Archive | Governance

Water Will Always Find a Way

By Christian on 9th December 2013 in Big Data, CEO, CFO, CIO, Disruption, Governance, IT Leadership, Risk Management, Security

Just like water will always find a way through or around any obstacle, so will people find a way around any security measures you seek to implement.
You may think you have thought of the most foolproof method of managing your data, but as soon as you implement it and ride out the first wave of direct (and often blunt) feedback, people will start beavering away on ways to get around your processes.

Anybody who thinks otherwise is only fooling themselves and will be rudely awakened when a security or other serious data breach occurs.

The best way to remedy this and eliminate it as best you can is to create and reinforce an educative program that informs people of the reasons as to why you are having to implement these policies and not just labouring on the pitfalls of not adhering to your security policies.
As time consuming and labour intensive as it sounds, a period of open discussion and feedback sessions will alleviate some of the staff objections prior to drawing up your policies and generate an enormous amount of goodwill.

Everybody appreciates there needs to be some level of security, especially in heavily regulated or security conscious industries but nobody appreciates dictatorship levels of oppression when they are not completely necessary.
Simply saying it’s a disciplinary offence to not adhere to these policies without explaining them thoroughly first or taking an objectionable point of view on board will alienate you from the very people you are trying to protect.

We’ve all been asked by staff across the organisation if they can use third party file sharing services like Dropbox to share data etc. and had to refuse them on security grounds.
We all know they use these services (and you probably do as well) and trying to implement an internal, secure enterprise version of a similar technology is very time consuming to manage and expensive not to mention extremely difficult to secure.

Smaller companies with less advanced infrastructure will often use third party file sharing services as a low cost and logical extension to their infrastructure.
The security risk to their IPR is no less great than larger corporates but they thrive on the nimble and agile gain that using these services gives their businesses.
When new individuals join your organisation from these smaller and more agile business through acquisition or organic growth, they will quickly challenge any seemingly draconian procedures you have in place. They will challenge you that their agility and productivity is being stifled by these procedures with the very valid reason they are often brought in to disrupt your existing business working in precisely the way they need to.

We need to take on board these new types of people and the roles they perform, adapting the necessary rules and procedures to allow them to go about their business rather than stifling them with regulation.
This is challenging and a bit scary but as long as your security is not diluted too far, adapting to incorporate these new roles and working practices will show your willingness to change and adapt and will not go unnoticed across the organisation.
In the new arena of change and disruption, those who adapt will thrive and those that don’t…. Well, you know how that story ends.

This piece has also been posted on:
The Business Value Exchange in my position as CIO ‘Thought Leader’ and Featured Contributor
The Intel IT Peer Network in my position as IT Industry ‘Thought Leader’ and Featured Blogger
Outsource Magazine in my position as IT Industry ‘Thought Leader’ and Featured Columnist

Roles and responsibilities of key stakeholders

By Christian on 18th September 2013 in Agile, CEO, CFO, Change Management, CIO, Governance, Project Management, Risk, Stakeholder Management, Stakeholders, Transition

Key stakeholders for any project typically come from inside your organisation and are normally those who have endorsed or identified the need for project activity. However they could also be external clients or suppliers, as they might be directly affected by the resulting changes of the project.

They need to be identified prior to the project proposal being discussed and be the driving force and sponsor for the project through all stages from development to training, implementation and support.

The key stakeholder is a pivotal role in the success of any project and they have a number of core responsibilities that they must adhere to.

Understanding the business drivers and ensuring that the project fits with the strategy for their area of the business: a fundamental responsibility – the stakeholder must be able to clearly explain the necessity for their project to be taken on before others and prove its strategic merit.

Providing detailed requirements and a financial plan: every project must have these and is doomed to fail if they’re not completed up front.

Committing the necessary resources: Its key to have individuals from the affected areas involved on any project. They can provide you with instant answers and feedback as to how things do or should work. They are the daily operational link to the eventual user base of the project deliverables and I cannot stress enough the importance and usefulness of having them involved. Agile PM methodologies allow you to have quicker bursts of development and a higher pace of deliverable but if you are using traditional project management techniques and don’t have target resources available, you could be wasting a whole heap of time and reputation if your deliverables don’t match what the client wants.

Taking ownership of appropriate deliverables: the stakeholder needs to take ownership of the appropriate deliverables and make sure that they work against a number of key elements such as mirroring the requirements, process compatibility, usability and performance. They must sign off and take ownership of each deliverable, thus allowing the project to proceed on the right track.

Keeping abreast of project progress and cascading information to others who need to know: the stakeholder must not skip project meetings and rely upon others to keep them up to speed. Similarly, they must also keep affected others or teams up to date with frequent progress reports. This is probably the most often reported symptom of failed projects where key stakeholders become disassociated with a project and it starts to drift, stray from the requirements and fall apart. Stakeholders must stay focused and attend all key project meetings.

Establish the training and support requirements: the stakeholder must identify any effected individuals of their projects and establish the necessary training and support requirements. This will be done in harness with the relevant departments but the stakeholder is responsible for it. A project should not end when the development is finished but when it is fully implemented with full training and relevant support models.

Identifying and resolving any project issues and risks, especially those associated with managing change during the transition phase: it’s up to the stakeholder to identify and acknowledge any potential risk and change associated with their project during the proposal stages. This will obviously be discussed with the project team, PMO or legal representatives prior to the project getting a green light.

Communicating throughout the life of the project: I cannot stress enough the need for strong communication. The least successful projects are the ones that are done in isolation, that people forget about until an email gets sent around heralding its imminent implementation. Requirements or processes sometimes change during project development and without having relevant resource or communication with the targeted business areas, a project will quickly lose resonance and relevance. Managing associated change during the transition phase must be done up front or during the life of the project and not when its ready to be implemented as those reticent to change can quickly sour any implementation.

Project closure: in accordance with good project governance, the stakeholder must perform an analysis of the projects delivery against plan, budget and strategic objectives and sign off and accept the project.

This piece has also been posted on my Outsource Magazine column here and on The Business Value Exchange in my position as CIO ‘Thought Leader’.