ITIL starting point

June 11, 2006

Do you know what ITIL is? If don’t you can try quick search on the net, or you better read this excellent article from IIA’s IT audit. A digest that will clarify some questions on the topic that all auditors should read, it’s also a good staring point for approaching this IT Framework.

Specially interesting the implementation strategies:

1. Designate an ITIL adoption project owner and develop an implementation team
2. Train employees
3. Establish a Service-level Agreement (SLA) process
4. Evaluate IT needs
5. Perform a gap analysis.

Although it is self-evident that all steps would be mandatory to be successful in the endeavors of implementing ITIL, I’d recommend focusing on the 2nd and 4th items. Without employee empowerment and sound business alignment all the efforts in ITIL implementations would be lost of time and money.

Does IT matters?

May 20, 2006

Excellent interview with N. C. garr (the author of the famous essay IT doesn’t matter at HBR) at Agree or not with his ideas about the “IT’s world” it is an very instructive podcast because it address most of the hot topics:

  • Commodisation of IT
  • Comparative advantage & Innovation
  • The end of the corporate IT (almost as we knew it)
  • Web 2.0 and collaborative technologies
  • Open Source

After all, a decent analysis of the state-of-art of paradigm’s shift ( or maybe switch) we are witnessing.

SOA as public good

April 29, 2006

BroadcastService oriented architecture (SOA) as other technologies and methodologies, is a good idea. The concept of design isolate services (modules, objects, …) interconnected is old. Software developers, analysts and researchers have promised this interoperability since software engineering became a structured discipline. Thus, the deployment of these logic pieces (business logic) should, theoretically, improve the overall IT’s performance through a unique service catalogue, better software control and maintenance, robuster interfaces, reusability and more scalable environments. That’s is better software, better response to business needs, lower costs and flexibility. For everyone that has been involved in a software development project it would be self-evident. But what’s happening with SOA? It’s another hype? . Christopher Koch from CIO magazine has asked the same thing in a recent post.

Following Koch’s arguments it’s clear that the real challenges aren’t technological or theoretical. The problem is the organization itself!.

Jeff Gleason, director of IT strategies for TransAmerica Life Insurance Company rolls his eyes. "I’ve heard this a hundred times, where a business sponsor said, 'Well, if you’re going to make me pay for creating this service the first time, you just blew away the cost benefit of my project, and it’s not going to get sponsored. And so I want you to go ahead and hard code it because I need that functionality.'”

Of course, why a decent manager must scarify a part (or all) of his ROI in order to provider a service to other business units and IT people? . This is a special example of public goods, considering the organization as the public (this isn’t unrealistic especially in huge corporations). Economists define it in different ways but the point is, that something is a public good if consumer don’t need to pay for its consumption so the producer can’t control who gets the good. A typical real-life example is Radio broadcasting, it is impossible to radio channels to control who listen the station and make them pay for it. Therefore, public goods are commonly underproduced. Is a matter of incentives and, consequently, it must be addressed as it is.

That means that all public goods are underproduced? Of course not, there are options. Internet and radio broadcaster have found a solution. They sell a valuable product with negative return (Contents) in a bundle with a negative value but positive return (Advertisement). The net benefit is a surplus for the producer (and for the consumer). Other option is to make the good private (or clubbed) using tech to make pay the customer (Cable TV, Subscription,…) or let the government (in this case the corporation bureaucracy) to provide those goods. The best solution for this particular case, is the so called Coasenian solution (Ronald Coase): The potential beneficiaries of the each SOA service could gather funds (or transfer cost) in order to produce the service.

As we saw, there isn’t an unique solution. Each organization has its own characterics and management style, cost profile and strategies. The Coasenian solution to produce SOA in high centralized and hierarchical organization could simply don’t work. And maybe the philosophy embedded in SOA doesn’t fit to them. They should better change their organization model before adopting these technologies, or simply use other models.

StrategIT Tip: SOA as other technologies are great ideas from engineers; but organizations a much more complex environments. Structural and strategic (as SOA) projects should take in account those issues as an integral part of the project.

X for Tax

March 26, 2006

SOXLast week I was invited to a IT Audit conference in Sao Paulo to give an speech on risk assessment methodologies applied to IT. There I’ve the opportunity to speak with many professionals from Internal audit, public accountant firms and consultant services. Their most common concern was the compliance with SOX Act (Non U.S. companies and subsidiaries listed SEC regulated stock markets must comply this year) and the associated costs (not only money but also knowledge and human capital) they are incurring. As two years ago in the US the Audit and risk consultancy markets are heating and overwhelmed, all want to be ready for internal control attestation derived from the law. There are no way out , they must make it!

 The last year I was involved in a SOX project and I must admit it, it was difficult to deal with some unclear and bureaucratic requisites of the Act. SOX implementation processes have many positive consequences(from IT’s point of view) but, of course, it is not perfect and satisfactory for all possible cases. Are the positive consequences of SOX more valuable than the negative? The answer is not straightforward in many aspects, and we haven’t sufficient historical data to measure the effects, and if we’d have it , it wouldn’t simple to do. The pertinent question is: What really this bill means?

Let suppose that I and some partners have a property in Hawaii, because we have not enough time to use it we decide to rent it. Taking care of the renting details (like dealing with tenants, maintenance, security…) requires time as well, so we decide to contract an administrator to manage the whole thing. The administrator contracts several services including a surveillance to ensure our(and tenants’s) assets are properly safe. Two year latter we visit the property and we discover that we were wrong. The property is devastated, the administrator in collusion with security services have bee stealing assets, the good tenants we have gone. The value we thought we’ve got, blew. Fraud was taking place. The case arises in the local media, the city major is concerned because the housing system of the city is based on properties like ours, and try to respond by creating a new local regulation to increase security (for example – buildings must have a 24h surveillance cameras, security teams, locks,…) free for the tenants. So we (and all other owners) must spend more money in security services to comply with the new regulations.

Economists who have researched this regulations conclude that the effect of them is the same as a tax. In this case, a tax, that transfers resources from property owners to security providers and tenants. The irony in this history is that the regulation set a premium for security firms who were involved in the fraud.

Enron and similar financial scandals are used to justify the issue of SOX Act by US Congress in order to protect stakeholders (an important part are owners). Like in the history above SOX is a tax imposed to owners and customers. Whether the tax is desirable or not is another question but the bottom-line is that we should be aware of the existence of it. Therefore, IT managers should consider the SOX tax as an additional cost when performing projects plans or estimating ROI drivers. Thus, avoiding or underestimating this cost could transform a profitable project into a unprofitable one. Actually the problem, is greater, Why the government (who ignores the real organization’s risks and strategy) has transform a profitable project into a unprofitable one?. But that’s is another history….

Talk with your CEO

March 4, 2006

talking Sometimes CIOs and IT managers get frustrated trying to communicate with clients ,business managers and process owners. They are supposed to have answers and proposals for a wide range of issues within the organization . But ,as the matter of fact, our world is not perfect and they don’t! On the other hand, business managers do not always understand the challenges and complexity of IT projects and environments. This make both feel unpleasant and insecure poisoning the relationship or partnership between these two “worlds”. I’ve seen more than once IT colleagues trying to explain projects, budgets or other IT stuff to puzzled mangers, or IT personnel feeling uneasy because the didn’t catch what businessmen wanted.

There’s not a unique way to address this problems. But there are things that Business and IT people should aware:

  • Language sharing: Some may say that executives speak only money language. That’s not true. Money it’s only a measure, like others. A CFO could understand a IT portfolio but a lawyer maybe needs other means.
  • Risk alignment: Do not show tech/project risks alone try to link them to well-understood business risk. If possible to business objectives and they associated metrics.
  • Think at the margin: Utility is a marginal concept. Exchanges happen in marginal terms.
  • Set good metrics: How we measure results is complex matter, but how we interpret the metrics is even messier. We should expend more time in defining and clarifying what for the metrics stand and what does it mean. This is specially important when some divergences arise.
  • Win-Win: Good deals make always both parts better off. If anyone thinks that he is wore off it couldn’t be called a deal.

All above are only a bunch of different ways to say “Talk with them”. They are humans, they have specific incentives (as you have). If we discover how improve communications that will, maybe , not resolve all our disagreements but at lest we have better tools to manage them.

StrategIT Tip: Soft skills are commonly forgotten, communication is very heart of business processes. Improving it, will improve the overall organization performance. Do like with your wife/husband just try understand other’s needs.