Thursday, September 3, 2015

IT Governance and Agile

Standards for IT governance have emerged with the increasing need for control and compliance by businesses. Two popular IT governance standards that are worth exploring in the context of Agility are the CoBIT and ITIL standards. The impact of Agile on a governance process can be significant because the Agile Manifesto gives precedence to individuals and interactions over documentation. Consider however, the Sarbanes–Oxley (SOX) style compliance requirements, which state that there should be evidence of certain requirements and the sign-offs at the end of every stage of the project for audit. The need for auditable and formal documentation needs to be acknowledged and acted upon in practice—irrespective of the use of Agility in development. For example, formally documented requirements provide the basis for secure contracts. Specifications and documentations can also provide traceability of requirements, their testing, and their acceptance by the user. Thus, there is a need to merge the use of governance frameworks together with Agile principles. Such a merger improves the understanding among the business, developers, and even auditors.

The two common governance standards of CoBIT and ITIL are briefly mentioned in the context of Agile in the following.

Control Objectives for Information and Related Technology (CoBIT)
CoBIT (latest v 5.0) creates the opportunity for corporate governance to understand IT operations and vice versa. Agility has the responsibility and the opportunity to influence corporate governance. Organizations employing CoBIT usually customize it according to their IT infrastructure, business values, and risk profile (Moeller, 2008). Agility can be combined with controls and documentation of CoBIT to improve collaboration and understanding as well as providing documentation and control of organizational level activities. Considering the CoBIT activities in the context of Agility also encourages greater alignment of IT development with business goals. Business can specify their governance and control requirements, and developers can prioritize them together with business.

In projects, specifications and prioritization relate to the development of the functionality of the system. They do not play a role in the strategic decision-making process such as whether to buy an enterprise resource planning (ERP) solution. This is where business analysis and project management competencies play a part. Therefore, CoBIT has to be used to combine IT governance together with business analysis and Agility. A synergy between the methods that support the analytical methods and governance is required in implementing CoBIT.

Information Technology Infrastructure Library (ITIL)
Since ITIL focuses on the mapping of IT strategies with business strategies, it has substantial relevance to the discussion of Agile in practice. ITIL is a set of operational guidelines that evolved from a British Government initiative. The importance of ITIL is the help it provides to IT departments in improving their quality of service (QoS). ITIL (2009) has five core publications or disciplines made up of services delivery and support; planning and implementing service management; security management; managing IT infrastructure and applications; and managing overall software assets of the organization. These disciplines have initially focused only on IT operations. This, in turn, enables IT operations to increasing their QoS through uptime, rapid problem resolution, and improved security.

Taken from : The Art of Agile Practice: A Composite Approach for Projects and Organizations

No comments: