The Infonomics Letter

The Infonomics Letter is also available in Spanish, thanks to the generosity of Carlos Francavilla, at BITCompany in Buenos Aires.  From April 2011, the Spanish editions are available direct from the Infonomics site as downloadable PDF files.  Prior editions in Spanish are available as part of Carlos' blog on Wordpress.

2010 editions:     January  February  March  April  May  June

July  August  September  October  November/December

2009 editions:     January  February  March  April  May  June

July  August  September  October  November  December

2008 editions:     October  November  November Special  December

January 2012 Edition: Looking Both Ways in English

Edición de Enero: Mirar a ambos lados en español

Hello and welcome to The Infonomics Letter for November 2011.

Casting an eye back over the corresponding edition for 2011 might cause one to wonder if we have made any progress in the past 12 months.  Indeed, looking through the full set of 2011 editions we can see many more case examples of lessons provided through failure of operational IT disrupting business, and through failure of IT-enabled business change that renders the investment waste and denies access to potentially substantial benefits.

Current history – that which is too new to be yet dismissed as the folly of the past, continues to tell us that we must learn to do better when it comes to maximising the current and future business value of our investments in information technology, in the private and public sectors.

One person who knows all too well that we must learn from current history and adopt better practice is the Auditor General of Victoria, Des Pearson.  Des has been a long-time champion of improved governance in the state’s use of information technology.  Late in 2011, he and the Victorian Ombudsman, George Brower, co-authored a major report on Victoria’s less than satisfactory performance in delivering value from IT investments.  That report was the focal point for discussion in the November 2011 edition of The Infonomics Letter, under the heading “A State of IT Failure”.  It is my very great pleasure to now welcome Des Pearson as a contributor to The Infonomics Letter.  His article, “A Victorian Public Sector Challenge: Delivering and Realising Value from ICT” adds further depth and guidance for government business leaders in particular, and includes useful guidance of all business and technology leaders.

Several other developments through late 2011 and on into this year give confidence that there is more attention now being given to learning lessons.  In “Stepping Boldly Forward” I look across a range of developments, from a major business newspaper getting very aggressive in discussing the value of IT spending, to two universities investing significantly in research, and new behaviours emerging in Australian state governments.

Finally, may I share just one tiny example of how we can learn from experience?  Today I am in a serviced apartment in Brisbane.  The apartment has a broadband internet service.  The desk is positioned near the door, but the internet access point is on the farthest opposite wall leaving a gap of about four metres.  How does that meet the intent of the ISO 38500 Performance Principle, meeting business need?

Click here to read The Infonomics Letter

November 2011 Edition: Repeating Lessons in English

Edición de Noviembre: Lecciones Repetidas en español

Hello and welcome to The Infonomics Letter for November 2011.

The agenda for The Infonomics Letter is always dynamic.  I maintain an ever-growing long list of topics that I would like to discuss, all pertaining more or less directly to effective governance of IT.  Topics emerge from many sources, but the majority come from every-day press around the world.  One that warrants attention is the demise, unsurprising to many, of the massive IT project at the UK National Health Service. Linked to this is the very interesting campaign (which Infonomics overtly supports) launched by the E-Health Insider for appointment of Chief Clinical Information Officers to provide clinical leadership on IT projects and use of information in UK National Health Service organisations.

Another is the announcement by the CIO at Australia’s Department of Defence that the department will be changing tack from massive projects to small ones – typically costing around only a million dollars.

But these topics have all been pushed to the background again by emergence of yet another well written, hard hitting report on failures of IT in government in Australia.  In A State of IT Project Failure!, we look at the observations and findings arising from a review of ten major IT projects in my home state of Victoria. If there is a problem with the report, it is that it once again confirms the same types of problems that have occurred many times before, and recommends improvements that have been recommended many times before.  What it doesn’t do is provide a new way for the lessons learned to be applied – indeed when one considers the responses from the most responsible agency, one wonders if there is any desire within the Victorian public service to actually do a better job with IT.

Presuming that there is an appetite somewhere for significant improvement, I take the discussion further – postulating that, as the report clearly defines a need for government agencies to improve their governance of IT, there is a need for an enabling agency that, instead of interfering in the IT decisions, helps agencies to put in place arrangements that assure them of good decisions on an ongoing basis.

It’s a great pleasure to let my readers know also that this topic is of considerable interest to my friends at Affairs of State.  There will be a short article in the forthcoming edition of Letter from Melbourne, summarising some of the key issues from the new Victorian Ombudsman’s report.

I sincerely hope that you find this edition useful and look forward to your feedback.

Click here to read The Infonomics Letter

October 2011 Edition: Improving Control in English

Edición de octubre: la mejora del control en español

Hello and welcome to The Infonomics Letter for October 2011.  Life is becoming very interesting in the space around governance of IT.  The fact that we need to improve control is becoming more and more tangible, but so too is the evidence that we are making some inroads. 

There is a perception, seemingly wide spread in the market, that many company directors are reluctant to ask questions about information technology.  As regular readers know, this journal and other Infonomics products, aim to help more directors deal with IT on their terms.  This month, Technology in the Boardroom: Directors’ Attitude – Again! exploits a conversation I kicked off on LinkedIn during August to reflect diverse views on the topic. Perhaps most telling in the discussion is that fact that 85% of the people who participated are, according to their LinkedIn profiles, expert in information technology.  One wonders where the non-technology directors were, and how to engage them in the conversation, which aims to help them be more effective in their roles.

Since the last edition, much of my time was spent in the UK and Europe.  While there were a couple of disappointments, mostly the trip was a huge success.  I’ll explain more in Mission to Europe.

During September, the UK Government announced the demise of the National Health Service National Program for IT.  Launched in 2002, the program was intended to standardise the IT environment across the entire NHS in England.  After nine years, and 12 billion pounds, it has apparently produced no tangible benefits, and while failing to even deliver many of the promised systems, has probably held back other IT  advances in health care.  Earlier this year, anticipating the demise of the whole program, I spent a little while browsing audit reviews of the project from the past few years.  It struck me that the evidence pointing to the program’s failure has been there for a long time.  Indeed, when sharing coffee with a friend in London just a month ago, I learned that consultants engaged to start the project had been denied permission to meet with the “clients” – the people who run the various health trusts for at least six months. 

An astute director would have realised right then that the program would fail!

Lessons about consequences of poor governance of IT continue.  They are too numerous to explore in detail. Recent items include the global failure of Blackberry services and the extraordinary case of a person who reported a privacy breach and was promptly hit with a visit from the police and lawyers.

Click here to read The Infonomics Letter

September 2011 Edition: Unexpected Interlude in English

Edición de Septiembre: Interlude inesperado en español

Hello and welcome to The Infonomics Letter for September 2011.  Those who are paying attention will realise that there has been a gap: the August Letter did not materialise.  Sometimes when operating as a one-man-band, circumstances crop up that just make it impossible to deliver everything, and when that happens, the freebies have to make way.

The Australian team that originally developed ISO 38500 is preparing a submission relating to its future work.  Your thoughts will help guide that submission. Please give us a few moments now to respond on twelve points in the Survey on Governance Standards.  There is a little more information at right, and more again in the introduction to the survey.

This month, we begin with Governance and Management: Further Perspective.  Regular readers will remember that in the last edition I expressed disappointment about the draft of the COBIT 5 framework.  COBIT 5 is a product of ISACA, an international membership organisation for IT professionals.  ISACA was an early influencer in governance of IT and its COBIT framework is frequently referenced as a guide on governance and management of IT.  In its latest incarnation, we had been led to believe that COBIT would align to and integrate ISO 38500.  The outcome is disappointing, as explained in the July edition.  Since then there has been a great deal of debate around the subject on various internet discussion groups.  I have used some of that discussion to frame Governance and Management: Further Perspective, in a further effort to explain just how the concepts of governance and management are related.

Inexorably, Information Technology is becoming a topic of boardroom discussion.  However, some of the discussion is not about the organisation’s use of IT – rather it focuses on the board’s own use of IT.  The topic became newsworthy recently when the legal specialists at ANZ Bank asked its board to not use iPads, due to concerns about the handling of notes directors might make on the device when using it to read board papers and participate in the work of the board. Technology in the Boardroom: A Governance Perspective aims to answer some of the questions originally raised by a journalist exploring the issue for a future edition of the Company Director magazine.

Finally, I will be in London for the latter part of September, attending a meeting of the international working group on standards for governance of IT.  In Thanks for the Help, I recognise those who are helping me get there.

Click here to read The Infonomics Letter

August 2011 Edition: Missing in Action

Sorry - there was no August edition - there were too many other things happening!

July 2011 Edition: Mixed Emotions in English

Edición de julio: una mezcla de emociones en español

Hello and welcome to The Infonomics Letter.

Last month, I mentioned the release of the COBIT 5 Exposure Draft.  A brief scan had indicated some definite influence from ISO 38500.  That, coupled with recognition of ISO 38500 in the COBIT 5 plans announced in 2010 had left me hopeful that COBIT 5 would provide a real breakthrough in practical guidance on how organisations might establish a comprehensive and effective system for governance and management of IT.

This month, having ground through COBIT 5: The Framework Exposure Draft, I am disappointed.

My concern is that COBIT 5 still does not align to the definition of governance provided in ISO 38500.  If anything, it goes further down the wrong path of entrenching management activities under the heading “Governance”.  I’ve tried to express my concerns in a coherent manner in Shattered Dream.

Offsetting the disappointment is the continuing growth of market interest in ISO 38500.  Building on this year’s already highly successful forays into the Middle East, Latin America and Malaysia, we are now able to announce seven new events across Europe. In addition to being a reseller of Waltzing with the Elephant, IT Governance Limited will promote the ISO 38500 Foundation class.  Two new partners for Infonomics are also promoting opportunities for their clients and the broader market to learn about the ISO 38500 approach to governance of IT: 

• PMOworks is promoting a series of four events in European cities including its home of Dublin. The company specialises in developing, implementing and supporting PMO operations, helping organizations improve business processes and reduce project risk and overall costs.

• Falk Janotta Unternehmensmanagement is based in Wurzburg, Germany.  The company provides a wide range of services to assist organisations achieve success in their use of IT.  Company Principal Falk Janotta participated in one of the first Europe classes on ISO 38500, and is now facilitating access to knowledge about the standard for his diverse and expansive network.

See Infonomics Education Program for further detail.

Would you like to obtain some independent advice on your concerns or efforts around governance of IT?  Do you have a strategy, a project or some other situation where you are not fully comfortable?  Perhaps the Infonomics Access Service will be of assistance to you.

Click here to read The Infonomics Letter

June 2011 Edition: A Dose of Reality in English

Edición Junio 2011: Una Dosis de Realidad en Español

Hello, and welcome to The Infonomics Letter for June 2011.  It’s the end of the financial year in Australia, and many of us are very focused on ensuring that our financial affairs and tax obligations are in order. 

But while financial compliance does indeed stand as a dose of reality, it’s far from the only dose of reality that we encounter in this information era.  For the owners of some 4,800 web sites, the dose of reality delivered during the past month can hardly be more emphatic.  Following numerous examples of information security breaches over the past few months, the risk of information security breach and the risk of cloud computing intersected when hackers destroyed four servers and all associated backups at an Australian company known as Distribute.IT.  In the Blink of an Eye discusses the governance issues that emerge from this event.

The Distribute.IT case is a clear instance of the risks in cloud computing being realised.  We discussed those risks just two months ago in a story we called “Rocks Hiding in Clouds”.  The story was quoted in the June 2011 edition of Company Director, as part of Domini Stuart’s article “Seeing through the clouds”.  A Few More Words on Clouds adds further perspective.

A different form of information security breach was reported during June by the Australian Institute of Company Directors, when a notebook computer was stolen.  Comments in the press and in online forums raise some interesting issues.  We discuss some of these in A Testing Embarrassment.

Several state governments in Australia have tried to establish a Shared Services approach to IT.  Most have failed, with South Australia now added to the list, while the new government in New South Wales has announced it will embark on its own shared services journey.  We discuss the concept in Albert Einstein Observed.

The Information Systems Audit and Control Association (ISACA) has released an exposure draft of its forthcoming COBIT 5 framework.  This is a significant work, which has been influenced by the international standard for governance of IT.  Some preliminary details are discussed in COBIT 5 Exposure.

May and June saw me journey to Argentina, El Salvador and Malaysia to explain the ISO 38500 approach to governance of IT.  Fortunately, the travel was all done before ash from the Chilean volcano messed things up.  In Tale of Five Nations, we compare governance capability in the five nations I have visited so far in 2011.

Click here to read The Infonomics Letter

May 2011 Edition: Seeing the Future in English

Edición Mayo 2011: Ver el Futuro en español.

 

Welcome to the Infonomics Letter for May 2011.

This journal straddles a remarkable dichotomy.  On the one hand, we spend a great deal of time looking over our shoulder at the lessons to learn from the things that go wrong with information technology. On the other hand, we look forward with unbridled excitement to our intensively IT-enabled future.  

The split personality exists for one purpose – only by learning lessons from past mistakes do we develop the capability to move forward into our future.

Last month I introduced The Infonomics Dream: At Infonomics, we dream of a worldwide boost in well-being and wealth, driven by a sustained improvement in innovative and highly successful use of information technology, underpinned by business leadership and effective governance.

During my recent briefings in the Middle East, and over the coming weeks as I travel through Latin America, I emphasise that dreams do not come without hard work, persistence and determination.  In these sessions, we use the US Space Program to illustrate the point – that great achievement comes through incremental development, that there are transition points where generations of technology give way to new developments, and where failure is subject to the most intensive and rigorous analysis in a determined effort is made to avoid repeating the same mistakes.

But aside from the hard work, the thing that drove the US Space Program, and I believe still drives it, is a dream.  A vision of a future different and better, but still indelibly linked to what we have today.

I am indeed fortunate to know a man who has a dream.  I met Chris Ogden in London in 1987.  We worked helping deploy technology innovation through the British banking system.  Since then, Chris has suffered the misfortune of developing a rare degenerative nerve disease.  But far from retiring and allowing this disease to limit his capacity, Chris has developed a new vision.  I am proud to share with you, my friends in more than 55 nations around our world, the vision developed by Chris Ogden and his colleagues, for innovative use of information technology in advancing the fight against not only his specific condition, but the myriad of conditions that are collectively known as “Rare Diseases”.

I hope that the vision Chris paints can serve as inspiration to us all, to seek and exploit opportunities to use information technology in innovative ways, to enable change, and to generate beneficial outcomes.

How can we help him realise his dream?

April 2011 Edition: Daring to Dream in English

Edición Abril de 2011:  Atreverse a Soñar en español

Welcome to the bumper April 2011 Infonomics Letter.

At Infonomics, we dream of a worldwide boost in well-being and wealth, driven by a sustained improvement in innovative and highly successful use of information technology, underpinned by business leadership and effective governance.

This dream is central to the Infonomics mission of improving the effectiveness, efficiency and acceptability of IT use by organisations worldwide, through improving their governance of IT. 

During April, it was my privilege to share this dream in the United Arab Emirates and Oman, as a guest of EXCEED IT Services and Training.  We spoke about ISO 38500 and improving governance of IT to substantial audiences in three cities, and conducted two ISO 38500 Foundation Classes through which we can share some insight into the calibre of the region’s governance of IT.  See Middle East Developments.

It can be very hard to make serious time to read serious books.  The trip to the Middle East gave me an opportunity to get started on Geekonomics and gain new insight into some of the reasons we have so much trouble with Information Technology.

Last month’s discussion on governing information security generated significant feedback and some additional activity that will develop during coming months.  Meanwhile, security incidents keep emerging.  See More on Information Security.

As if security breaches are not enough, April also saw some of the risk in Cloud Computing being made crystal-clear.  Cloud computing may be exciting development, but the cloud is not without risk, as discussed in Rocks Hiding in Clouds.

Although it is titled “Governance of Information Technology”, ISO 38500 makes it plain that its focus is on the use of IT, and that the success of organisations using IT is dependent on the way they go about integrating it into their strategy, their execution of strategy and their operational management.  For several years, Infonomics has been at the forefront of argument that IT cannot be treated as an independent issue, and that its governance must be an integral part of governing the ongoing development and operations of the organisation, with business leaders taking responsibility and being accountable for the effective use of IT in developing business strategy, building business capability, and running the ongoing business.  In Gartner’s Eureka Moment we discuss how the well-known IT research and advisory company has also discovered this message.

Finally, are you one of the many who have helped Gabrielle Ford in her research on people who use ERP systems.  The details are in ERP Fail: When Best Practices Meet Real Life.   If you haven't already done so, and you are a user of any of the many ERP systems that have been introduced in the past few years, please set aside 20 minutes to complete her survey.  Please pass on this request to others as well.  Gabrielle needs as many responses as possible by May 4th!

March 2011 Edition: Staying Safe

Welcome to the Infonomics Letter for March 2011.

Some time in 1978, I attended a conference where several companies were demonstrating software on one of the workhorse computers of the time – a DEC PDP-11.  Out of curiosity, I went to one system console and logged on.  I didn’t need to ask anybody the password – most PDP-11’s running that operating system used the password originally set at the factory and nobody at the factory saw any need for different passwords.  When the first PC was released, it didn’t even have the means to identify different users – let alone keep them separate with different passwords.

In 1987, newly arrived in London, I picked up my ATM card and proceeded to an ATM to reset the PIN.  I was horrified that, having entered my old and new PINs, the ATM then checked that I had entered my new PIN correctly – by displaying it back in big digits on the screen.  Thankfully nobody was watching.  Of course banks have learned a lot since then, and they would never show a customer PIN today.  But while banks have learned a few things about information security, one wonders about the greater community.  In a previous edition of this Letter I’ve commented on website operators that, having demanded we set up an individual account with a secure password, then kindly send us a clear text email putting all that identity information out where it can be seen by any errant teenager with the most primitive hacking tools.  One mailing list I use very nicely reminds me every month of my user id and password.  You can bet that I keep that one quarantined with a fake name!

Recently I wrote about the appalling lack of access control in mobile phone shops run by Vodafone Hutchison Australia (January edition, More red faces).  Now I find that another phone company demands a strong password for access to customer accounts online, and then requires the customer to quote part of that password when accessing the call centre – with the whole password visible to the call centre operator.  Don’t they understand information security?

Public disquiet about information security breaches and weak safeguards used by many organisations is now driving strong regulatory and legislative action.  The probable high cost of information security in the future may be in part a consequence of organisations failing to take early and decisive steps to direct and control their information security.  But while legislation may oblige organisations to pay attention to information security, it can’t define how to do the job.  So, this month’s key topic explores how those who govern organisations can direct and control their information security arrangements.  Enjoy!

February 2011 Edition: The Value of Infrastructure

Welcome to the Infonomics Letter for February 2011.

It’s just four weeks since I penned the last Infonomics Letter.  How remarkable have been the events of these past four weeks?  Through the power of communications infrastructure we know as the Internet and applications built on top of that infrastructure such as facebook, twitter and you tube, we have seen in real time and at close quarters the remarkably peaceful move to regime change in Egypt, the rather more traumatic but nonetheless profound wave of change sweeping Libya, and the heartbreaking devastation in Christchurch, New Zealand.

Just over ten years ago, I used dial up internet access to download and watch a few seconds of grainy video showing an airliner ploughing into the World Trade Centre.  Twenty two years ago, when the Berlin Wall fell, our access to information was limited to the newspapers and television.  In half a working lifetime, or just a single generation, the way in which we access news has changed immeasurably.

The enabler to this change has unquestionably been the advent of high speed digital communications.  But the communications infrastructure alone is insufficient for us to access the information we seek, or sometimes don’t even know exists.  In order to access the information we need the complementary technologies for capturing, packaging and presenting it, and the applications that manage its storage, accessibility and delivery, along with myriad other functionality.

Thus one can argue that infrastructure itself has no direct value.  Its value can only be accessed and realised when there are appropriate complementary technologies and applications through which the latent value is made real.

These are the thoughts that underpin my submission today, albeit at the last minute, to an inquiry by the Australian Parliament’s Standing Committee on Infrastructure and Communications into the role and potential of the National Broadband Network.  Essentially, I argue that the NBN itself will deliver no tangible value – but that its massive latent value can only be unlocked by appropriate development and deployment of complementary technologies and applications.  Driving value from Australia’s NBN therefore demands effective governance arrangements to encourage and focus investment in these resources. I’d like to share that submission with you as this month’s Infonomics Letter.

Click here to read The Infonomics Letter

January 2011 Edition:  Looking ahead and growing

Welcome to the first Infonomics Letter for 2011. After a seven week break and a series of amazing weather events across Australia and in other parts of the world, we are ready once again to explore and promote good practice in governance of IT.

Working as an evangelist for new thinking about anything can be an interesting task.  Being an evangelist for a new way of looking at governance of IT involves challenging many established beliefs and methods of operation.  But while the road is long, arduous and, in the short term at least, hardly viable from a financial perspective, it is gradually unfolding with evidence of change.  Not so long ago, the mere suggestion that directors of organizations should ask questions about IT would once have spurred horrified denial that directors could ever understand the topic.  Yet now, at least one major bank in Australia has a board committee to oversee its extensive agenda of IT change. 

Recent events, several of which have been discussed in The Infonomics Letter through 2010 are leaving no doubt that business dependence on IT is now, in many cases, absolute.  Now, when significant problems occur with IT, it is almost axiomatic that the top line of the organization’s leadership gets involved, and this presents a context in which we can see that business leaders need to know things about IT that may not in the past have seemed relevant.  Peter Grant, a well-known Australian IT industry researcher and commentator brought this into focus in a recent post to a LinkedIn discussion forum, and the Infonomics response to his challenge is presented in What Should Management Know?

Of course, the shift to a new year does not stem the tide of case examples where a small dose of effective governance might have avoided embarrassment and perhaps other consequences.  This month in More Red Faces we explore the stunning revelations of weak information security at Vodafone Hutchison Australia, and postulate a governance approach based on ISO 38500 that might have saved the company from being lashed to the whipping post during the usually slow news period in mid-January.

The new government in Victoria is beginning to flex its muscle, looking deeply into the unfulfilled promises of the previous government’s major IT initiatives and asking “is it worth it”?  We foreshadow further scrutiny in New Opportunity to Improve.

Finally, there’s news of how Infonomics commentary now appears on Delimiter, major advances for Waltzing with the Elephant, and the near term education program.

November/December 2010 Edition: Staying Alive, Getting Smart

Welcome to the final Infonomics Letter for 2010. Yes, this is the catch-up, where publication reverts to the early part of the month, beginning in January 2011.

An April 11, 2008 announcement by British Airways chief, Willie Walsh perhaps highlighted an uncomfortable new role for Chief Executive Officers – that of apologising for business service failures that have been substantially due to problems with IT.

Perhaps it’s time to set up a “hall of fame” for CEOs who have had to endure this painful experience.  As regular readers of The Infonomics Letter are well aware, Virgin Blue chief John Borghetti would be one of the more recent members.

But already the 24 hours of disruption to Virgin Blue’s customers has been transcended, at least in volume of press and public commentary, by a breakdown in the overnight transaction processing at National Australia Bank – one of Australia’s four majors.  On November 29, NAB’s CEO, Cameron Clyne secured his lifetime pass into the gallery by way of full page apologies published in daily newspapers. 

As I said last month, there is rarely any shortage of case examples to provide the grist for this journal and the temptation to explore the possible lessons from NAB’s experience is too great – so we lead with a discussion in “Red-faced Bank”.

NAB’s experience highlights the importance of proper response to failure.  To illustrate how this might work, “Learning Lessons – the Qantas File” takes a brief look at a recent aviation incident – the engine explosion in a Qantas A380 – and proposes parallel questions to be asked about IT failures.

Long-time friends of The Infonomics Letter will recall my enthusiastic response to the landmark report into the Australian Government’s use of IT, delivered by British expert Sir Peter Gershon.  Those who saw my comments in August 2010 however will know that I have not been impressed with the implementation of Gershon’s recommendations.  Now another independent expert, Dr Ian Reinecke has delivered his formal report on how the Gershon recommendations have been addressed.  “Reinecke echoes Gershon” explains why the new report hasn’t made me feel any better, other than by confirming that there is still significant opportunity in front of us.

We’ve completed a summary of the October 22^nd  Monash/Deakin “Seminar on Governance” of IT.

My home state of Victoria has a new government, and a “New Opportunity to Improve” its own governance of IT.  It needs to do so promptly!

October 2010 Edition:

Welcome to The Infonomics Letter for October 2010.

These days, there is no shortage of raw material on which to base discussion of how organisations might better govern their use of IT.  One merely needs to lightly monitor the press for ongoing stimulation around the topic of failure.

When discussing governance of IT, I tend to frame the drivers for better governance around the failures that occur – pointing out as should be obvious, that better direction and control should have averted the various cases.  Sometimes, I am challenged on those points, with a request for positive case studies.

Well, I’d love to be able to present them.  But there’s a real challenge in that regard: how does one find positive case studies where the subject organisations are prepared to share their secrets?  The chairman of one bank told me some time ago that their highly effective system for governance of IT gives them a significant competitive advantage, and that they simply would not give away their hard-won advantage by talking openly about how they do it.  I know how they operate, and it’s very good – but I can’t tell anybody about their model either!

So while I would love to have opportunities to understand and explain case examples of very effective governance of IT, the reality is that we will probably have to continue learning from failure for some time to come.  Perhaps when good governance becomes more pervasive, with far more projects delivering intended outcomes and far fewer organisations suffering loss as a result of avoidable operational breakdowns, then we will be able to shift emphasis and explain empirically measured good practice in governance of IT.

Thus we look further at the experience of Virgin Blue, which was front of mind for the September edition.  In “Oops – Sorry! a Virgin Update”, we discuss recent information about the consequences of the failure, including significant impact on profit and share price.  We draw a parallel between the aviation industry’s remarkable ability to dispassionately analyse and learn from failure, and wonder whether we might ever see an “Institute for Transparent Analysis of Information Technology Failures”.

Then in “Service Failure” we build a more general discussion of how ISO 38500 might be used to guide better approaches to outsourcing decisions.

Finally, we take a brief look at “Culling obsolete IT”.

September 2010 Edition:

Welcome to The Infonomics Letter for September 2010.  Yes, it’s a couple of days late again – clearly I need to skip a month and aim to publish early in the month.  I think that will happen as we traverse the Christmas-New Year holiday break.

It’s again been a huge month with substantial travel – first to Sydney to deliver the second of the Australian Industry Group’s introductory seminars on governance of IT.  A week later I was winging to Johannesburg for a standards meeting.  Then with a scant two days for recovery, it was northward bound to Brisbane, for the World Computer Congress, a masterclass and several client meetings. 

The WCC provided a great opportunity to engage with some leading minds in the debate about future use of information technology, and specifically to focus on the vitally important role of business and government leaders in this space.  In “Who is responsible” this month, I explore the statements that I made to Senator Kate Lundy regarding the need for a massive education program to build the necessary understanding and business leadership for effective use of IT across the entire economy.  My assertion that leading IT industry and business organisations don’t get that need was somewhat of a surprise to the chair of the Australian Information Industry Association and is likely to lead to further, and I hope very positive, debate. 

Did you notice the small change to the subtitle of this journal?  It will filter into the Infonomics patina over coming months.  It reflects two key elements of how my thinking is evolving – first that governance of IT cannot be rationally segmented into types – and second that a fundamental part of governance is leadership.  What do you think?  Let’s debate!

Governance of course also includes oversight, and involves asking of questions to test management and confirm that, among other things, the organisation is operating on a stable footing.  In “Oops, Sorry!” we explore the very recent trouble at Virgin Blue, when the airline was effectively grounded for 21 hours because the outsourced reservations system failed.  We use a very rough thumbnail calculator to estimate the financial impact of the event, and then we pose a series of eight questions that business leaders should ask about how well their organisations are prepared for similar events.  How would your organisation rate on them? 

Waltzing with the Elephant has chalked up another milestone – see “New Elephants” for the detail.

I’ll be back in your email box in a month.

August 2010 Edition:

This edition marks ten years of my focus on governance of IT - see “Milestones in My Life’s Quest”.

“Why can’t you solve my problem” – looks at how organisations are killing customer service and innovation by locking their entire business model into the rigidity of computer software.

Audit is an essential tool for ensuring that the work is done properly and that rules are being followed.  Dan Swansons new book, “Raising the Bar” is recommended reading for all who want to be sure that their organisations are running well.

“Guidance for Directors” introduces a number of highly regarded friends of Infonomics, who do provide relevant quality insight.  It also briefly summarises the literature available from Infonomics.

September’s “Education Schedule” is substantial, with opportunities in Melbourne, Sydney and Brisbane. Infonomics and University of Southern Queensland are collaborating to run an ISO 38500 Corporate Governance of IT Masterclass on September 24^th, in conjunction with the World Computing Congress at the Brisbane Convention and Exhibition Centre

July 2010 Edition:

Uses the current debate on Australia's proposed National Broadband network to explain how ISO 38500 can guide government in setting and implementing strategy for use of IT as an enabler of the nation’s future.

The Royal New Zealand Foundation of the Blind has converted “Waltzing with the Elephant” to Braille for use by its visually impaired leaders as it develops its future strategy. 

Infonomics is working with Attaché Software to develop important guidance to help small and medium enterprise leaders gain real business value from effective use of IT.

A new review of Waltzing with the Elephant.

June 2010 Edition:

Looks at Queensland Department of Health payroll system.

May 2010 Edition:

Developing the Board extends the discussion on the international survey into governance and management of IT and how to resolve the problem of building board skills on governing IT .

AS/NZS 8016 – Oversight of Projects introduces a new standard to complement ISO 38500.

Fat Fingers or Fatal Flaws we explore how some organisations seem to build computer systems expecting that their human operators are infallible.

April 2010 Edition:

Reports findings of the Infonomics international survey on governance and management of information technology, looking at how well organizations govern their use of information technology and hat resources are needed to improve the effectiveness of that governance? 

March 2010 Edition:

Explore how to apply the principles for governance of IT in a domestic situation.

Keep my secrets secret, please reviews bad habits of web systems when we register as users.

February 2010 Edition:

ISO 38500 regards IT as a resource - a tool of business, and the standard provides guidance on how the tool should be used. Most other guidance on controlling IT is focused on development and maintenance of the tool – the supply side. 

ISO 38500 can be overlaid on established frameworks to provide additional insight and control to the supply activities.  But using ISO 38500 to guide the demand side drives the major benefit. 

January 2010 Edition:

Many organisations should “Test the Future” regularly.

“How does it work again” looks at the need to retain essential corporate knowledge.

A landmark court case in Britain sets new precedents in relation to failed IT projects..

December 2009 Edition:

Discusses the recently released report by the Australian Government's "Government 2.0 Taskforce".  Explores the opportunities and issues arising, and in particular at the prospect for IT to be used to truly transform and improve the operation of the machinery of government.  We introduce the notion of “Value Chain Integration” as a way of describing the process of using IT to join together and make more efficient and effective the previously separate elements of government or any other organisation.

November 2009 Edition:

Guest writer Jan Begg reports on her research into success of projects.  Unfortunately, the best that can be said of the results is that there is enormous scope for improvement!

We note the move by Westpac Bank to establish a board committee on governance of IT and we applaud the work of Carlo Francavilla who kindly translates The Infonomics Letter into Spanish.

October 2009 Edition:

Announces a new forum for the LinkedIn members to discuss “Waltzing with the Elephant”.

Builds on discussion in  the LinkedIn "The Enterprise Architecture Network" as the driver for a decision to present another extract from Waltzing with the Elephant, explaining what Enterprise Architecture is a vital discipline when changing organisations and their underpinning IT.

September 2009 Edition:

Discusses initial and very positive reaction to Waltzing with the Elephant.

Explores the recommendations in the 2008 Gershon Review of the Australian Government's use of IT, and subsequent comments by Sir Peter Gershon when he discussed the dream of world class governance of IT in the public sector.

August 2009 Edition:

Reviews the launch for Waltzing with the Elephant on August 17 and training events in Kuala Lumpur, Sydney, Brisbane, Townsville and Adelaide.

Initial notes on an emerging trend to chief executives taking interest in IT and marshalling the executive team in setting the IT agenda.

July 2009 Edition:

Announces the launch date for Waltzing with the Elephant at a gala event in Sydney on 17 August and the subsequent business and government launch in Melbourne just four weeks later.

Presents an extract from chapter ten, discussing project steering committees in the context of the Performance Principle in ISO/IEC 38500.

June 2009 Edition:

Follow-up discussion on governance and management of IT.

A paper by Chris Ogden: “IT Governance – Redesigning the Board’s Role”, proposes that the internet has been the watershed that drives the need for a much greater degree of board oversight and supervision of IT use.

Reprise on ISO/IEC 38500 masterclass delivered in Germany in partnership with Serview.

May 2009 Edition:

Explores the distinction between “IT Governance” and “IT Management”. 

April 2009 Edition:

Australia's National Broadband Network - how we can recognise and measure success, and who is responsible for that success.

Web 2.0 presents some governance issues.

March 2009 Edition:

The track record of government with IT initiatives.

Why the first generation of “IT Governance” has failed.

The relationship between ISO/IEC 38500 and CobiT.

February 2009 Edition:

Human behaviours in governance of IT compared with behaviours in other situations.

December 2008 / January 2009 Edition:

"Making the right decisions..." about IT activities.
"Is Value Required?" extracting value that should come from IT expenditure.

Special Edition 20 November 2008:

International Working Group on the Corporate Governance of IT.

Downloads: ISO/IEC 38500 Case Study and Discussion of The Gershon Review

November 2008 Edition:

Making the right decisions.

Driving Business Value from IT.

October 2008 edition:

Governance of IT in difficult times;

The Gershon Report

Why ISO38500 is exciting for business;