Early in my career, I worked as a Statistical Analyst. I
learned that you virtually live and die by your numbers. I learned that if you
can present numbers to back up a discussion, you are a world ahead of those who
can’t. So, once I moved into technology and I would hear someone present a case
that a system was having problems, I would ask for the numbers or if I were the
engineer in question, I would present numbers.
On the other hand, I was sometimes surprised that the
numbers didn’t support what I was hearing from end users, which raised serious
question marks in my mind about where problems really lay. At that point, deep
analysis is necessary to reach the true root cause.
For IT:
While I am an advocate of producing metrics, it is key that
IT departments not rely so heavily on the metrics that they forget to listen to
the end users. From end users, you may get different messages:· The network is slow,
· The system is slow,
· My pc is slow,
· Everything is slow
The reality is, the numbers will tell the true story. That
is, IF there are numbers. Mature IT departments, with seasoned Service
Management teams, metrics to demonstrate:
·
System availabilityo Outages due to 3rd party providers,
o Outages due to extenuating circumstances,
o Outages due to excessive system use,
o Outages due to human error,
o Mean time to recovery,
o Mean time between outages,
· Percentage of systems nearing obsolescence,
· Percentage of systems nearing end of warranty state,
· Percentage of systems requiring patching exceptions,
For a team that hasn’t quite matured to the point of providing full-blown metrics yet, system availability, obsolescence state, warranty state and patching state are a great place to start.
If
you’re on the IT side of the house, meet with the business on a regular basis.
By doing this, you become someone they are confident is going to listen to
their issues. If you are on the business
side of the company and your IT department isn’t providing these metrics, ask why.
For ERM:
When creating or maturing an ERM (Enterprise Risk Management
Program), the same can be said for metrics. You live or die by your numbers.
KRI’s (key risk indicators) assist a company’s management and/or Board of
Directors become more risk aware. The BoD should not be the last group (behind
the press) to know about risk issues. Technology risk items need to include
those items listed above but also align and support the business risk attitude.
Unfortunately, meaningful KRI’s are impossible to manage unless there is a sufficient
amount of measurable data.
Keep in mind that KRI’s are ever-changing depending upon a
company’s strategy and goals. This may be uncomfortable for those who are of the
mind to build a system and then leave it alone – “if it ain’t broke, don’t fixit
it”. Key Risk Indicators/factors do NOT work that way.
·
Link KRI’s to a company’s strategy,o This allows for the development and awareness around key risk factors,
o Map KRI’s to strategic initiatives,
This allows management to become more proactive in preventing risk issues from occurring by observing metrics,
o B e careful that indicators actually provide a clear picture of the risk. Just having a metric doesn’t mean the metric has value.
· KRI’s create a unique experience to evaluate and communicate the company’s strategy
o After reviewing the key risk indicators, it’s possible a company may rethink strategy based upon the risk associated.
Another advantage to an ERM is that focus becomes proactive versus trying to figure out after the fact why a project or system failed. That’s key to the success of a growing company. Think of it as an early warning system that can give you the advantage you need to avoid risk.
If
you are having difficulties figuring out where to start, give CGSolutions of
Jax a call. We can help you work through the inertia and get to the guts of a
reliable and informative process.
No comments:
Post a Comment