Calvin Powers works in the Security and Privacy department of the Tivoli Chief Technology Office. His focus areas are IT Compliance and IT Governance. His past projects include privacy management technologies, policy management, public key infrastructure, and network security.

Visible IT Has Moved

Howdy All,

I have moved the Visible IT blog to the new IBM blog infrastructure.

The web interfaces is at http://www-949.ibm.com/blogs/visible/

And the syndication feed is: http://www-949.ibm.com/blogs/roller-ui/rendering/feed/visible/entries/atom/

Please update your bookmarks and I look forward to discussing IT Governance topics with you over there.

The New Sweet Spot For IT Governance

At first glance, it's a no-brainer. The tag-line for key message number 6 is, "IT Related Problems Persist." Well, duh. Does anyone know of an IT shop that doesn't have problems? Anyone? But when you dig into the survey questions and results, some interesting facts appear.

The ITGI survey asked 750 CIO/CEO level people from around the world, from companies in all sorts of sectors, sizes, and geographies, and asked them about the types of IT problems they experienced. These were categorized and classified into the "Compound Problem Index." They presented the 2007 vs 2005 results.

The first thing that jumps out at me is that the number of respondents that claimed to have had "Serious IT Operational Incidents" or "security or privacy incidents" was relatively low, in fact almost at the bottom of the list. Less than half of some of the other issues in the Compound Problem Index. Likewise, very few respondents cited problems involving legal / regulatory compliance, although the numbers are up slightly in 2007 from 2005.

Two of the top four IT problems identified by the respondents were human resource related, either not having enough staff or having inadequately trained staff. Almost twice as many respondents identified these as problems areas above the other issues.

The other two items in the top three list of issues in the Compound Problem Index are "IT Service Delivery Problems" and "High cost of IT with low or uproven return on investment (ROI)". To me this is a wake up call for those of us who are interested in this space. Analysts have dubbed our market segment as "governance, risk, and compliance" (GRC), but these issues were rated far lower in importance than service delivery and return on investment. I happen the believe there is lots of value to be had from risk management frameworks and compliance alignment activities. But this survey does suggest that we need to be paying a lot more attention to the intersection of service management and governance than we have been in the past and we need to be paying a lot more attention to expressing ROI for IT projects that are historically very difficult to quantify.