ITIL, COBIT, PMBOK, BABOK & TOGAF – 5 tools to improve your IT department

Like This Blog 6

Added by Mark Thomas April 19, 2012

Too many needs and too many tools to choose from. Here are the five I would use if I were your IT leader.

Back in 1997, my first civilian job when I left the military was to manage a newly formed Project Management Office (PMO) for a mid-sized Research and Development firm. It seemed they were having issues with project delivery: cost, quality, scope, schedule, and so on. Having very little knowledge about the subject, I frantically looked for anything that might help me tackle the fundamentals that I knew were lacking. I found something called the Project Management Body of Knowledge, known as the PMBOK. For me, this was ideal. I finally had a real industry model that explained a set of processes and knowledge areas I could use to guide my new PMO into a meaningful and useful outfit, complete with policies, procedures, and all of the things PMO’s needed to deliver projects. This is when I encountered a new issue…the IT department.

As the manager of the PMO, I logically considered myself a customer of the IT department. Why? Because my projects largely depended on IT systems and services to deliver projects on time and within budget. Not surprising at the time, I was often told that I was the number one critic of IT. Why couldn’t they handle my calls effectively? Were there agreements explaining what services are offered and at what cost? Why are we having downtime at this hour? The list went on.

Today, having worked in multiple IT departments and served in a number of leadership and consulting roles over the last several years, I now truly understand the challenges that this IT department faced. What I didn’t know at the time…and know now, is that the world is much bigger than just the PMBOK. There are frameworks, Bodies of Knowledge, and best practices out there for almost any business need, and I could have helped apply some serious improvements to the IT organization back then had I known what to look for.

But what are the key models that are the most applicable to an IT organization? First, understand that there are some key axioms that all IT organizations must recognize. Without these as guidelines for running IT organizations, trying to select applicable frameworks will be useless. I’ve boiled them down to the five primary areas. IT organizations must:

1. Focus on alignment with the customer and deliver quality services that exceed expectations
2. Build information, infrastructure and application architectures that support those services
3. Have the right organization, people (roles) and processes that support those services
4. Continuously monitor, measure and improve
5. Ensure governance, risk and compliance activities over all of the above

Now, the question is…how do we satisfy these axioms using frameworks? Should you use internally developed frameworks or industry-proven best practices? My advice is both. However, there are a few important tools that are publicly available that provide a key foundation to building an IT organization while having the flexibility to adopt models to fit your organization. Of course, there are dozens of models to choose from, and the list can quickly overwhelm anyone who dives into researching which is the right fit. In any case, I have condensed the massively large list down to my top 5 list based on experience. It is very important to note that the frameworks below are not standards. They are suggestive (rather than prescriptive) tools that help IT shops design and manage towards meeting the axioms above.

The IT Infrastructure Library (ITIL)
ITIL is an IT Service Management framework that aligns IT with the needs of the business. ITIL key areas of focus include Services, Lifecycle Phases, Processes, Roles, and Functions. No doubt, ITIL has made its way to being the most popular and well known Service Management solution, and has proven its utility thus far. Although early adopters of ITIL were generally large corporations, it is finally escaping the “it’s for big companies only” curse, and more small to mid-sized businesses are finding the practices useful. ITIL is a great starting point for IT Service Providers who are just beginning to drive process discipline, as well as provides structure and accountability around an already mature organization. The biggest advantage is how ITIL uses Continual Service Improvement to provide a constant feedback mechanism to help you ensure that what you are delivering is in line with customer expectations. I pick this as a good overall framework that allows you to cover all axioms mentioned above. Particularly numbers 1, 3 and 4. For more information, visit the official ITIL website.

Control Objectives for Information and Related Technology (COBIT)
Today, COBIT is internationally recognized as the “go to” solution for IT governance, with aspects in security, quality and compliance. Its focus is not necessarily on how to execute a process, rather what should be done to ensure proper control of that process. Therefore, you won’t technically implement COBIT processes from the bottom up, but use it as a tool to help you control processes from top down as a part of a larger governance initiative. This is a very constructive and useful tool. Starting out as a tool designed for IT auditors to assist in the control of IT, it has grown into a model to help companies meet compliance and statutory requirements as well. It helps you understand IT systems, and guides decisions around the level of security and control that is necessary to protect assets through the leverage of an IT governance model. More specifically, it bridges the gap among control requirements, technical issues, and business risks rather than focusing on the actual process (i.e. ITIL) and enables policy development and good IT control practices. Generally speaking, COBIT is the most broad of all IT related frameworks and bodies of knowledge today. I pick this as the starting point to most of my initiatives since it tells me what to do rather than how to do it. As with ITIL, it covers all of the axioms. Particularly numbers 1, 4 and 5. For more information visit ISACA.

The Project Management Body of Knowledge (PMBOK)
There are many project management resources in the market today, but the PMBOK is clearly the most tried and true of the project management resources out there. The guide presents a set of standard terms and guidelines for the project management discipline and includes core processes and knowledge areas. These are designed in a matrix structure that allows you to link every process to a process group and applicable knowledge areas – a huge benefit when planning, organizing, and managing resources towards achieving project goals. Of course, you don’t have to follow this by the book, but considering the challenges in our industry with respect to achieving project goals (generally attributed to scope, time and budget constraints), you should spend some time seriously contemplating the benefits of using this as a means to formalizing your project management methodology. Whether you are new to project management or have years of experience, I pick this as the guide that primarily covers axiom 1, with honorable mentions of 2, 3, 4 and 5. For more information visit Project Management Institute (PMI).

The Business Analysis Body of Knowledge (BABOK)
Now that I’ve bragged about how great the PMBOK is, there is something missing in it. Considering the number one failure of IT projects revolves around requirements, this gap is definitely filled with the BABOK. The guide is written for the Business Analyst (BA) and provides a framework that describes the key knowledge areas, which align with a related set of tasks and techniques used by BAs to perform their roles. There is not a prescribed delivery methodology as a part of the BABOK; however the primary focus is to document these techniques as they pertain to the core BA knowledge areas: Business Planning and Monitoring, Elicitation, Requirements Management and Communication, Enterprise Analysis, Solution Assessment and Validation, and Underlying Competencies. Whether you are a BA, PM, or other project delivery professional, I highly advise looking into this one. As with the PMBOK, I pick this as the guide that primarily covers axiom 1, with honorable mentions of 2, 3, 4 and 5. For more information visit the International Institute of Business Analysis (IIBA) .

The Open Group Architecture Framework (TOGAF)
Never heard of TOGAF? Neither had I until a few years ago when a client asked me what an Architecture Review Board (ARB) does. After a few quick minutes of searching, TOGAF came up time and again. This hidden gem is an enterprise architecture framework that represents a set of tools, methods, and vocabulary that satisfies a full approach in planning, designing, implementing, and governing enterprise architecture. The TOGAF topics incorporate Domains, Architecture Development Method (ADM) and Enterprise Continuum. Domains (or pillars) include Business Architecture, Applications Architecture, Data Architecture, and Technical Architecture. The ADM is an iterative cycle used to manage the execution of architecture planning activities. The Enterprise Continuum is akin to a repository of all organizational architecture assets. For more information visit The Open Group.

If this still sounds overwhelming, don’t worry, it is. Let me offer you a few final points to consider before we finish. Since I like to boil down my messages into succinct lists, the following are my nuggets pertaining to picking and deploying any of the frameworks above:

1. These frameworks are suggestive, not prescriptive. You don’t have to implement everything by the book, and should plan on adjusting them to fit your specific needs.
2. Don’t think you have to pick one and run with it. As I’ve tried to illustrate above, there is not a single framework that can cover all of your needs (i.e. axioms). You will be best served to deploy the applicable parts of many frameworks.
3. A framework is not the silver bullet that will resolve all of your issues, but it sure can help.
4. Deploy frameworks in phases. Don’t try to squeeze everything in a single release. Use your project management practices to help you implement as projects.
5. Get training on the frameworks to help you understand the full spectrum of what they can offer before diving in head first. You may find there are a lot of tips and tricks from a qualified and experienced instructor.

Enjoy,

Mark Thomas
Director of Business Services
Interface Technical Training