IT Frameworks: Fundamental issues in Nigeria
Now for most people, this is a touchy subject, not IT frameworks though, people generally feel touchy about fundamental issues in Nigeria, not because they do not exist, but because there are so many that one can literally close one’s eyes and point and actually touch an issue. This however is neither social nor political. This is a professional opinion and no offense is intended or meant with this post.
Now disclaimer aside, what do I mean?
IT Frameworks are most times seen as the sky to which all organizations must reach, while in reality they are a foundation on which strong IT institutions should be built.
There are some issues with how these frameworks are perceived and received. From being a proverbial silver bullet to deep aversions to change, here is my top 5 list of reasons why there are issues implementing and maintaining IT frameworks in Nigeria.
- The need to meet federal or international requirements: Many organizations implement IT frameworks as a bid to meet requirements, not just as a business need. Confusing? Let’s put it this way; an organization will go out to try and implement the PCI DSS and ISO27001 frameworks because they want a MasterCard certification, not because they have clearly identified that there are process and procedural flaws within the organization. The result? Organizations have loads of documentations containing process, procedures, standards and guidelines written by consultants which are never opened again because one is required to just have these documents as opposed to using them (I really do not know because this still baffles me). Companies barely pass audits and I say barely because documents are most times ‘manipulated‘ to ensure that these audits are passed. Which leads me to No. 2…
- Successful Implementation is the goal: At first glance, this is a good thing right? Well based on PMP and PRINCE2 standards, this is a wonderful thing, but then there’s the one bit that most IT Frameworks preach which are wholeheartedly ignored most times, Continuous Improvement. You see many organizations in this part of the world see these frameworks as the ceiling, the highest goal they can attain when in reality, these frameworks are designed as the floor or the foundation on which implementation should stand. The end result is most times shocking as there is no clear plan or strategy for maintenance.
- Resistance to change: while a lot of people like to be told what to do, a lot do not appreciate being told how to do it, especially when they have been doing the same things for a while. It doesn’t help that the implementation of these frameworks are usually shoved down from the top as a brilliant idea, without a direct link to the overall strategy of the organization which means that stakeholders usually do not buy into the idea. It may not seem like a problem now, but then, seeing that feedback is key to improvement, you can imagine how much of a pain it will be when you have zero feedback to a process.
- If it isn’t broken, don’t fix it: without clear IT strategy linked to clear business objectives, KPI’s (performance indexes) and CSF’s (success factors) cannot be clearly identified, meaning that a whole lot of organizations by and large manage to make money or be successful without a clear identifier of how daily activities impact on profit/loss of an organization. People just work daily and the money comes, so if money is coming, why change? Most activities are adhoc and where there is a system, it is barely documented. Meaning the fate of an organization could lie on the know-how of a couple of people in different offices. You can imagine what happens when these people leave.
Fifth and not the least is this. Frameworks; from ITIL to COBIT and all IT Governance frameworks to the ISO27001, PCI-DSS and the other security frameworks are exactly what they were built for. As guides to achieving proper implementation if IT services. Now one thing all these frameworks have in common is an IT Strategy which is most times linked to the business objectives of many organizations. Right?
Just ask around the next time you are in any organization how IT supports the business objectives of the organization and see what the response is. Even better, try and ask for a fully functional asset register.
Try not to smile while at it.
Three things lie at the foundation of most if not all IT frameworks;
- The overall business objectives
- The IT strategy
- A dynamic, fully functional asset register
If something is wrong in the building, look to the foundations.