ISACA & itSMF – enabling alignment
Discover what delegates learnt and what delegates took away as ‘actionable’ items to improve Business & IT Alignment!
ISACA and itSMF Belgium once again organized a joint event. Using a business simulation game to explore how frameworks and approaches such as COBIT 5.0, BRM and ITIL can be used to enable Business and IT alignment. At the end of the session delegates captured some key insights and concrete takeaways. More about these later.
Business & IT alignment is still a hot topic, scoring highly in global trend surveys, an article in Information week ‘CIO Worries: Security, Talent and (Sadly) Alignment’ reviewed trend findings from the Society for Information management . Number 3 in the list of CIO priorities was “Aligning” IT and the business!!! A more recent analysis ‘Key European IT Management Trends 2015’ placed ‘Business & IT Alignment’ at the number 1 position of ‘Most important IT Management concerns’. This report went on to add that ‘Governance/Relationship with the business’ represent a significant change that needs to occur. These articles placed the emphasis on the need for IT to change.
However, it isn’t all IT. A recent ISACA study (Benchmarking and Business value assessment of COBIT 5) reveals ‘More business involvement in the Governance of Enterprise IT (GEIT) is required’ and highlighted a low maturity score on benefits realization’.
The cartoon below sums up the situation. This is a top scoring card taken from our Attitude, behavior, Culture (ABC) global workshops with literally thousands of organizations. Business & IT need a marriage guidance counsellor to help them repair their relationship.
Who needs to take the initiative? How can IT convince the business to take its role in Governing IT seriously? How can Business and IT make effective decisions on governing IT? How can the Business ensure that IT becomes a value added partner?
In this interactive session we used the business simulation game ‘Grab@Pizza’ to explore these questions, showing how the role of BRM can facilitate the dialogue and help align Business & IT Governance, and align IT Governance and IT Service management. BRM (Business Relationship Management) is a fast growing capability and trend in IT. COBIT is an ideal instrument for the BRM function to facilitate the business & IT dialogue and enable effective decision making to realize benefits, optimize resources and risks. Helping to effectively tackle the persistent alignment problem. ITIL is a framework that can help ensure the ‘What’ and ‘Why’ decisions can be translated into the ‘How’.
Governance of Enterprise IT
“Firms with superior IT governance have at least 20% higher profits…than firms with poor governance given the same strategic objectives.”
Jurgen suggested a call for action based upon the ISACA research findings:
- More business involvement in GEIT required
- More board level GEIT required
- Need more focus on Agility
Christian Tijsmans representing itSMF Belgium explained the relationship between COBIT, BRM and ITIL and facilitated the simulation game together with Paul Wilkinson from GamingWorks and Eppo Luppes from KPN Consulting.
Grab@Pizza – A Business & Alignment simulation
Grab@Pizza is a very successful company selling millions of Pizza’s every year. But after 6 months in the current year, the sales figures are far below expectations. IT is posing a significant business risk due to downtime and the inability of IT to respond to changing business needs (Risk Optimization). The CEO urged the Business Manager to make a challenging recovery plan. This plan is based on a 6 month strategy to bring the sales and profit back on target (Benefit realization). Existing IT capabilities are poor, resources are tied up in ‘Keeping the lights on’ rather than supporting and enabling new innovations. The IT department must ensure the appropriate capabilities are in place to execute the strategic plan and sufficient, appropriate and effective resources are provided to ensure both benefits realization and risk mitigation( Resource optimization).
Two teams played the Grab@Pizza organization. Each team had 4 groups of observers who would act as COBIT assessors (and advisors). During the game round the observers would assess the teams’ capabilities and observe the impact on benefits realization. During the de-brief of the game the observers would give advice on how the team can improve their capabilities.
The observer groups focused on the following 4 areas, representing governance, strategic, tactical and operational aspects. These 4 areas were chosen because of time constraints and because we wanted the delegates to get a taste of the breadth and depth of COBIT:
|COBIT process area||Level||Primary value area|
|EDM01: Ensure governance framework setting and maintenance
|APO02: Manage Strategy
|BAI06: Manage Changes
|DSS02: Manage Service Requests and Incident
DSS03: Manage Problems
At the start of the simulation the IT organization created a ‘Huddle’ to discuss what IT needed to do without engaging with the business. The Business managers in the simulation threw demands ‘over the wall’ telling IT what they wanted and telling them to get on with it! Without agreeing on reporting needs, or checks or controls to manage the strategy realization. The business adopted an attitude of managing by HOPING. The IT organizations in bot simulation games made little investment into BRM capabilities and were unable to help harvest and shape the business demands, hereby creating a constraint at the demand shaping capability. (Causing delays and lost business opportunities).
There was a pile of changes at the change management desk, with little insight as to where they all came from and how they would contribute to benefits realization or risk reduction.
The business was not represented in a CAB (Change Advisory Board), in one team there was no CAB. The decision making seemed to be who shouts the loudest! In one team the IT director took the decision to maximize change ‘flow’ realizing 3 ‘Agile (in the game quick and dirty) changes which resulted in $20 million lost revenue and a massive workload on IT support who were unaware of these upstream decisions. Change management represented a second constraint to flow in the organization. Changes piled up and because of ineffective ‘resource optimization’ value leakage occurred. The wrong changes were planned (causing additional downtime, lost revenue and delayed business opportunities).
A third constraint to the flow of work and value creation occurred at IT support. The business knew the impact of outages and disruptions in terms of lost revenue but did not share this with IT, nor did they request an IT strategy for reducing business disruptions, or ask for service level reports to demonstrate this. IT support was not aware of the changes in the pipeline (new business functionality), nor which changes were executed. They had insufficient resources and inappropriate skills. They could not handle the amount of work, nor prioritize the Work in Progress in relation the business value. In one team $5 Million was lost due to downtime, in the second team $6.5 million. Representing significant ‘value leakage’.
A critical capability for managing risks and reducing the ‘flow’ of work to the Incident team is Problem management. Neither team invested in developing the capabilities to identify and reduce the causes of outages. And Problem management in one team was unable to make a ‘business case’ for getting changes onto the change calendar. Business changes went first! Yet there were significant risks and lost revenue because of downtime which could have been avoided.
The CEO was not happy. Value creation was NOT realized: Benefits were not realized and inappropriate controls were in place to protect against risks and minimize the impact of downtime.
Discoveries and take-aways
One of the key COBIT enablers is ‘People, skills and competences’ which was seen as a ’very important enabler’ in the ISACA benchmarking study. One of the goals of this session was to give people new insights and actionable information to take away and apply as new behavior.
We asked people for their personal take-away actions. What did you recognize from this experience as issues in YOUR organization? What have you discovered, or reconfirmed, that YOU will now take-away and do differently?
- Make sure information about business priority and impact is made available to operations, in a timely way to enable them to plan resources, prioritize effectively and manage impact (Value leakage).
- Ensure people know the ‘Why’, ‘What are they working for!’ – Everybody needs to be aware of ‘Value creation’, ‘Value leakage’ and how their work contributes to, or impacts this.
- I need to be harder in my decision making – balance facts, focus on value, be clear in decisions to avoid assumptions.
- Ensure we qualify risks better, linking to benefits realization, the impact to value
- To ‘Empower’ people to be able to make decisions. Empower with them with clear tasks, roles, responsibilities and enable them.
- Don’t be too nice, confront people on responsibilities, on agreements, on behavior (also this means reward and recognize desirable behavior and reinforce this).
- Ensure people have the right information – ‘What do you need to know to get your job done’ , ‘What do you need from me’
- Effective lines of communication throughout the end-to-end delivery chain – Priority, impact, decision making, escalation mechanisms must be known.
- Ensure a good communications plan, with the right channel to the different stakeholders,
- Ensure CEO and Directors understand IT better (and the need for Governance). BRM has an important role to play in bridging the communications gap between business and IT. IT must enable the CEO to make the right investment decisions
- Ensure an effective communications process and responsibilities. Too many times information isn’t passed on, people make ‘assumptions’ resulting in wrong decisions and wrong allocation of resources and priorities.
- Ensure a common language and effective communication (Content & Channel) – language focused around Value, benefits, resources, risks
- Our BRM has to be two way. Not just an Account management role to the business, it must also help translate Business needs into the operations and ensure a business understanding at all levels.
- Gain insight into risk-appetite, help quantify risks and impact.
- Gain more insight into costs, not just development costs but all downstream costs relating to capacity, support, changes to support an ROI proposal, IT finance can help IT roles learn to justify business case.
- We need to consciously address ‘who shouts loudest gets changes done’ – we need to ensure all changes have a business case and have business agreement and sign-off.
- Ensure we avoid making ‘Assumptions’ – verify understanding and justification.
- Design touchpoints with customer experiences (strategic, tactical and operational).
- Focus on more benefits and added value throughout the complete delivery chain.
“I really recognized how I need to change my decision making and risk taking. I need to be aware of making too many assumptions and the potential downstream impact’.
“Seeing the complete end-to-end chain together in one room really shows the importance of end-to-end consistent communication and information sharing to make effective decisions”.
“This really showed the need for end-to-end processes to ensure the correct and efficient flow of information upstream and downstream to avoid wastage (rework, double work, things being left too long).
My brief summary:
It was clear from the take away’s that the majority of learning points are ‘people’ and ‘relationship’ related. What surprised me in the Bench marking results was although ‘People, Skill and competences’. ‘Information’ and ‘Process’ were seen as ‘very important’ enablers ‘Culture,ethics & behavior’ was not. This is the topic of a related blog and a call to action to ISACA to prioritize tge guidance around this enabler.
Some of the key elements within the approaches that you could explore and use:
- COBIT 5.0 The goals cascade, showing how to agree and align strategic business & IT goals. The Core enablers, particularly ‘People, skills and competences’ and ‘Culture,ethics & behavior’.
- BRMI – the relationship maturity model, helping identify current maturity and mismatches between Business & IT and help create a roadmap to grow from ‘order-taker’ to ‘strategic partner’
ITIL – The ITIL practitioner ‘Guiding principles’ which help focus on ‘Value’ , Design for User experience’, ‘Observe directly’ to understand business impact and priority. ITIL practitioner also explores how ITIL can align with approaches such as DEVOPS, LEAN-IT and Agile. Helping take ITIL to te next level.