Very interesting and diverse set of comments this week. Did you notice how quickly the nice orderly world of ISACA (basic and admin controls, enterprise architecture, strategy and steering teams and RACI charts) became chaotic? There is an important point here, its called POLITICS. Not the nation-state kind, nor necessarily the back stabbing kind. The best definition I know of politics is “Who gets what, when, where, why and how.” You can go into any organization, find its IT strategy, find a steering team and apparently they are doing the right things. But, until you understand who the committee members are, what interests they represent, which groups have more power than others, you will not really know what is going on. The Weill and Rose article should open your eyes to some of the possibilities.
The thing I want you to take away from this discussion is that implementing an IT strategy is also a political exercise. Yes, having a great plan based on an excellent enterprise architecture is important, but you need to get it accepted throughout the organization. This means you need to get buy in from anyone who is in a position to slow you up or shut you down. You need to get all the other players to understand, buy in, and support you when things go wrong. This will involve a lot of skills that IT people are not usually known for. There are likely to be difficult negotiations, private lobbying, dramatic speeches, and lots of grass roots communicating. Good CIO’s have these skills and have probably used them to define a comfortable status quo with the rest of the organization. As an auditor, you may find a problem that has the potential to upset that status quo and hence threaten the CIO. Be aware.
Thu & Rich