In the 80s and 90s, most people that were implementing process improvement efforts were using the reengineering approach. It is also an approach that is still used by various consultants and vendors today. Basically, reengineering implies that a consultant or process owner engages a team in the following way:
1. Stating that their processes are neither optimized nor efficient.
2. Informing the team that standardized processes should be used instead.
3. Plugging the standardized process in to the team environment.
4. Leaving the team with the expectation that the standardized process would now be
followed with increased efficiency.
Process improvement efforts conducted in this way clearly showed that the reengineering approached failed. In fact, the plug and play process efforts only succeeded 50% of the time. These projects failed because they assumed that every organization had the same pain points and goals.
It was overly focused on standardization and one-size-fits-all solutions. As a result, processes failed to evolve flexibly as customers' needs became more differentiated and their expectations grew. Moreover, the last round of adopt only efforts failed to take sufficient account of the organizational and people factors that lead to true behavioral change. While processes were reshaped, accountability was not institutionalized. There was plenty of talk about process owners and cascading change, but decision rights, coordination mechanisms, governance structures, and other organizational elements were not explicitly addressed until later - if at all. Process efficiency trumped organization alignment. Consequently, the substantial savings often quickly dissipated.
A more diverse approach to process redesign was needed.
The IT Governance processes that can be purchased and adopted should be considered as a starting point - not an end. Every company, organization, or team can benefit greatly from leveraging existing process frameworks. The key is leveraging, not just adopting. Consultant or a Subject Matter Expert (SME) inevitably has unique core values, business rules, and constraints that beg for a variation from the standardized process in parts of the framework. This is where an assessment is most helpful and an organized change management effort is important. Before you begin adopting the standardized process, learn where you need to massage the framework to meet your unique needs. The initial analysis will help you discover gaps before you begin adopting something that doesn't work for your organization. Then, plan a change management cycle that is the appropriate pace for your needs.
To this end, the consulting team should conduct interviews, meetings, and correspondence with client's management and key staff members to ascertain:
Current Workflows
Current Pain-points
Current Technologies, Applications and Components
Current Constraints and Guidelines
Now the consultant should compare his/her finding against the several guidelines to identify the weak spots in the existing model.
Following are some of the key model and frameworks that are being used to assess any IT departments for compliance and risk management.
- ITIL
- COBIT
- SOX
- COSO
- CMMI
ITIL: Is a framework that aligns IT with Business, establish Key Performance Mertics, define and assign Roles & responsibilities.
COBIT: Define Control Objectives for Business related IT organization.
SOX: It makes senior managemnt accountable for implementing controls for all financial reporting systems
COSO: The COSO framework defines internal control as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations.
CMMI: All CMMI models contain multiple Process Areas (PAs). A PA has 1 to 4 goals, and each goal is comprised of practices. These goals and practices are called specific goals and practices, as they describe activities that are specific to a single process area.
With all the information listed above and clear picture of your "desired state" a gap analysis can easily be conducted with all this in-hand, a solution road map can be derived.
If you are interested in any of my blogs, please contact me via contact information provided in this blog or visit my website http://www.statera.com
No comments:
Post a Comment