clients

Service Management Frameworks

by

It’s interesting that when you do reviews of IT departments for clients that many attempt to reinvent the wheel, or service management framework if you will, despite the fact that said wheel has been in stable production for some time now and if the plans were bought off the shelf the result would be within expected bounds.  Although frameworks such as ITIL have their critics (particularly related to being bureacratic bloated bastardry at its best), at least they are a framework that works and deliver reliable results.

I would suggest that if an IT department doesn’t adopt a service management framework (ITIL or its competitors) then you’ll need to spend a lot of time developing a framework without the benefit of others’ experience – to the detriment of service delivery, firstly, and more than likely strategic focus in the medium term.

It is after all kind of difficult to establish a strategic vision if you’re busy doing work that other people have already done.

The View: It’s time to go home

by

The following article is reproduced from an article written by Micheal Axelsen and published in CPA Australia’s “InTheBlack” journal, December 2005.  The article is also published under my publications section (it’s an opinion piece, in case you can’t tell).

The View:  It’s time to go home

Home is where the blackberry is?I’m in a coffee shop in Melbourne the morning after Hurricane Katrina hits. In a rather surreal twist I can connect to the internet to chat in online forums with people that had just left the devastated areas, or were in the process of being devastated. Such events lead to cheerful considerations of whether information technology is a universally positive thing, like, say, the invention of low-fat chocolate, or something slightly more sinister. If you had found yourself in such a horrific situation, ask yourself this: “What is the one thing I need when my house is about to be blown away by a hurricane?”. For one person at least, it was to make a post to an online forum and then take his hard drive – with him to the storm shelter.

In walking to this coffee shop from the hotel, I saw three people cross the road while staring fixedly at their mobile phone and texting someone or browsing the internet. One woman was nearly run over and seemed to consider the situation to be a somewhat annoying break in the middle of her conversation.

As further evidence of technology’s strident dictatorship of our lives, I continue to receive emails on that most addictive of devices, the insidious Blackberry even though the office is 2000 km away.

I increasingly find that clients are rushing towards the sweetly seductive promises of technology: that a particular gadget will “make your business more competitive”, that it will “decrease your turnaround time”, and it will “make you productive on the road”.

The salesmen for these mobile torture instruments rarely discuss the side-effects: that you will acquire a nervous tic in your eye every time you hear a high-pitched beep, never be able to completely relax anywhere, or develop a low opinion of those who do not answer their emails within 12.5 seconds.

All that time we spend in the back of taxis, apparently, is what we need to use more productively to keep ourselves effective and on track as the successful advisers to business we CPAs are.

I happen to think that I was already using that downtime effectively, thanks very much. I need it to recharge my batteries to keep interested in the job at hand. As far as my clients are concerned, they deserve to know that I am on top of my game and worth what I am charging them. If I haven’t had time to properly look over their work, or have been constantly distracted by office disasters that someone else should be looking after, I haven’t met their expectations of me as a professional.

We are all human and if you want to achieve the best business results, you need to down tools and go home. Forty or fifty productive hours a week is much better than eighty hours wondering whether your “significant other” would understand if you were to stand them up tonight.

This Christmas, think about the technological tools used in your business. There are definite business benefits to these gadgets and mobile devices – but you need to be careful. If you’re thinking about that gadget in the shiny plastic wrapper, and how desperately you need it, ask yourself how you survived to your current age without it, and then ask how you will really use it. If the answer is “poorly” – then don’t buy it.

Your first rule this summer should be “No Christmas presents that need electricity!”. Buy yourself an abacus if you feel you need to keep in touch with numbers, or do a jigsaw puzzle with your family.

Emerging Issues in Information Systems Integration Risk

by

It is interesting to contemplate business risk and business benefit in today’s commercial world. If we think about how the world has changed over the past thirty years (I am of course referring to information systems – and am completely ignoring other somewhat less momentous issues such as the end of the cold war, the rise of Islamic extremism, and the invention of Viagra), there originally were computer mainframes that the well-heeled business could put in place to process transactions. The diagram below gives a flavour of the history here:


Mainframes were heavily customised – heck, at the beginning each one was a custom job. So they were heavily customised, had a long life to get anything like ROI out of them, and were expensive to maintain.

The rise of end-user computing – aka the rise of the PC – put computing in the hands of the masses, but those masses didn’t have too many options to customise their computers given that most programs were off-the-shelf unless you were a dab hand at Pascal.

Client-server architectures, and the rise of enterprise computing, lead to fairly extensive customisation of systems, but in hindsight they were not nearly as complex as modern systems and were less integrated (it was still considered novel to integrate information from two databases into a data warehouse).

Todays’ internet computing, though, is all about reliance upon the information systems and their inter-dependence. It is increasingly difficult to change one information system without affecting others – this is particularly the case for core information systems such as accounting information systems or human resource information systems.

This has all occurred at a time when business, due to competitive pressures and the impact of globalisation, is increasingly turning to automation and information tools to ‘produce the goods’. Increasing reliance on information systems, and increased customisation, results in increasing business risk:

So despite the maturity of the information industry (e.g. with the development of common approaches, architectures, and ubiquitous development tools), the forces of evil are being brought to bear due to the requirement to have ‘business on-demand’ (a resurgent long-term reliance upon the vendor, increased customisation of business processes and software, and the use of a wide range of software development tools to undertake these tasks).

These factors are leading to increased systems integration risk, and the only solution that seems to exist at this time is to promote the use of methodologies, standard enterprise tools, and, as always, to document, document, document your customisations. And of course, as I often say to clients, have a Bex and a good lie down before seriously thinking about customising an off-the-shelf system. Having high information systems risks due to a customisation of a system to achieve business benefits is somewhat disconcerting; to have a high level of information system risks for customisations that did not achieve their supposed benefits is a more disturbing outcome.

(PS – BDO Kendalls is running an Emerging Issues in Risk Management Seminar on 8 November 2005 – see you there).

Disaster Recovery Planning Made Simple

by

Disaster recovery and contingency planning have been highlighted in the past week as the biggest issue since sliced bread started getting mouldy, as Hurricane Katrina hit NOLA hard and fast. In its wake was left the startling realisation that even the richest country in the world can have infrastructure devastated and destroyed by the forces of nature. The cost of the disaster is $US100 billion and climbing, with a significant part of that the IT Infrastructure.

And the week prior to that was the Zotob worm, which shut down Holden’s processing plants for a day (estimated costs: $A6,000,000 and yes, I checked the zeros).

In the IT context, both these events show that there is an increasing reliance upon information technology, and clearly business continuity plans are going to be top of the charts again for a while for our clients. This also comes back to IS Strategy and Governance procedures for clients. The facts bear out the old adage that luck is the residue of good planning – good IS Strategies and Business Continuity planning will help business A survive and business B not.

Probably a future cause celebre fot IT Disaster Planning – although some would perhaps suggest that it has worked too well – has been www.directnic.com, which is an ISP operating in a New Orleans downtown skyscraper that has maintained its connection to the internet throughout the disaster. Its biggest problem now is that it is getting many hits from around the world because people are blogging about it (just as I am now) which is causing some stress on their connectivity.

They have also maintained a blog about the disaster throughout, as reported by The Register and located at /mgno.com.

Interestingly, at least partly because of this blog, the ongoing debate about the issues related to blogs and their journalistic integrity has now tended to swung in favour of the humble blogger who, as johnny-on-the-spot in a time like this, tends to report what they see rather than filter it through the eyes of a journalist – which is both its strength and its weakness, clearly.

Life Is Tough, but it’s Tougher when You’re Stupid

by

On Friday I attended (with John Halliday, our Director of IS Audit, and several clients) a presentation by Internet Security Systems on “State of Security: An X-Force Briefing”.

This was, to say the least, interesting, and it is fascinating to have a little chink of insight into the cloak-and-dagger side of information security. The presentation was somewhat American – if you are Australian you’ll know what I mean, if you’re American you’ll wonder what the fuss is about. Suffice to say, the presentation was a little militaristic and “X-Files”, but it works in getting the message across, and their deep and undying devotion for “moronic hackers” that are “dumb and stupid” is clear. The cloak-and-dagger effect is reinforced through their regular assessment of the internet’s security condition: as of this writing we are at “AlertCon 1”.

They are clearly doing some good work in the area of operation system vulnerability detection and prevention for their clients. You are rather left with the impression that the only good hacker is a hacker behind bars, but then if you are wanting someone on your side on issues relating to technical IT Security, I don’t think you could ask for a better ally.

Quote of the day, reflecting a rather hard-nosed view of the world and a message to users that they need to be proactive in managing their information:

“Life is tough, but it’s a whole lot tougher if you’re stupid”

Kind of says it all, really.