Should IT chiefs change how they manage change?

Business risk management is being delegated to ill-qualified IT staff, according to governance specialist Mercury

IT chiefs are being advised to reassess how they manage technology change and to consider appointing more business managers within the IT department, after a new report yesterday found many firms lack visibility over how IT failures can impact the rest of the business.

The global survey of 1,000 IT executives from the Economist Intelligence Unit found that 40 percent of European respondents believe that IT-related business risk is not managed in a co-ordinated fashion by their organisation. Meanwhile, over half believe that no more than 50 percent of the IT initiatives they have undertaken in the past two years had positive business outcomes.

James Stephenson, UK managing director of IT governance specialist Mercury, which commissioned the survey, said that the high profile disruption caused by IT failures at organisations such as the Child Support Agency meant awareness of the risks posed by IT failures is increasing. But he argued that many senior executives are still failing to take the problem seriously enough.

"Business risks are being assessed by technical people and the responsibility is being delegated down to quite low levels in the organisation, which is surprising given the impacts [IT failures] can have," he said. "Because IT now supports virtually every business process the management of business risk is being passed to the IT community, but business executives need to take back that responsibility."

Firms should also consider rebranding and changing the skill mix within their IT department to help better assess where IT performance will impact business processes, according to Peter O'Neill of analyst firm Forrester. "A lot of companies are moving to this type of business service management, where they map how the IT environment provides business services, and to do that they need more business people in the IT department," he said. "In fact, they shouldn't call them IT anymore, call them business technology."

Stephenson said steps to automate how firms manage changes to their IT environment can also help mitigate the risk of IT failures, claiming that 80 percent of business critical service disruptions are currently caused by poor change-control processes.

He pointed to the launch earlier this month of Mercury's new Change Control Management suite as an example of technology capable of giving IT staff a better view of how IT changes will affect business services. "By managing all change requests in a single system you can detect where changes will collide and automatically schedule changes and notify all affected stakeholders [to minimise disruption]," he added.

This ability to automatically manage the impact of IT changes is becoming increasingly important as more firms adopt service oriented architectures (SOA) where application components are reused within multiple business services, according to Neil MacGowan, technical director at Mercury. "If you have a reusable component, such as a transaction engine, one small change could have massive effects across the business as that component is used by multiple apps, " he explained. "The ability to understand the affect of that change becomes even more important."