Thursday, April 27, 2006
More Thoughts on IT/Business Alignment
If I am to align with the business, how does aligning with the principles of ITIL, COBIT, CMM help or hinder? Of course those who are busy making a career for themselves by studying these principles will have a canned partyline that can provide rationalization as to their efforts but many of us may find all of them suspect. The one thing that I haven't heard though in all of the industry rags on this topic is the notion of stewardship.
Most people in IT work in one of two roles. Either they are involved in the day-to-day delivery of IT services (more than likely operations-oriented). Or they are involved in IT strategy to support the strategic intent and direction of the business.
IT falls down on a pretty consistent basis in the chasm between these two roles. Some observations that I have seen are the lack of a chief security architect whose role is to ensure that IT systems are built in a compliance-oriented way. We understand that business provides business requirements and that IT architects think about system qualities but the notion of compliance really isn't either but it matters.
For example, when IT executives forget about the notion of a chief security architect, they find technical fixes difficult and the management of them ever more difficult. Compliance is not a day-to-day operations problem nor is it about strategies the business wants to undertake. Many enterprises fail at addressing this because they fall outside our normal processes for justifying and managing IT work.
Enterprise decision making in this camp is primarily based on a leap of faith which can lead to the wrong decisions. Even more sinister is the widely held belief that knowledge transfer is the problem in that one can distill down compliance principles into a one-pager to solve problems such as these. Maybe us enterprisey folk can start talking about how humans learn and how we have consistently failed in aligning humans with process!
Governance won't work, CMM, ITIL, etc won't work but maybe strong technical leadership and stewardship will...