Download presentation
Presentation is loading. Please wait.
Published byShane Blanch Modified over 9 years ago
1
IT Governance Drivers of Process Maturity Discussant comments Joseph Braithwaite Friday, Oct 21, 2011
2
© Deloitte & Touche LLP and affiliated entities. Table of contents 1.Author’s Motivation or Justification 2.Theoretical Support 3.Analysis of results 4.Conclusion 5.Contribution to practice 6.Exposition 7.Contact IT Governance Drivers of Process Maturity1
3
© Deloitte & Touche LLP and affiliated entities. IT Governance Drivers of Process Maturity Author’s Motivation or Justification The author’s defend an opinion that there is a ‘Strong Association’ between the maturity of the IT Processes and the capability of those processes to function –On the surface this opinion is sound, as this is the same view that most generalist would have as the connection appears intuitive; but in practical terms the ability of a process to function as designed drives business value, not the level of maturity of that process. –This approach has outlined how the process maturity can influence how successful an IT organization can be in supporting the business but has missed looking at the business reasoning behind having less mature processes. IT Governance Drivers of Process Maturity2
4
© Deloitte & Touche LLP and affiliated entities. IT Governance Drivers of Process Maturity Theoretical support One half of the report is based on ‘Literature Reviews’ which has provided a lot of ‘Academic’ references and research materials. -The materials provided throughout this paper appear to be ‘academic’ with little to no ‘Industry’ research supported materials. Understanding the needs around research in the University setting I feel that there is a ‘Gap’ between the theory and the practical applicability of the results. -Industry research firms such as Gartner and Foresters would provide a level of ‘Industry’ perspective out side of the many industry journal perspectives provided. Many of the journals list publish academic papers, so they don’t truly provide a direct industry perspective. IT Governance Drivers of Process Maturity3
5
© Deloitte & Touche LLP and affiliated entities. IT Governance Drivers of Process Maturity Research methods The research method used had several significant flaws in the design, two are: –The 51 organizations used in the research we volunteers coming mostly from ISACA, which presents a bias with the group from the beginning (this was noted in the report) –Face-to-face interviews, although technically a good approach to gathering information results in information being presented as opinions and not facts. The ability to provide a quantitative analysis from this information needs to be considered. –Interviews introduce a bias as it’s human nature to reflect positively on the person being interviewed. This will almost always result in the values being inflated higher that reality. IT Governance Drivers of Process Maturity4
6
© Deloitte & Touche LLP and affiliated entities. IT Governance Drivers of Process Maturity Analysis of results The analysis used provided strong support and quantifiable evidence behind the opinion that mature processes provide for more IT capabilities…what does that really mean to me? –CobiT and ITIL are widely used throughout all industries when 40% of CIO’s ‘Thoroughly Follow’ at least one framework. How many follow portions of those same frameworks? From an industry perspective the complete implementation of a complete framework is seldom seen…so what is the impact of not following the processes 100%? –A view on the consistent application of specific CobiT and ITIL processes would provide more practical evidence to support the defined opinion (CM impact for instance) –The resulting analysis and conclusions were difficult to filter through and in some cases contradicted the previous statements. IT Governance Drivers of Process Maturity5
7
© Deloitte & Touche LLP and affiliated entities. IT Governance Drivers of Process Maturity Analysis of results (continued) –There is evidence presented that supports a need for more interaction at the board level with IT (1/5 of boards had an IT strategy committee, ¼ had a risk or security committee and only 1/3 of the boards had an IT committee) but there was no clear connection provided between the maturity levels and the interactions at the board level –The most mature processes outlined (security and virus detection and prevention) are direct business facing processes and are supported only through IT. The configurations and requirements are wide and varied, with a strong compliance component related to them. These process should not be the bases for the decision that IT Capabilities are influenced by process maturities as their management might reside in IT, but the ownership could reside on the business side IT Governance Drivers of Process Maturity6
8
© Deloitte & Touche LLP and affiliated entities. IT Governance Drivers of Process Maturity Conclusion The conclusion that IT processes and their maturity levels provide a comprehensive IT Lifecycle view of IT organizations –This statement has several problems in it generality; the first being the determination that the IT Lifecycle and IT processes are mutually exclusive in nature when in reality they should coexist in harmony –The fact that some processes are intentionally left at a less mature state hasn’t been taken into consideration with regards to the functionality or capabilities of the IT organization. –The concept that the more mature your process is the more capable your IT department will be is sound, but what is the end result. Future research needs to look at the ability of IT to great and sustain value for the business –Enterprises exist to create value for their stakeholders, so the governance objective for any enterprise— commercial or not—is value creation - ISACA IT Governance Drivers of Process Maturity7
9
© Deloitte & Touche LLP and affiliated entities. IT Governance Drivers of Process Maturity Contribution to practice I’m not positive in what value this has provided to the larger industry outside of academia. In reality the evidence only shows that organizations are diverse in their adherence to higher levels of maturity The fact that there wasn’t a broader view of the business and IT interactions that support the governance processes means the research isn’t finished yet, and as such, the results and conclusions are inconclusive at best. Future research should either focus on the breadth and depth of IT Governance as a holistic approach or be narrowed to focus on the a few specific components within a CobiT process. Expand the research to a broader number of organizations and avoid a disproportionate number of ISACA volunteers. This will reduce the inherent bias. Also, focus on auditable audit results and not questionnaire based interviews as the evidence does not have a bias IT Governance Drivers of Process Maturity8
10
© Deloitte & Touche LLP and affiliated entities. IT Governance Drivers of Process Maturity Exposition The audience should understand the exposition, but the analytical data provided should be addressed for the non PHD’s who will be using it… IT Governance Drivers of Process Maturity9
11
© Deloitte & Touche LLP and affiliated entities. IT Governance Drivers of Process Maturity Contact Joseph Braithwaite is a manager in with Deloitte in the Enterprise Risk Services Practice specializing in IT Risk and Governance Contact details JBraithwaite@deloitte.ca 416-775-4785 These views and opinions expressed herein are those of the discussant and do not necessarily represent the views and opinions of Deloitte LLP. IT Governance Drivers of Process Maturity10
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.