Okay, here it is- class is in session. The first domain, Planning and Organization is comprised of the following high level process, IT Strategic Plan. I would like to give a summary of IT Strategic Plan and then follow up with some questions and answers.

SUMMARY:
Here it goes- per the IT Governance Institute an IT Strategic Plan needs to clearly define the following:

• Enterprise business strategy
• How IT supports the business objectives
• Inventory of technological solutions and current infrastructure
• Monitoring the technology markets
• Timely feasibility studies and reality checks
• Existing systems assessments
• Enterprise position on risk, time to market and quality

COBIT then provides a list of control objectives that need to be included in an IT Strategic Plan to ensure that it is properly aligned and maintained. The control objectives are as follows:

PO1.1 IT as Part of the Organization’s Long and Short-range Plans -

This means that the roles and responsibilities of the organization are realigned with the execution and continuous improvement of the IT short and long term plan. That is to say that every individual’s behavior needs to change from hierarchical to strategic.

PO1.2 IT Long-Range Plan -

This means that the long range plan needs to be properly aligned with both the short range plan and be consistent with established policies and procedures. The plan should answer what will be delivered and how it will be delivered.

PO1.3 IT Long-range Planning - Approach and Structure -

This means that the method in which the IT long range plan needs to be repeatable and to foster continuous monitoring and tracking. Additionally, the approach should be in line with achieving the objectives and goals of the organization.

PO1.4 IT Long-range Plan Changes -

This means that the plan is continuously refined and improved. Regularly scheduled reviews ensure that the plan remains valid and relevant.

PO1.5 Short-range Planning for the IT Function -

This means that the function of the short term plan is to execute the long range plan in digestible portions and to provide feedback to improve the long term plan.

PO1.6 Communication of IT Plans

This means that the organization as a whole is operating from the same play book. Communication establishes the channels to educate and gather feedback. It ensures that everyone is on the same page and is operating from the same set of nomenclature.

PO1.7 Monitoring and Evaluating of IT Plans

This means that both the short and long term plans are always open to change in order to meet organizational objectives and goals. Monitoring and evaluating establish the process to implement improvement into the plans.

PO1.8 Assessment of Existing Systems

This means that a gap analysis is regularly performed to measure current state to plan. This allows obstacles to be identified and resolved.

QUESTIONS:
I know what you are going to say. Why does anyone need to do an IT strategy? I mean, where is the value of doing this? Where is the practical benefit of such a plan?

While admittedly painful to acknowledge, I agree that far too often organizations bring a team of consultants and employees together to build a glossy document entitled IT Strategic Plan that results in no dollar and sense benefit. No matter which side you have been on, practitioner or employee, you can concede that there is validity to the thought that creating an IT Strategic Plan provides little value and can be construed as a sales vehicle for consultants to propose the coveted high dollar implementation project. I think we have all heard the ‘buy this Magic Box and all your problems will be solved’ pitch before. To me, it is no wonder the industry is left with tainted cynicism for the term IT Strategic Plan.

Well then I am confused. Why does COBIT state that organizations need an IT Strategy? What sense does this make to implement if it offers no value?

Well, as my grandma Toots used to say ‘You can not judge a book by its cover.’ That is to say, just because you have a shiny document entitled IT Strategic Plan does not mean that you have implemented an IT Strategic Plan, or more importantly, that you have ‘working management’ on board - carrying out the tactical action that aligns with the strategy.

What does working management have to do with this? Don’t we simply need an executive sponsor?

Hold the phone, let me explain what I mean - Today with all the focus on getting executive management on board, this problem is a non-issue in most organizations. In fact in most cultures the strategic vision is already there to some extent. More often than not there is a disconnect between executive (strategic) and working (tactical) management within an organization. The problem lies in building the tactical roadmap and executing on that plan which falls under working management. Without the tactical alignment and execution, an IT Strategic Plan is only a document.

Come on, an IT Strategy is an IT Strategy. You say Potato I say Patato.

One only has to search the Internet to figure out that not all IT Strategic Plans are created equally. The outline for most IT Strategic Plans is all over the place. This is important because the strategy needs to be properly structured so it can provide direction not just for the IT group but for the entire enterprise. The purpose of this plan is to ensure that IT and Business are on the same page from both a short and long term perspective.

Any More Questions?

*Source - Control Practices, by IT Governance Institute

—–