Information technology is a relatively young profession. During our industry's infancy we had to create solutions for a myriad of problems, ranging from day-to-day operations to never-before-implemented technical solutions and everything in between. We used trial and error to find the best solutions to new problems. Today, decades after the advent of IT, we shouldn't have to problem-solve from scratch. New technology or combinations of technology might still require new solutions, and we still might have to form committees to decide which components will work in our institution's culture—but we should not have to recreate all IT solutions from the ground up.
Four Tools for Problem Solving
I use two organizations and two frameworks to create the foundation for solving problems and completing projects. These organizations and frameworks, which I call "tools," can minimize learning curves as we go about the business of solving IT problems. If used properly, these tools can keep IT departments from always having to start from scratch, enabling us to create solutions effectively and efficiently.
Used in combination, Control Objectives for Information and Related Technology (CobiT), EDUCAUSE, Information Technology Infrastructure Library (ITIL), and Gartner have proven invaluable to me. These four tools hold the basic solutions to a number of organizational, process, or project challenges IT professionals encounter. The solutions might need modification to accommodate an organization's culture, technology maturity level, or some other variable, but we don't have to recreate the decision process from the ground up every time.
CobiT
CobiT is published by the IT Governance Institute (ITGI). According to its Web site (http://www.itgi.org), "ITGI is a research think tank that exists to be the leading reference on IT-enabled business systems governance for the global business community." I have seen CobiT defined as an audit and control tool, an IT self-assessment kit, a framework for implementing IT governance, and a whole lot of other things. It is—depending on what you use it for—all of these things.
CobiT breaks IT activities into four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. Under these domains are 34 processes or high-level control objectives. For example, under Acquire and Implement, high-level control objective 6 is Manage Change. The 34 high-level control objectives themselves encompass 214 detailed control objectives.
The high-level control objectives dissect the process and spell out the business requirement the process satisfies. The objective also provides the needed focus, explains how to work through the process and measure it when complete, and assigns responsibility for the detailed control objectives. Finally, CobiT guides an organization in determining where it is on a zero-to-five maturity model for the high-level control objective. All this information boils down, on average, to four pages of text per high-level control objective. What I like the most is CobiT's modular nature. I can take one of the high-level control objectives and use it to assess that particular objective without attempting to implement all of CobiT.
I recommend using CobiT to select IT goals and processes to work on, choosing a high-level objective and scope. Then select one of the processes and get started.
The second step is to assess your organization's capability by reading the descriptions of the maturity levels. Determine where you fall on the maturity model for the objective and decide where you want to be. In setting your maturity model goal, be realistic about what you can accomplish.
Your placement on the maturity model and where you want to go will lead naturally to an analysis of the gaps to address. You can then identify improvement opportunities for the specific process chosen. This assessment should give you some idea of where to start making improvements and enable you to implement them. But, how do you know if your improvements had the desired effect of moving you along the maturity model? The answer is right there in CobiT. Metrics are built into the high-level control objectives.
CobiT has another benefit: auditors use checklists based on CobiT to conduct their IT audits. If you know what the auditors will ask, you can better prepare and be proactive about implementing the recommended solutions and controls.
So what does CobiT cost? It's free. The Adobe PDF version of the framework is available for download on the Web with site registration. Bound and laminated versions can be purchased from the ITGI Web site, but you can print a copy of the framework yourself at no charge.
CobiT can be difficult to understand and even more difficult to implement. Fortunately, training is available on the Web for varying fees.
Caution! CobiT is a big, scary thing to implement in totality. Although you could approach it as a solution for the complex issue of IT governance, I would not recommend it—implementing CobiT for that purpose could become a huge project. Rather, I suggest the IT organization figure out specific issues to address and pull that portion of the framework off the shelf.
EDUCAUSE and ECAR
A nonprofit organization whose members are colleges, universities, and educational organizations, EDUCAUSE focuses on IT use in higher education (http://www.educause.edu). Because EDUCAUSE membership encompasses a large group of people in a similar environment, they understand higher education–specific challenges and may have encountered and solved comparable problems in the past.
EDUCAUSE offers national and regional conferences for networking, learning from peers, higher education IT leadership development, and various publications. Any institution, including nonmembers, can use the EDUCAUSE Core Data Service (http://www.educause.edu/apps/coredata/) to enter information about their institution and IT organization. They can use this information to benchmark themselves against the hundreds of other institutions whose information is also entered in the database, which includes technology cost, capabilities, and training.
Through a companion membership, institutions can join the EDUCAUSE Center for Analysis and Research (http://www.educause.edu/ecar). ECAR membership gives an institution access to research conducted by the ECAR fellows, current or retired higher education IT practitioners, and others. Eighteen months after research is published, it is made available on the Web without charge.
I use EDUCAUSE mostly for networking and research. The Web site features a large repository of articles, presentations, and threaded conversations from archived newsgroup postings. Conference attendance, networking, and member presentations offer another way to search for people who might be working on the same problems. The organization's periodicals, EDUCAUSE Quarterly (http://www.educause.edu/eq/) and EDUCAUSE Review (http://www.educause.edu/er/), include EDUCAUSE staff-written or peer-written articles covering timely topics that often top IT department project lists.
EDUCAUSE membership cost is based on full-time equivalent student enrollment and Carnegie classification (http://www.educause.edu/membership/). Depending on these two factors, the cost can range from $455 to more than $7,700 annually. ECAR membership is based on the type of package selected and EDUCAUSE membership, ranging from $2,000 to over $10,000 annually.
ITIL
ITIL is a standard developed by the British government in the late 1980s. It contains the best practices in IT service management, compiled in a series of publications.
ITIL covers subjects ranging from software asset management and service desks to security management. The various volumes hold step-by-step instructions on how to implement best-practice processes and structures. The volumes also contain for each subject the purpose, goals, scope, sample project plans, job descriptions, concepts, and benefits. These chapters can be extracted and used by IT department staff to work on areas demanding attention.
ITIL literally spells out "how to"—you don't need to recreate the process or flow for the different subjects. The cost of the volumes can vary, but you can find a complete set online for $795. Training is available through different vendors, with varied pricing. As with CobiT, beware: ITIL could become a huge project if you try to implement the whole thing.
Gartner
Garter is a public company that provides technology-focused services to its members, including research reports from analysts who are experts in their fields. During the past two years, my IT organization had 97 inquiries with Gartner and used hundreds of their research reports. I find Gartner useful while trying to solve a problem or evaluate options. If I determine that no one on my staff—including me—has the necessary knowledge and experience, Gartner provides access to experts with experience in the situation I am trying to solve.
Gartner customers can access research reports spanning 850 topics by logging in to the Gartner Web site. Hundreds of reports are released every month, usually five to six pages long and easy to read. Customers can also use the Gartner Web site to set up telephone calls with the analysts to discuss their research, or to ask specific questions about a subject. The analysts can provide status of a technology, service, or vendor; discuss best practices; or provide feedback on draft documents. They can also review specific requests for proposals, vendor responses to RFPs, contracts, and pricing.
The Gartner analysts are experts who have "been there and done that." They can talk to you about approaches that work and those that don't. They can give you some idea of the cost others are paying for certain services and potential savings that might be available through negotiation. For example, during a contract negotiation in which I was involved, Gartner pointed out the standard practice of receiving a percentage rebate from the vendor. The resulting rebate for my institution was approximately $40,000 per year.
Additionally, the analysts can meet with you by teleconference to discuss particular products or technologies, the leaders in that field, and those facing similar challenges. They get their information from their background in the field, their research, and interaction with other Gartner customers.
While Gartner services are not free, I find them a bargain if the organization uses them to their fullest potential. The cost for a Gartner membership varies based on the type of membership, industry, size of the organization, and other factors, such as the number of employees permitted to schedule analyst calls and the number of students attending the college. In general, a higher education member can expect to pay between $15,000 and $60,000 annually.
People in the IT organization must actively use the analysts and research for Gartner membership to demonstrate value in addressing an institution's problems. Use of the Gartner service should be embedded in the way the IT organization operates.
Remember that the analysts' information is ultimately opinion and advice that might not always be applicable to your institution. Circumstances or culture issues might exist that the Gartner analyst cannot address. You must decide whether a specific recommendation will work at your institution.
Using the Tools
Using a change management board implementation as an example, let's discuss the process of how the CIO of a higher education institution would best use the four tools. CobiT high-level control objective Acquire and Implement (AI) 6 contains the information about change management. Under AI6 are five detailed control objectives, which provide instructions for what to cover:
- AI6.1: "Set up formal change management procedures to handle in a standardized manner all requests (including maintenance and patches) for changes to applications, procedures, processes, system and service parameters, and the underlying platforms."
- AI6.2: "Ensure that all requests for change are assessed in a structured way for impacts on the operational system and its functionality. This assessment should include categorization and prioritization of changes. Prior to migration to production changes are authorized by the appropriate stakeholder."
- AI6.3: "Establish a process for defining, raising, assessing, and authorizing emergency changes that do not follow the established change process. Documentation and testing should be performed, possibly after implementation of the emergency change."
- AI6.4: "Establish a tracking and reporting system for keeping change requesters and relevant stakeholders up to date about the status of the change to applications, procedures, processes, system and service parameters, and the underlying platforms."
- AI6.5: "Whenever system changes are implemented, update the associated system and user documentation and procedures accordingly. Establish a review process to ensure complete implementation of changes."
These objectives may not tell you how to implement change management, but they provide an outline for the processes that need to be in place. EDUCAUSE, ITIL, and Gartner can help with the step-by-step procedures.
After you use CobiT to create change management, the process should be documented in a draft form. I would then consult EDUCAUSE and ECAR to provide a higher education–specific view of the change management process.
A search of the EDUCAUSE Web site on change management yields multiple documents. The subject has been examined in both EQ and EDUCAUSE Review, as well as in ECAR research, EDUCAUSE conferences, and discussion group postings. Sorting through the wealth of information provides a higher-education peer perspective.
Arguably, the best step-by-step description of the change-management process appears in ITIL, primarily in the Service Support volume. The authors review the goals and reasons for implementing the change-management process, and they review concepts behind change management, the make-up and functioning of the change board, and the benefits, costs, and problems that you might encounter. As in CobiT, ITIL offers suggestions for metrics. The chapter on change management also suggests audit items and features, which should be included in a software tool used to facilitate change management.
Gartner proffers dozens of research reports on the change-management process, tools, and case studies. Further, Gartner has analysts devoted to change management who can go over best practices, available tools, and vendors, as well as conduct a review of your draft documentation.
Conclusion
Solving problems by ourselves and creating processes and procedures from the ground up has long been part of the IT department's way of operating. We will continue to encounter new problems to solve and new technologies to be implemented. We also must involve our constituents in the creation of solutions. Nonetheless, for many issues we no longer need to recreate solutions. We can use four tools—CobiT, EDUCAUSE/ECAR, ITIL, and Gartner—to evaluate current status, compare notes with our peers, look for already defined best practices, and consult the experts. These four tools give us the ability to save time and resources by adopting tried and true solutions.