Management Questions

• Who is responsible for developing and maintaining our cross-functional approach to cybersecurity? To what extent are business leaders (as opposed to IT or risk executives) owning this issue?
• Which information assets are most critical, and what is the “value at stake” in the event of a breach? What promises—implicit or explicit—have we made to our customers and partners to protect their information?
• What roles do cybersecurity and trust play in our customer value proposition—and how do we take steps to keep data secure and support the end-to-end customer experience?
• How are we using technology, business processes, and other efforts to protect our critical information assets? How does our approach compare with that of our peers and best practices?
• Is our approach continuing to evolve, and are we changing our business processes accordingly?
• Are we managing our vendor and partner relationships to ensure the mutual protection of information?
• As an industry, are we working effectively together and with appropriate government entities to reduce cybersecurity threats?

Source: Meeting the cybersecurity challenge by James Kaplan, Shantnu Sharma, and Allen Weinberg | The McKinsey Quarterly, June 2011

281No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2011%2F08%2F09%2Fcyber-security-questions%2FCyber+Security+Questions2011-08-09+16%3A23%3A49Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F%3Fp%3D281 Posted by Administrator / IT Questions

252No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2010%2F02%2F26%2Finformation-data-inventory-questions%2FInformation+%28Data%29+Inventory+Questions2010-02-26+16%3A35%3A30Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F%3Fp%3D252 Posted by Administrator / IT Questions and Risk Management Questions

Some self-evaluation is required of executive teams that want to align their IT managers and avoid conflict with the COO. It’s OK if the CIO’s role remains technical rather than strategic, but executives must set goals and measure success accordingly. Here are some pertinent questions:

1. Does your company view IT activities as key contributors to revenue growth and profitability?
2. If “yes,” does this represent a new requirement that was presented after key IT hires were made?
3. If “yes,” does the current IT staff have the business acumen to deliver revenue growth and profitability?

If the answer to the first question is “no,” the CIO should be an expert technologist with enough leadership skills to make sure the back- and mid-office IT support functions are highly reliable.

If the answers are “yes” to the first question and “no” to the second, it could be that, to use author Jim Collins’ expression, “the right people are not on the bus”–that is, the current IT people and structure aren’t up to the task of realizing the strategic goal.

If the answer to all three questions is “yes,” the potential for CIO-COO overlap is high. Top management will need to work diligently to keep these two key executives in alignment and to make sure that they, as well as others in the organization, understand their role boundaries.

Source:
Changes At C-Level (sidebar titled, “Which type of CIO is right for you?”)
by Nathan Bennett
Optimize, August 2006

115No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F07%2F22%2Fwhich-type-of-cio-is-right-for-you%2FWhich+type+of+CIO+is+right+for+you%3F2007-07-22+18%3A15%3A00Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F7%2F22%2Fwhich-type-of-cio-is-right-for-you%2F Posted by Administrator / IT Questions

• How often do IT projects fail to deliver what was expected?
• Are end users surveyed about the quality of the IT service and, if so, what were their responses?
• Is IT regarded as an enabler or as an inhibitor of change?
• Are sufficient IT resources, infrastructure and competencies available to meet strategic objectives?
• What has been the average overrun of IT operational budgets? How often and by how much do IT projects go over budget? How does this impact the achieved vs. expected ROI?
• Do IT-related investments meet the ROI criteria of the enterprise?
• How much of the IT effort goes towards systems maintenance and fire fighting, and how much to enabling business improvements? Is the ratio acceptable and representative for your industry?

Source:
Performance Improvement – A Classic Checklist
by Rick Sidorowicz
The CEO Refresher

112No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F07%2F19%2Funcovering-it-issues%2FUncovering+IT+Issues2007-07-19+18%3A15%3A00Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F7%2F19%2Funcovering-it-issues%2F Posted by Administrator / IT Questions

• How does this proposed project help the organization achieve its objectives? Why should we invest in this? An IT project should either add value or reduce risk.
• Is the project’s objective measurable? If it isn’t, how will you know that the project is done and/or successful?
• Who was involved with creating the proposed solution? Did the project team involve the right people to truly create a solution?
• Is this project dependent on any other projects? What risks are associated with this dependency and how will the team manage them? Sometimes a hidden dependency can doom a project before it has even started.
• Did finance review the money side? Do they approve of the project?
• What are the risks associated with this project? Any project carries with it some degree of risk. Did the project team formally consider all of the risks and come up with mitigating controls in alignment with the organization’s risk appetite?
• What if this project fails? This key question should be part of the above-mentioned risk management plan. Should this project fail, will the firm be none-the-worse-for-wear, worse off, better off, or some combination thereof?
• Who reviewed the technical aspects of the proposal for issues like standardization, capacity and database design? Did they approve? The goal is to avoid surprises, such as finding out that a project in one area requires resources that are constrained in another.
• Who reviewed the process aspects? Did they approve? For a successful outcome, any project must assess the impacts not just on technology, but also on people and processes. Can the organization support any changes?
• Who reviewed the human, or HR, aspects? Did they approve? Again, successful projects rely on people, processes and technology. Can the people support the project? Do they have the right skills? Will there be a political impediment?
• Who reviewed the project plan? At the heart of all this is sound project management. A formal plan should exist following a methodology approved by the organization.
• Who reviewed the IT security aspects? All too often, security is brought in at the end of the project. IT security should be involved from the start to identify any risks that need to be addressed.
• Did the sponsor and stakeholders formally approve the project? For the sake of accountability, require that the project sponsor and stakeholders sign off on the project. This is to ensure that the objectives, requirements, risks and expenses are clearly understood. This is done to avoid the useless blame-game that happens when problems arise. It also will send a clear message that proper planning, communication and demonstrable results are mandatory.

Source:
Learning to Ask IT the Right Questions
by George Spafford
BetterManagement.com

111No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F07%2F18%2Freviewing-proposals-from-project-teams%2FReviewing+Proposals+from+Project+Teams2007-07-18+18%3A15%3A00Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F7%2F18%2Freviewing-proposals-from-project-teams%2F Posted by Administrator / IT Questions

• Organizing model. Should the company adopt a centralized, decentralized or hybrid approach?
• Investment. What should the company invest in, and how much should it invest?
• Architecture. Should the company emphasize stability or flexibility? To what degree? Should applications be externally purchased or internally developed? Should there be a single, comprehensive ERP application, or multiple applications?
• Standards. Which components of technology should the organization standardize, and which standards should it adopt?
• Resources. What types of resources should the IT organization utilize, and what should be the sourcing of those resources?

Source:
Is There a Smarter Way to Approach IT Governance?
by Richard M. Melnicoff
Outlook Journal, February 2005

110No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F07%2F17%2Fit-governance-questions%2FIT+Governance+Questions2007-07-17+18%3A15%3A00Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F7%2F17%2Fit-governance-questions%2F Posted by Administrator / IT Questions

Questions to Ask to Uncover IT Issues

• How often do IT projects fail to deliver what they promised?
• Are end users satisfied with the quality of the IT service?
• Are sufficient IT resources, infrastructure and competencies available to meet strategic objectives?
• What has been the average overrun of IT operational budgets? How often and how much do IT projects go over budget?
• How much of the IT effort goes to firefighting rather than enabling business improvements?

Questions to Ask to Find Out How Management Addresses the IT Issues

• How well are enterprise and IT objectives aligned?
• How is the value delivered by IT being measured?
• What strategic initiatives has executive management taken to manage IT’s criticality relative to maintenance and growth of the enterprise, and are they appropriate?
• Is the enterprise clear on its position relative to technology: pioneer, early adopter, follower or laggard? Is it clear on risk: risk-avoidance or risk-taking?
• Is there an up-to-date inventory of IT risks relevant to the enterprise? What has been done to address these risks?

Questions to Ask to Self-assess IT Governance Practices

• Is the board regularly briefed on IT risks to which the enterprise is exposed?
• Is IT a regular item on the agenda of the board and is it addressed in a structured manner?
• Does the board articulate and communicate the business objectives for IT alignment?
• Does the board have a clear view on the major IT investments from a risk and return perspective? Does the board obtain regular progress reports on major IT projects?
• Is the board getting independent assurance on the achievement of IT objectives and the containment of IT risks?

Source:
Board Briefing on IT Governance, 2nd Edition
by IT Governance Institute
BetterManagement.com

109No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F07%2F16%2Fit-governance-checklist%2FIT+Governance+Checklist2007-07-16+18%3A15%3A00Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F7%2F16%2Fit-governance-checklist%2F Posted by Administrator / IT Questions

The following is a series of questions you should ask partners before you link your systems, whether through supply-chains, customer-relationship management, or as a member of an exchange. The sensitivity level of the data to be shared will dictate the appropriate depth of inquiry:

• Are the devices–servers, routers, and firewalls–your company will use to collaborate dedicated to our company, or are they also used with your other partners/customers? If shared, what have you done to ensure that those other parties can’t access our data?
• Does your company use a server farm or other third party to host its servers? What’s the name of the third party? What security and confidentiality obligations is the third party under? How long has the hosting provider been in business? Under what circumstances might your company change the third-party hosting provider?

These questions should also be posed to the hosting provider:

• Do you receive security-vulnerability advisories from organizations such as the Computer Emergency Response Team Coordination Center? If yes, which advisories do you receive and what actions are taken?
• Do you have an established computer-incident response program? If yes, may we have a copy? Does the program include notification and escalation procedures to ensure we are notified in the event of an intrusion?
• Has your IT environment undergone a penetration or vulnerability assessment performed by a recognized third party? If yes, may we have a copy? If not, would you be willing to undergo such tests?
• Will any element of your collaboration involve an outsourced service? If so, repeat the vulnerability-assessment questions.
• Has your company taken steps to create and maintain security awareness for data-processing employees and users of systems and networks?
• Has your organization conducted a formal risk analysis to identify information-security threats and quantify potential loss exposures?
• Do you have procedures in place to ensure documents containing sensitive information aren’t discarded in readable form and are shredded or burned?
• Do you have specific procedures for cleansing and/or destroying computer media to ensure confidential information is adequately protected?

Source:
Judicious Partnering
by James Kalyvas
Optimize, December 2002, Issue 14

108No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F07%2F15%2Fonline-partnering-questions%2FOnline+Partnering+Questions2007-07-15+18%3A15%3A00Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F7%2F15%2Fonline-partnering-questions%2F Posted by Administrator / IT Questions

• Is it growing faster than revenues?
• Does it increasingly support older applications that require continual work to adapt to business changes rather than applications that accommodate business changes faster and at lower cost?
• Is there a mechanism to determine how IT spending aligns with the business’s value-adding processes?
• Is there conflict over IT budgets absent an analytical business case-bound decision process?
• Is there a process in place to cancel unpromising IT projects in mid-flight?

Source:
Value Discovery: A Better Way to Prioritize IT Investments
by Gary A. Curtis
Outlook Journal, October 2003

107No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F07%2F14%2Fit-spending-questions%2FIT+Spending+Questions2007-07-14+18%3A15%3A00Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F7%2F14%2Fit-spending-questions%2F Posted by Administrator / IT Questions

• What is our purpose? Does our organization have a clear mission or charter, and is it being followed?
• Who are our customers? Segmentation analysis is vital in distinguishing, for example, customers who use IT systems outside the office most of the time from customers who don’t travel at all.
• What do different customers want and need to be more effective in their jobs? How can we best meet their needs?
• What services and products should we, and can we, provide? In what instances do we have the competency in-house to perform the task, and when must we rely on external experts?
• Are we satisfying our customers? Revenue is the ultimate measure of success for a for-profit business, but we needed a different set of performance measures to objectively track the value we delivered to customers based on the type and quality of service we provided.

Source:
In Search of Overhead Heroes
by George Tillmann
strategy+business

106No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F07%2F12%2Fit-as-a-market-driven-business%2FIT+as+a+Market-Driven+Business2007-07-12+18%3A15%3A00Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F7%2F12%2Fit-as-a-market-driven-business%2F Posted by Administrator / IT Questions