Opinions on DentDel case:
- Where could stronger IT governance have helped DentDel avoid this situation?
The case seemed to be a bit vague about what specifically had been done by the time the initiative had become unstable but it appears that, (in my opinion), they committed a multitude of critical mistakes at the enterprise architecture level and above:
At least two transgressions were commitment from a technology/EA perspective;
- They picked a technology before understanding what the functional requirements were, what the transitional requirements were or even if they had approval for the project. Cedric’s decision to base the platforms on P-phones before even beginning ensured that the answer would be a ‘square peg’ before they even knew if the holes would be square or round.
- According to the paper, with more than 30% of their budget consumed already, the project team was still trying to get information from the ‘business subject matter experts’. If this was the case, then it would have meant that they were still engaged in the (VERY basic) discovery phase – and yet they still went ahead with implementation. If they never made it out of the discovery phase then that also means that they apparently never defined the business architecture, (no way to understand what the consumption models would be or how to deliver it),never defined the information systems architecture, the technology architecture, they never did a gap analysis to even get a basic understanding of what needed to be done – in other words they never adequately identified what was currently happening, what their target state was, (i.e., what does success look like?), they never identified what the governance and change management mechanics needed to be, etc., etc., etc., etc. In short – the Cedric should probably start looking for another job.
From an IT Governance perspective:
At a *MINIMUM*, they broke COBIT5 EDM01.03, EDM03.01 and EDM04.01:
- They never did a risk analysis or impact assessment!!! That is almost as bad as picking a technology before starting:) They not only didn’t define what their risk tolerance was before starting, they didn’t even define what their risk appetite was. This means that they weren’t able to understand when to cut their losses or even what would constitute failure! EDM03.01 suggests that they make a judgement on the effect of risk – which they never did. Rafael and Dan’s concerns – after it was too late, that the failure would have a material impact on the company, (and as a result the shareholders), was not only negligent, it was *criminal negligence*. Creating an Ad Hoc committee for something that had the potential to have a material impact on the income statement and never including that in an 8-K or 10-K might be considered to be a breach of their fiduciary responsibilities to act in the best interest of the company.
- They never included executive leadership or the board to have ‘skin in the game’. EDM01.03 suggests that the commitment of executive management for making IT related decisions should have been followed. In other words there was no executive buy-in or monitoring of an initiative that had the potential to seriously impact the entire company (the order entry system)
- EDM04.01 Was disregarded as well because they never ensured that adequate and sufficient IT capabilities, (people, process and technology/tools) were available – this probably would never have been the case if they had followed the recommendation of EDM01.03. Even from a marginal ‘blocking and tackling’ awareness perspective, they never considered critical organizational influences like; organizational readiness, organizational maturity or even the capacity to absorb the technology. i.e., if the project had only reached the discovery phase, (see the EA perspective above), then it’s clear that they never developed prototypes, held sales training or internal technical support training, etc., etc., etc. If this is the case, they how could you possibly allocate the appropriate level of resources and funding that would make it sustainable?
2. Where could stronger IT governance have helped DentDel avoid this situation?
I’m pretty convinced that I could not make the Temple basketball team today – something that Fran Dunphy will, no doubt, lose a lot of sleep over:) So given that I don’t have the skills to make the team, making me ‘stronger’ would not change either the equation or the outcome.
Likewise, given the complete lack of anything that even remotely *resembled* thoughtful management and governance skills, *adding* anything to make the governance of DentDel “stronger” would neither change the equation or the outcome – Cedric would have found some other way to put the company in jeopardy – this was simply a case of a bad hire.
Leave a Reply