26 May Part 4 Project Performance – Get on the path to continuous improvement
Part 4) COBIT – Governance or anarchy – your choice!
So what does government have to do with continuous improvement? Oh sorry! I didn’t mean government — I meant governance! There’s a relationship between good government and good governance. You could say that government caused governance or, at least, the recent emphasis on IT governance. The considerable number of scandals in the stock market — Enron, Worldcom, Tyco — have reduced the public’s trust in business. In 2002, the government responded strongly to those events by introducing a new law, the Sarbanes Oxley Act (SOX). SOX put the responsibilities regarding governing organizations in place. The essence of the act is good corporate governance, and IT governance is an integral piece of it.
How important is it for you to be in control of IT? Control OBjectives for Information and related Technology, or COBIT, is a way to get IT under control; by ensuring information the organization needs for success is delivered by its computer systems. COBIT defines best practice in IT. At the broadest level, organizations can manage IT on an ad hoc basis and create their own frameworks, or they can adopt standards that have been developed and perfected through the combined experience of hundreds of organizations and people. By adopting COBIT as their standard IT governance framework, organizations can realize far-reaching benefits, not the least of which is SOX compliance.
An important element of COBIT is a maturity model. Maturity models are used to advance processes and provide a method of scoring so an organization can grade itself from having non-existent processes (level 0) to optimized processes (level 5). This approach has been derived from the Software Engineering Institute’s Capability Maturity Model (CMM). Studies have demonstrated that organizations with more mature processes perform at higher levels. They perform projects faster, cheaper and more predictably.
Against these levels, developed for each of COBIT’s 34 detailed IT control processes, management can map where the organization is today, where it stands in relation to the best in its industry, to international standards and to where the organization needs to be.
The COBIT maturity model provides a path an organization may take to attain performance excellence. Your journey along the path is taken in incremental steps by evolving your processes, the next one built on the last. Each maturity level has its defining characteristics.
In level 0 there is a lack of all recognizable process. In fact, the organization has not even recognized that there is an issue to be addressed.
Level 1 (“Ad Hoc”) shows evidence that the organization has recognized issues exist and need to be addressed. There are no standardized processes. Ad hoc approaches are applied on an individual or case-by-case basis.
Once level 2 (“Repeatable”) is reached, there’s an awareness of issues. Performance indicators are being developed. Basic measurements have been identified, as have assessment methods and techniques.
On level 3 (“Defined”), the need to act is understood and accepted. Procedures have been standardized, documented and implemented. Balanced scorecard ideas are being adopted by the organization.
“Managed,” level 4, sees full understanding of issues on all levels. Process excellence is built on a formal training curriculum. IT is fully aligned with the business strategy. Continuous improvement has started to be addressed.
Continuous improvement is the defining characteristic of level 5, “Optimized.” There is a forward-looking understanding of issues and solutions. Processes have been refined to a level of external best practice based on the results of continuous improvement and maturity modeling with other organizations.
COBIT objective PO10 defines control over managing projects. It satisfies the business requirements of setting priorities and delivering projects on time and within budget. PO10 is further divided into 13 detailed control objectives which consider many aspects of project management – from sponsorship to user involvement, budgeting, quality assurance and the transition from development to operations.
Will COBIT improve your project performance? While it’s not a comprehensive project management methodology, you need to be familiar with it. Does COBIT foster continuous improvement? It supports the relationship between performance excellence and process maturity. The IT Governance Institute (ITGI), which is affiliated with the Information Systems Audit and Control Association (ISACA), maintains COBIT. See the Links section on my Web site for contact information. IT governance will only become a larger part of your responsibilities as time goes on. Understand it, use it and avoid anarchy!
Part five of this series will focus on the Software Engineering Institute’s Capability Maturity Model (SEI CMM). It’s the ancestor of the maturity models that have an ultimate goal of continuous improvement.
Michael J. Weymier, PMP, is founder of PM Maturity and can be reached at firstname.lastname@example.org.
The opinions expressed herein or statements made in the above column are solely those of the author, & do not necessarily reflect the views of Wisconsin Technology Network, LLC. (WTN). WTN, LLC accepts no legal liability or responsibility for any claims made or opinions expressed herein.