Yahoo! News - Selling Diversity for Sarbanes-Oxley Survival
1 sur 2
http://news.yahoo.com/news?tmpl=story&cid=620&u=/nf/20050318/...
News Home - Help
Selling Diversity for Sarbanes-Oxley Survival Fri Mar 18, 3:19 PM ET
Paul Murphy, www.cio-today.com Just recently, the Canadian Federal Government had to revise its November 2004 monthly trade figures. Here's how Toronto's national newspaper, the Globe and Mail described the problem: Underscoring the volatility of monthly trade data, Statscan last week issued a startling $1.9-billion downward revision to November's trade surplus, citing a computer glitch at the Canada Border Services Agency that caused a massive understatement of imports. • SEC Extends
Sarbanes-Oxley Deadline for Some Firms • LexisNexis CIO Gordon Schick: ROI-based I.T. • TRW Automotive CIO
Joseph Drouin: Standardizing Processes To Deliver Value • Sarbox and BPO
Present Problems • GTSI CIO Craig
Ballam: Making Sound Financial Investments Newsletter Subscription
Despite monthly figures being subject to noise, currency traders pay close attention to the data. When the November figures were first reported, they helped lift the Canadian dollar more than a cent against the U.S. greenback. Apparently controls were a little weak -- but, of course, Sarbanes-Oxley doesn't apply to the Canadian government, and computers are notoriously unreliable; I mean, what can you do. Right? The Obvious and the Radical If you work in I.T., there are actually quite a few things you can do, but the one I want to talk about today is both obvious and radical: Think of your organization's information and communications technologies, skills and ownership as a portfolio, and reduce overall risks by intentionally diversifying all three. The general strategy of choosing one systems architecture and sticking with it everywhere was popularized in the late 1970s and early 1980s, mainly by consultants working for professional data-processing groups in big organizations. Their core arguments were that wrestling control of minicomputer-based applications like job-shop scheduling, document processing or inventory control from user management to give it to data processing would reduce overall duplication, reduce the cost of maintaining diverse skills, allow greater use of the central computing resource, and lead to enhanced user services.
Related Quotes 89.28 -0.58 It didn't generally work out that way, with user resentment against the costs, failures and IBM 24.31 -0.23 administrative demands of centralized data processing eventually leading many of them to MSFT leverage data processing's corporate loyalties to IBM (NYSE: IBM - news) to bring in thousands of IBM PCs -- while using their own budgets to buy software and support for them Get Quotes from anybody except IBM. Delayed Data Providers - Disclaimer Sponsored by:
Data Processing and Centralization Centralization didn't fail because the basic arguments were wrong. It failed because the only thing data processing has in common with computing support is the use of computers. As a result, almost every ERP centralization project failed to meet its cost-benefit targets.
New Pro Platform
But the idea that I.T. management should control and standardize the corporate information architecture became so deeply entrenched in the common wisdom of the profession that it still shows up in everything from Microsoft (Nasdaq: MSFT - news) licensing practices to in-flight magazines. Unfortunately, today's monolithic Microsoft architectures seem to be about as effective as those earlier consolidation projects -- and cost-control techniques like the use of desktop lockdowns, outsourced help desks and server-based processing are replicating the conditions that led to the organizational failures and user rebellions of the 1980s and early 1990s. Thus, the Canadian national accounts embarrassment looks like a classic controls failure, but the control that failed wasn't one of the usual suspects. It wasn't that no one knew; it was that the people who knew the update had failed saw that as an I.T. problem, not as their problem. That's the fundamental control failure risked by most of the I.T. cost-management methods generally considered best practices in the Microsoft client-server world. Fundamentally, if users don't own it, most won't take action when it fails and a few will quietly rejoice in the embarrassment caused I.T. when the fans and the brown stuff collide. Direction Changes and Clout
19/03/2005 07:48
Yahoo! News - Selling Diversity for Sarbanes-Oxley Survival
2 sur 2
http://news.yahoo.com/news?tmpl=story&cid=620&u=/nf/20050318/...
So what's the long-term answer? Take the advice implicit in the bromide about those who fail to remember history being doomed to repeat it. Change direction now, while you still have the clout to do it. Remember: Things change; the ideas and certainties that got you where you are also guarantee you a role as tomorrow's fossil unless you change too. If you're deeply committed to the Microsoft client-server architecture and its organizational consequences, the best thing you can do for your organization right now is to start rolling back the concentration of control and technologies underlying user alienation. In reality, the hardware used to deliver services isn't terribly relevant to control issues, but most people think it is. As a result, your choices, in terms of the hardware component in a decentralization strategy, include either making the hardware disappear from view or handing control of it, along with software and staffing, to users. In a future column, I'll address using Solaris and Sunrays to give users more freedom and control while "disappearing" the infrastructure, but it's the control consequence of sticking with the more traditional client-server architecture that's on the agenda today. Diversifying the control component -- and therefore the hardware, software and staffing components -- of your I.T. portfolio will be popular with management but can be a particularly tough sell both within I.T. and to a senior executive in the habit of discounting claims of cost cutting through centralization and standardization. To win, what you need to do is build an action plan around opportunities to bring divergent technologies and opinion in under user control and then sell that to senior management under the Sarbanes-Oxley label. Leveraging What People Understand The core argument is as simple and disarming as the simplification and centralization argument was in the late 1970s and early 1980s. Leverage what people understand: the role diversification plays in portfolio risk management to build support among each stakeholder group. Thus you get some of your own colleagues in I.T. on board by giving them a more business-focused role and reminding them of the increased employability that goes with a wider skill set. You talk to senior management about getting line managers to "own their productivity" and talk to everyone about the value of technology diversification in reducing processing continuity, cost escalation and failure risks. Get down to specifics on that and the argument is dead simple: Get half your file and print servers on Linux (news web sites), and the next Microsoft worm won't shut down processing. Get half your power Office users on Macintosh (news - web sites) and you won't be timing the next round of upgrades to avoid risks during the quarterly report preparation period. Get some serious open-source applications running in a line division or two and the organization will build the knowledge and confidence to shrug off the next megamerger or collapse in the software industry. Most importantly, however, you talk to senior and divisional management about the relationship between ownership and commitment. Remind them that people care most about the things they perceive as theirs. People who own the system will force a correction when a critical file transfer fails or a stored procedure bug causes the monthly report to go increasingly off-track. Making sure that user commitment is in place is the most fundamental Sarbanes-Oxley control of all. Paul Murphy, a CIO Today columnist, wrote and published The Unix (news - web sites) Guide to Defenestration. Murphy is a 20-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues. Story Tools
Email Story
Post/Read Msgs
Formatted Story
Ratings: Would you recommend this story? Not at all
1 - 2 - 3 - 4 - 5 Highly
Avg Rating: 4.00, 2 votes
Copyright © 2005 NewsFactor Network, Inc. Copyright © 2005 Yahoo! Inc. All rights reserved. Questions or Comments Privacy Policy -Terms of Service - Copyright/IP Policy - Ad Feedback
19/03/2005 07:48
