Media Mentions

Quotations in the media (online, print, or television).

Getting IT Right!

by

This is an article that was written for the February issue of the Queensland Business Review.  It is partly promoting an upcoming ‘Getting IT Right!’ seminar to be held at BDO Kendalls on 21 February 2007.  More information is available on the BDO website www.bdo.com.au.

Introduction

Stories of failing information technology (IT) projects, IT teams that just ‘don’t understand’, lost spreadsheets that contain critical business data, and critical applications that seem to crash for no apparent reason are all too common scenarios. Information technology promises a great deal to all businesses, but often fails to live up to expectations.

These problems cause frustration for all concerned. Unfortunately ‘getting IT right’ cannot be achieved with a simple wave of a magic wand. The current skills shortage shows no signs of abating, and it is important for a business to use its staff effectively. Good business support from information technology is one of the keys to unlocking this effectiveness. Four essential business tactics exist that can assist:

  1. Understand the business strategy
  2. Have the right people
  3. Use standard processes
  4. Use the right technology

These tactics will have a positive impact on the success of your business in the context of the support received from information technology.

Understand the business strategy

An understanding of the business strategy, and the involvement of business in IT decisions, is necessary to avoid an IT team working on the unnecessary projects.

This common problem usually stems from a lack of understanding of the goals and vision of the business when it is tempting to implement technologies that seem to be the correct decisions at the time. Sometimes these decisions are right; frequently, they are not.

A business’s main strategy can be focussed upon product innovation, customer relationships, or operating excellence. Identifying the predominant strategy removes trivial distractions for the IT team. There is little point to significant investment in a customer relationship system where the main focus of the business is upon delivering the best products at the best price. Conversely, for a business focussed upon customer relationships, the priority will be to deliver and operate a customer relationship system.

The business strategy must be clearly communicated to the IT team. A written statement of the business IT strategy is useful (vision, mission, and objectives, together with supporting initiatives and milestones. Even more useful is a cultural emphasis on the importance of the role of IT in achieving the
business vision. Such a cultural emphasis can be achieved through concrete actions (e.g. declining projects that do not support the business strategy) and regular adherence to and acknowledgement of the IT strategic plan.

Aligning information technology to the business strategy will reduce distractions that arise through not having a clear direction of the role and purpose of IT in supporting business goals.

Have the right people

A common problem facing IT teams is that the staffing ratio is all wrong. The wrong staff are doing the wrong jobs for the wrong reasons. For example, a business that employs four network administrators and only one help desk person will likely have a network that works very well at a technical level. Unfortunately, there will be many frustrated end users not receiving the desktop support they require. The result can be business chaos.

IT roles that do not directly support the business strategy should be considered for removal or outsourcing. IT teams regularly have ‘legacy’ roles from the past that are no longer needed or appropriate. A regular review of the roles in the IT area and their alignment to business strategy is a potentially valuable approach.

In addition, end users need the training and skills to use the technology that is provided. Frequently no training is received by IT teams, or end users in the software on their computers, and – especially in the case of upgrades – continue to use the software as it has always been used, without using new features. Adopting a formalised and documented approach to training can be beneficial, but even recognition of the need for training through ad hoc opportunities will bring benefits to the business.

Use standard processes

Often IT teams have only one person who can resolve a problem. Or worse, each team member will resolve the problem in their own way. When the staff member leaves, no-one else can fix the piece of equipment. The end result is chaos and delays for the valuable staff member.

If the same task must be done more than once, the potential for developing a standard process exists. No IT team should be without good help desk software, and ensuring a discipline around managing problems and documenting resolutions will pay dividends. There are free help desk management tools available (e.g. open source solutions) and new social networking tools (e.g. ‘wikis’) for documenting and storing processes and procedures that are inexpensive, simple to use, and easily maintained.

Reviewing the use of help desk management software, and writing procedures for standard tasks (starting with the most common tasks) will repay the business handsomely.

Have the right technology

Technology that is simply wrong for the task at hand, or obsolete, costs businesses a great deal. Excel spreadsheets will frequently be used for tasks that really require a database. Or many technologies will be used where a single technology product would suffice. It is crucial that the right technologies are used for the task at hand. This does not mean that the ‘latest and greatest’ gadgets and gizmos should be adopted, but for a business that is reliant upon IT, it is necessary to have all technology covered by parts replacement warranties.

Technologies that are still supported by the original developers or manufacturers are fundamental to ensuring that the IT team is effective. Limiting the number of technologies to support will also help. Approaches to ensure that the right technologies are used include a statement of the preferred technologies to be used (e.g. identifying a single preferred database technology such as Oracle compared to SQL Server), maintaining warranties on all important business technology equipment, and limiting the use of customised and in-house developed software.

Conclusion

Effective information technology requires that the IT team be provided with the skills and equipment necessary to deliver upon the business strategy. Likewise, the business needs to provide strategic direction and input into decision-making for business information technology.

There are many more tactics that can be adopted by businesses to ensure that IT can deliver upon its promises. This article has highlighted those tactics that are common to most businesses and will have the most positive results. Nevertheless, there are many other tactics that can be adopted that are unique to individual businesses, and must be considered in light of the specific circumstances of the business.

Cyberinsurance, what’s that?

by

I recently (OK, apparently nearly two months ago!) had an interview with Darren Pauli of Computerworld on Cyber-insurance – insurance against ‘cyber attack’ such as denial-of-service attacks and and data loss. The article can be found here: http://www.computerworld.com.au/index.php/id;261018472;relcomp;1. and the pdf version can be found here.

My basic thesis that I tried to communicate to Darren – although I don’t know that I was all that successful – is that your window of opportunity for evil-doers is larger because virus-writers and ‘cyber-terrorists’ become aware, these days, of a vulnerability almost as soon (if not sooner) than the software vendor themselves. They therefore have more time to write software to attack the system before it is patched. This issue is compounded by issues of patch-issuers sticking to a ‘once-a-month’ patch regime that gives a window of a month for a vulnerability before it is patched (so if you launch your attack immediately after the patch was last released, you have better opportunity for success – er, business failure).

The problem with cyber insurance I think would be that the incentives are all wrong- if I buy insurance for my data, my incentive is to be a little more lax about my data protection (I’m the only one who can really impact it and make it work), and the insurer doesn’t want to take on this risk – so therefore they want their clients to implement security standards and approaches (and audit this) so that the insurer knows that a certain minimum standard is being met.

And, that’s difficult (and expensive) to do – just ask anyone in the US about Sarbanes-Oxley compliance for their information systems.

IT Outsourcing and the CEO

by

When blogging it doesn’t rain but it pours – I almost made it to the end of March without a blog entry (those ‘daily posts’ get hard to do when you’re swamped with other work – one can only have respect for ‘a-list’ bloggers that do manage to post something every day.

I was commissioned by CEO Online recently to write an article on IT Outsourcing from the perspective of the CEO, and the pros and cons of this approach, for publication in their Expert Talk section.
There is becoming quite a library of material there – I have published there before – and it seems good value for the $11 a month subscription.
As it was commissioned for CEO Online for their April newsletter, I won’t publish the article here but would instead direct you to CEO Online to have a look. I may be able to publish the whole article at a later date.

I will however reproduce the introductory paragraph here:

“Figuratively at least, CEOS are lying awake at night asking, “Is my IT infrastructure delivering what it needs to?  In essence, are we doing IT right?” The February 2006 CEO Online Survey identified an age-old and important issue that causes CEOs considerable angst:  ‘What is the best way to manage IT infrastructure?’

Unfortunately, there is no definitive answer apart from, “Well, it depends.” The goal of this article is to outline three alternative approaches to the delivery of Information Technology (IT) services and then to consider the pros and cons of each approach.

At the end of this article, you – as a CEO – will be better informed as to the likely benefits, traps and pitfalls of IT outsourcing.”

From:  IT Outsourcing – Selecting The ‘Best’ Infrastructure Model, April Newsletter CEO Online.

For what it’s worth, I think it’s a fairly meaty article (for once, a reasonable word limit was available due to web-publication) focussed on risk management, the fact that small to medium-sized businesses can often find internal IT a distraction and a problem management for an area that may not deliver competitive advantage (clearly that’s not the case for all companies), and an organisationally mature approach to outsourcing that unfortunately will not deliver immediate, large benefits but will deliver long-term benefits at a lower level of risk.

Any feedback on the article is of course always appreciated.