April fool’s jokes… but a joke shows always hidden side of the truth.

StrategIT Tip: Complexity is overlooked topic in many projects. So, try to keep it simply, some times we must give up something but we save the project. We all have limits, even Microsoft.


X for Tax

March 26, 2006

SOXLast week I was invited to a IT Audit conference in Sao Paulo to give an speech on risk assessment methodologies applied to IT. There I’ve the opportunity to speak with many professionals from Internal audit, public accountant firms and consultant services. Their most common concern was the compliance with SOX Act (Non U.S. companies and subsidiaries listed SEC regulated stock markets must comply this year) and the associated costs (not only money but also knowledge and human capital) they are incurring. As two years ago in the US the Audit and risk consultancy markets are heating and overwhelmed, all want to be ready for internal control attestation derived from the law. There are no way out , they must make it!

 The last year I was involved in a SOX project and I must admit it, it was difficult to deal with some unclear and bureaucratic requisites of the Act. SOX implementation processes have many positive consequences(from IT’s point of view) but, of course, it is not perfect and satisfactory for all possible cases. Are the positive consequences of SOX more valuable than the negative? The answer is not straightforward in many aspects, and we haven’t sufficient historical data to measure the effects, and if we’d have it , it wouldn’t simple to do. The pertinent question is: What really this bill means?

Let suppose that I and some partners have a property in Hawaii, because we have not enough time to use it we decide to rent it. Taking care of the renting details (like dealing with tenants, maintenance, security…) requires time as well, so we decide to contract an administrator to manage the whole thing. The administrator contracts several services including a surveillance to ensure our(and tenants’s) assets are properly safe. Two year latter we visit the property and we discover that we were wrong. The property is devastated, the administrator in collusion with security services have bee stealing assets, the good tenants we have gone. The value we thought we’ve got, blew. Fraud was taking place. The case arises in the local media, the city major is concerned because the housing system of the city is based on properties like ours, and try to respond by creating a new local regulation to increase security (for example – buildings must have a 24h surveillance cameras, security teams, locks,…) free for the tenants. So we (and all other owners) must spend more money in security services to comply with the new regulations.

Economists who have researched this regulations conclude that the effect of them is the same as a tax. In this case, a tax, that transfers resources from property owners to security providers and tenants. The irony in this history is that the regulation set a premium for security firms who were involved in the fraud.

Enron and similar financial scandals are used to justify the issue of SOX Act by US Congress in order to protect stakeholders (an important part are owners). Like in the history above SOX is a tax imposed to owners and customers. Whether the tax is desirable or not is another question but the bottom-line is that we should be aware of the existence of it. Therefore, IT managers should consider the SOX tax as an additional cost when performing projects plans or estimating ROI drivers. Thus, avoiding or underestimating this cost could transform a profitable project into a unprofitable one. Actually the problem, is greater, Why the government (who ignores the real organization’s risks and strategy) has transform a profitable project into a unprofitable one?. But that’s is another history….


SUN grid under DoS attack

March 25, 2006

Bad news for those who saw SUN’s Grid project as a first global step toward IT comodisation. It show the intrinsic vulnerabilities of Internet based services, furthermore, it shows how weak are infrastructures we depend of. But I’m optimistic with this kind of projects and solutions because the sound economic logic they are founded.

Will keep an eye on this new born service.


Usability and the hidden side of system design

March 21, 2006

DummyIT Systems are tools and tools are used by humans in order to do something. Therefore, tools are always means not objectives. We use a tool because it is more effective and efficient to use it than to use other tools or simply no tools at all (if possible). Rationally thinking, the more usable tools the better the results we get. But is it this so straightforward?. Generally , yes. Although it was a tool-focused analysis. What If we see the problem from the human (human action) point of view?. Humans are driven by incentives, and these incentives are balanced among multiple things such outcome of action, costs and motivation. What happens when tools are more usable? Does a new tool change the set of incentives?

I’ll try to explain it using an example:
Automobiles are tools used by millions to transport themselves. Conventional wisdom tell us that bigger and heavier cars or trucks (like large pick-ups or SUVs) are safer (that is they make better tools for ground transportation). Facts show that it’s false. There are multiple reasons but one of them is behavioural; SVUs drivers are (on average) more aggressive drivers. Thus, the confidence and apparent security of these vehicles make drivers less careful and risky. One of my favourite american economists (David Friedman) has suggested that if we really want to reduce the crashes on our roads and streets we should better attach a hand grenade wired to a collision detector. It’s sounds crazy but, of course, we don’t have empirical data to probe it. On the other hand, the NHTSA statistics shown that safety regulations on safety had not a dramatic impact on car accidents(Regardless the ratios has decreased over the time).

Are information systems different? My point is that they aren’t. So, in absence of regulations imposed by governments, a system designer should take in account not only the usability, ergonomics or friendly interfaces, but also in terms of incentives of target users. The objective of systems (within an organization) is to improve the overall productivity and effectiveness. A simple-to-use system/interface (a for dummies system) could be suitable from a technological point of view but it could make users less productive, careful (as we saw in the SVU example) or omit some relevant control topics. Actully because most users are not dummies, specially those more productive and trained.

StrategIT Tip: When planning, evaluating or designing a system think first in the people and incentives from target users. Tools are only means not ends.