Moving IT into the unknown with boldness, courage and strength to drive business value

As an IT organization, are you being beaten down daily and told that you are not nimble, agile or delivering solutions that the business perceives as valuable at the correct level of risk? I got to thinking about this and recalled a situation that a major financial organisation recently shared with me.

The business had a situation where one of their primary customer interaction systems crashed. The incident was raised, escalated to high severity and after two days IT resolved the outage and the system was restored. Whilst the outage was in play a recent graduate quickly developed a Tablet App that could be used to interface with the client. Predictably, the app proliferated through the team, as did tablets themselves, and they were all expensed via the expense system. IT was unaware of the transition, the assets, and the data being stored “in the cloud.” The attitude of the vice president when confronted by audit was that “it’s easier to get forgiveness than permission.” The view was that IT was too slow and there were too many processes, so the team just did it.

I discussed the scenario with the service management team and they mentioned that they were great at logging and fixing incidents, had a great process for managing change and told me that no one was violating “the process.” Imagine their shock when I shared what the user community was really doing.

Change is hitting us from all directions. Technology advances are not the only change on the horizon. We have a generation of “digital natives” hitting the workforce who believe access to technology is a basic right, not a privilege. This generation does not want to be told what technology to use; instead, they bring their own and, like a carpenter, they want to use the hammer that fits their productivity.

Why is it that IT generally seems slow to adopt new technology? We should be early adopters, understand where the value is and how we can leverage new technology to partner with the business to drive value!

With the rapid infiltration of social media, mobility and Consumerization of IT and apps proliferating everywhere, a whole company may become IT-savvy.

Another manufacturing organisation I visited had just implemented a new strategy to protect against the latest generation of hackers and cyber attacks. Unfortunately the implementation locked down usability and hampered business. IT dealt with it with yet MORE controls, more rigor and more process. It didn’t attempt to understand the business risk and mitigate risk where appropriate or educate the community on the real risks and provide a communication channel so the business can work with IT in the case of suspicious behaviour.

In our profession we have to choose whether we wish to transform, lead and innovate to drive business value in everything we do or be transformed. We must transform from followers of the business to equal partners sharing in the common goals of the mission of our organisation.

Remember the journey starts with a single step! Are you willing? If so, join with me and your peers as we charge into the unknown with courage and strength to deliver the prize to your business:  value from IT!

Metamophosis image was originally posted to Flickr by Charles & Clint at and was taken from Wikimedia Commons licensed under the Creative Commons Attribution 2.0 Generic license.

The following two tabs change content below.

Robert Stroud

Vice President Strategy & Innovation IT Business Management at CA Technologies
Robert Stroud is vice president of innovation and strategy for IT Business Management at CA Technologies. Rob is dedicated to the development of industry trends, strategy and communication of industry best practices. Rob is a strong advocate for the governance, security, risk and assurance communities working closely with the community to author, develop and communicate standards and best practices. Rob also advises organizations on their implementations to ensure they drive maximum business value from their investments in IT-enabled business governance. Following a four-year term as an ISACA International vice president, Rob served on the ISACA Strategic Advisory Council, and is currently serving as ISACA ISO Liaison sub-committee. Earlier, Rob served on the itSMF International Board as Treasurer and Director Audit, Standards and Compliance, the itSMF ISO liaisons to multiple working groups and spent multiple years on the board of the itSMF USA. An accomplished author and blogger, Rob is widely recognized for perspectives on industry trends. He also has contributed to multiple standards publications including COBIT 4.0, 4.1 and COBIT 5, Guidance for Basel II and several ISO standards. Rob served as an active member of the ITIL Update Project Board for ITIL 2011 and in various roles in the development of ITIL v3 including the Advisory Group, mentor and reviewer. Prior to joining CA Technologies, Rob spent more than 15 years in the finance industry successfully managing multiple initiatives in both IT and retail banking sectors related to security, service management and process governance. Follow Rob on Twitter: @RobertEStroud

This article has 5 comments

  1. This is the classic consequences of IT-centric service management staff who think operations and transition are the core of ITIL. When I repeat this over and over again, there are still fools out there who think I’m just being another one of those “dogmatic” ITIL purists. <sigh>

  2. These are the classic consequences of IT-centric service management staff who think operations and transition are the core of ITIL. When I repeat this over and over again, there are still fools out there who think I’m just being another one of those “dogmatic” ITIL purists.

  3. We as IT Security professionals also need to transform our thinking and approach to the problem.  Finding solutions that allow the business changes to occur while protecting the intellectual property.

  4. Juan,

    I am often amazed why many ITIL professionals care more about the process than the business and get caught and finish with the Service Desk – there is definitely more than 2 books in ITIL and they’re not too bad.


  5. Linda,

    Great point – security should be a consideration from beginning to end, as part of the Enterprise Architecture considerations.


Leave a Reply