How to align IT and business goals

Spurred by new compliance regulations, the rise of outsourcing options, flattened budgets and calls by senior management to ‘run IT more like a business’, CIOs are striving to impose formal processes on IT activities. This push for rigor has led many CIOs to begin organizing, managing and delivering IT in the form of well-defined, tightly-controlled services. This is largely uncharted territory for most companies, so it’s no surprise that IT organizations are looking for guidance and direction.

What approaches currently exist to help businesses address the issue?
There are a number of industry standards and best practices that can help IT become increasingly proficient and better aligned to business requirements. Among the most widely accepted are ITIL (the IT Infrastructure Library), COBIT (Control Objectives for Information and related Technology), Six Sigma, CMM (Capability Maturity Model) and ISO 17799 (security standards). These standards are not – as is often assumed – competing means to an end. Rather, they are complementary tools designed to optimize different disciplines within IT.

The real question here is not which standards or best practices to leverage, but when to leverage each and for what strategic purpose. If IT governance is your top priority, it would be wise to look at COBIT. If you are looking to develop an internal methodology to monitor process quality, Six Sigma will provide some valuable guidance. CMM can help improve source code control and software development and testing practices. ITIL can accelerate efforts to optimize IT processes such as change and configuration management. Ideally, your company will develop a long-term strategic roadmap consisting of a number of discrete projects, each supported by the most appropriate standards and best practices.

Whatever your approach to IT management, defining a strategic statement of purpose should be your first step. Before you can assess, engineer, implement, balance a scorecard, train or certify, you must define a statement of purpose that can guide your program and projects. Without a sound, agreed-upon purpose at the beginning of your project, you will not be able to assess the success of your IT management strategies and the program and projects to implement those strategies. Purpose is most commonly documented in the form of goals and objectives at the strategy level, and further developed into requirements for projects in a program. Requirements translate purpose into an actionable and measurable implementation reality. Purpose guides the scoping of projects and tasks, and sets budgets and timelines.

The key to defining an effective statement of purpose is that it be measurable and descriptive enough to resolve conflicts and questions arising around scope, priorities, time and expense.

Once you have a well-defined statement of purpose, you can begin to structure the details around your program, priorities and projects. Some organizations will need to begin by educating themselves on what is applicable in the area of standards and best practices. Organizations that have a solid understanding of applicable standards and are ready to launch a project will likely begin with a third-party or self-assessment (i.e. initial benchmark) against which they can measure results down the road. Still other companies may have formal metrics already in place and can launch immediately into defining a project roadmap and milestones.

Are there pitfalls that should be avoided?
What is often overlooked in the scramble to adopt standards and best practices is that for these approaches to provide the promised returns, they must be applied in a way that leverages specific strengths and minimizes specific weaknesses. Standards are, after all, standard. Companies that do not exercise discipline and restraint in applying ITIL to their specific business and operating environment will undoubtedly find themselves faced with yet another revolutionary approach that falls short of expectations.

And yet, it is worth mentioning here that the single biggest reason most IT projects fail has nothing at all to do with technology, but rather with a lack of participation and buy-in. Change is uncomfortable and must be lead from the top. End-users – e.g. lines of business, functional departments, customers, suppliers and partners – must provide a clear understanding of their requirements, priorities and constraints, and be actively involved in discussions of potential benefits and trade-offs.

What benefits will this provide long-term?
Industry standards and best practices provide a solid framework for defining and optimizing IT processes and addressing control requirements across the organization. While companies can – and should – prioritize and customize IT processes for their unique business and operating environment, standards such as ITIL, COBIT, Six Sigma, CMM and ISO can be significant accelerators, and establish a cost-effective basis for continuous improvement. As an added bonus, companies that follow well-designed IT processes will find that they can lower costs and improve productivity as a result of reducing self-inflicted IT wounds.