In the last two decades, we have seen the IS organization mature in its approach to software development. Now, a similar transformation is also happening in the IS organization itself, and in its use of standards to improve IS processes. Enterprises are achieving significant results by using IT standards.
Standards are “frameworks, guidelines and templates for improving the performance of IS processes and IT assets,” including COBIT, ITIL, ISO20000, CMMi, TMM, ISO17799 and Six Sigma. They offer a solid base of best practice and collected wisdom that CIOs can apply to their IS organization, first to stabilize IS process and then to drive forward with process improvement.
Pity then that standards are so hard to get value from, and so easy to turn into a mindlessly unhelpful bureaucracy.
In an ideal world, you would have one standard for IT management and improvement that covered all areas of IT governance, oversight and service delivery – and was suitable for all enterprises. We are not in that ideal world.
Rather than approaching standards in a reactive or piecemeal way, the best way to start, is to figure out what outcome is it that you are looking for and work out how standards can help you.
Typically, there are four big reasons why people look to standards.
First there’s efficiency. Enterprise efficiency goals suggest a rigorous, prescriptive focus on a quality improvement standard (e.g., ISO 9000, Six Sigma, Lean) to squeeze cost out of processes. In that context, IT service management standards (like ITIL) should be used tactically to make IT processes more efficient and create better transparency, which drives business efficiency.
Next there’s integrity. If integrity goals such as regulatory compliance or major partner reliability dominate, lead with a control-focused standard like CobiT, using quality improvement standards to drive continuous improvement, and IT service standards such as ITIL and ISO 20000 to address control issues.
Thirdly, there’s effectiveness. Where effectiveness is the major aim, such as driving organic top-line growth, use a service management standard targeted at boosting productivity, with quality improvement standards as the backdrop, ensuring that specific productivity gains do not compromise the overall business model.
Finally, there’s agility. Where the enterprise wants agility – perhaps to manage significant changes in the enterprise such as mergers and acquisitions – employ a general quality improvement standard as the overall agility assessment and improvement engine, driving simplicity and visibility into commodity processes to aid change and integration.
Standards are a journey
Once the rationale for a standard has been determined, the next challenge is implementing it. Implementing a standard so that it provides business benefit is really an exercise in organizational change management. The best way to implement standards is to start with a single lead standard – say ITIL or Six Sigma – and then add selected parts of other standards as needed. That way, change is easier because the purpose is clearer to everyone.
The ever-increasing audit requirements around standards, compliance and other issues mean standards will continue to evolve. So the need is to build a set of capabilities and practices that helps with standards implementation and process improvement that, in general, will pay off many times
Unlocking the value of standards
Business needs from IS include ever greater reliability of services, and support for transformational change. CIOs are increasingly turning to standards for help.
Although IT standards focus on process, ultimately the value comes from people – people understanding and adhering to standards. A standards implementation must be treated as a change initiative, which means changing IS staff’s behaviors. Doing so is the way to unlock value and prevent standards becoming an exercise in bureaucracy.
Before embarking on any significant standards activities, you should assess your process improvement capabilities, identify issues and address them. Then select and implement your standards judiciously.
Andrew Rowsell-Jones is vice president and research director for Gartner’s CIO Executive Programs.