I've always been perplexed by the various process improvement frameworks floating around the business world. There's Six Sigma, Lean, balanced scorecard, COBIT, ITIL. And that's only a few of them. Check out this mind-boggling (and alphabetized!) list. It's pretty long, but I fear it's far from comprehensive.
When a new framework is introduced, my first question is always, "Do we really need another?" So it was in February when I interviewed Sheila Upton, director of Technology and Security Risk Services for Ernst & Young and a member of the Innovation Value Institute, when the IVI introduced the IT Capability Maturity Framework (IT-CMF), a five-stage maturity model used to organize and structure a framework for mapping IT improvement efforts. I followed up a few weeks later with a blog post in which I asked (rhetorically) Can ITIL Do It All? The answer, of course, was no.
During a series of interviews I did for a story on ITIL, Bob Mathers, a principal consultant for Compass Management Consulting, told me many organizations integrate ITIL (IT Infrastucture Library) with other improvement frameworks such as COBIT (Control Objectives for Information and Related Technology). "That came out of their realization that ITIL wasn't necessarily going to solve everything they thought it might solve," he told me.
Using multiple frameworks is an approach advocated by Mike Harris, owner and president of David Consulting Group and one of three authors of a new book titled "The Business Value of IT: Managing Risks, Optimizing Performance and Measuring Results," in my recent interview with him. Specifically, he believes most organizations will derive value from implementing three popular improvement methodologies: ITIL, COBIT and CMMI (Capability Maturity Model Integration). The trick, he said, is to "take the strengths of each one and to apply them in the right way."
In his book, Harris uses an analogy of three Russian nesting dolls. The outer doll is COBIT, which provides a framework for governance and control of IT providers. The middle doll is ITIL, which focuses on best practices for IT operations.The inner doll is CMMI, which focuses on best practices for systems and software development. The doll analogy is employed to illustrate the day-to-day involvement the business can expect to have with each framework, explained Harris. Business will be most involved with COBIT, somewhat less so with ITIL, and probably far less so with CMMI. Said Harris:
Both ITIL and CMMI are both IT-oriented best practices. COBIT is a business-oriented best practice. So COBIT is about the control the business should expect to have in place regarding IT. The strength and weakness of COBIT is it really only defines control points and essentially generates the climate to report and audit information at those control points. So it's perfect for monitoring information for IT governance. But it doesn't really contain any best practices. So that's why I talk about the three. And getting back to the Russian dolls, that's why I believe they should be in that order. The business should expect to control IT through a COBIT-like structure and at the same they should do those check boxes that say "Are you following ITIL practices?"and "Are you following CMMI practices?"
Harris suggests that some organizations may also want to consider Six Sigma. The pro: If the business is already using it, employing the same approach in IT could help reinforce corporate culture and strengthen IT/business relations. The con: If the IT organization isn't mature enough, "the focusing effect of Six Sigma may leave too many IT capability gaps," writes Harris in his book.
You can download the entire first chapter of the book in IT Business Edge's Knowledge Network. Harris mentioned during our interview that he'd be happy to address any questions or comments about the book in the Knowledge Network, so feel free to post them there.