The Temporary Death of Processes

The need to meet regulatory requirements and the desire to implement sound business practices are pushing IT governance and controls to the forefront once again.
(Page 1 of 2)

Think back to the 1970s and early 1980s -- the era of "big iron" where mainframes and minis ruled.

Those systems cost a lot of money to purchase, load with applications and then maintain and operate. Management did not take purchases lightly and typically centralized the operation around a core group of people. Along with this centralization came the formation of best practices and sharing of them, both within the IT organization itself along with vendor-specific user groups.

Many processes that younger IT people view as key to IT today and perhaps even revolutionary are not new at all. For example, change management's lineage can be tracked back for quite some time.

What is particularly interesting in hindsight is that management took its eyes off processes when the PC revolution hit and decentralized everything.

Cost and Value

As mentioned earlier, computing was expensive before PCs. The low cost of PCs created an environment that rapidly decentralized computing in most organizations. If Bob in accounting needed a special pro forma balance sheet created, he didn't go to IT and laboriously spec it out, wait and then test the result weeks, if not months, later.

Instead, with the advent of the PC, Bob opened up Visicalc or Lotus 1-2-3 and created his own analysis based on his own knowledge. Whether he had errors or not was beside the point -- he had control and the "delusion of speed." In other words, even his needing to re-write the spreadsheet 20 times due to not thinking through the model was irrelevant because it sure seemed like things were getting done quickly and value was being created.

Control Environments

In many cases, this explosion of decentralized processing did lower costs and enhance value. It would be dishonest to say otherwise. However, what it did do was strip out layers of overhead that had been created to ensure that IT resources were used effectively and data integrity protected.

Change management, access controls and application test protocols went right out the window because, borrowing another's term, they weren't "sexy" enough for the end-users to bother with. All of those controls were viewed as needless overhead by the users and part of the evil "IT" empire to do away with, or certainly not to be bothered with.

The cumulative end result was an environment that pushed the adoption of technology and short-term need satisfaction over the creation and maintenance of a positive control environment that ensured the overall enterprise truly benefited from the systems put in place and that risks were appropriately managed.

Regulatory Compliance

It's funny how the business world often seems to swing like a pendulum. We'll have a negative event that triggers regulation and the pendulum swings one way; then, over time, as the event recedes in memory, the regulations -- or at least compliance with them -- loosen up. Next thing you know, another event happens and then the process begins again.

Right now, there are plenty of regulations impacting businesses and their IT organizations. The requirements range from having adequate security, proper controls, and so on. Bear in mind (and here's the rub), it is far easier to be compliant with a centralized IT organization that is following proven controls to begin with! The level of difficulty in achieving compliance for an organization that had organic (meaning "uncontrolled") IT system growth across multiple uncoordinated groups versus a mature IT organization that values controls is like night and day.

Page 1 of 2

1 2
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.