Good Things Happening at BCNET

I had the pleasure of attending and sponsoring the BCNET2014 conference in beautiful downtown Vancouver. BCNET is a not-for-profit, shared information technology (IT) services organization led by and for its members, British Columbia’s higher education and research institutions.

This was certainly not the first conference that I have attended but it was very unique. The normal conference fodder of vendor speakers selling their wares and theorist, who recently drank the best practice Kool Aid, spouting ideology from their pulpit – was replaced with practitioners in the higher education space speaking about how IT is making a difference for their organizations. Almost every presentation I attended talked about how IT is bringing value to Higher Ed. BCNET started off with the slogan “Building Value Through Collaboration”

Over 600 people came together to share what is working for them and what hasn’t worked so well. Lively discussion about how technology is impacting education both positively and negatively.

Key decision makers were present along with some great subject matter expertise - Not that these are mutually exclusive:)

I delivered a free Business Relationship Management pre-conference workshop and was also asked to help facilitate (along with the talented Sandeep Sidhu from Capilano University) a round table discussion related to IT Service Management. During the round table, senior representatives from Simon Fraser University, University of British Columbia, British Columbia Institute of Technology, Capilano University and even a representative from the University of Alberta shared the highs and lows of their ITSM journeys. Based on the questions from the audience and the number of nods and smiles I saw – I know a lot of value was delivered and many insights were taken away.


Normally I go to a conference and I see people presenting stuff that I have seen presented 15 years ago. (Hazard of my age). At BCNET, the presentations were all about how IT is helping to transform the business of Higher-Ed. People were sharing information unfettered by the restraints of competition, jealousy or envy. While most of the attendees were IT centric folk, the conference would have been of value to anyone interested in the future of technology enabled higher education. I was able to see several of the sessions presented and I tremendously enjoyed it.  I had a lively debate with several attendees over the impact the free university of is going to have and in another session, I was reminded by Monty Python that not everyone is searching for the Holy Grail.

I enjoyed watching 2 IT Directors duke it out, debating whether Higher-Ed IT has customers or not. – “We are colleagues, they are not our customers”!. Asked my opinion, I said “The terminology used does not negate IT’s obligation to provide value to the business”

There was representation from some Higher Ed institutions outside of BC but the focus was Higher Education in British Columbia. Technology was used to make some of the conference tracks available to those unable to travel.



The conference committee at BCNET has an opportunity in front of them. Expanding their mandate to include Western Canada and possibly even North West in the US, the value of this annual conference will skyrocket. I look forward to future BCNET conferences. Thank you to all of your coordinators who put this great event on.


Where is the COBIT Kool-Aid?


I have delivered numerous COBIT 5 Foundation Training Courses since it was introduced earlier this year and I recently had the opportunity to speak about COBIT 5 at the APMG Showcase 2013 conference in May of this year.

It was during that showcase that I was asked by another Governance consultant why I thought that COBIT training hasn’t “taken off” the way that ITIL has. My simple response was that ITIL has the Kool-Aid factor. Once a student has sipped the Kool-aid, they actively promote it to others.

When ITIL V3 was released in 2007, ITIL was centred around the Service Lifecycle (I will save the argument as to whether it really is a lifecycle – for another time). This lifecycle view made it relatively easy for ITIL converts (people who recently drank the ITIL Kool-aid) to make it relevant to all the stakeholders and to spread the message quickly. The message became the marketing. The ITIL training industry went into overdrive!

Don’t get me wrong, I am a big fan of ITIL. ITIL paints a picture of the prettiest Utopian IT world you could ever imagine.  It is the best toolkit out there for that purpose. Bringing in all the loose elements and painting a picture to show others a “better way”. It focuses on how IT needs to stay in alignment with the business. The problem comes when people try to use ITIL prescriptively. To be successful in IT Governance and IT Management, you need a lot of tools, not just the paintbrush.

COBIT has been a very practical toolkit for a number of years but it lacked the “Kool-aid” factor. It lacked a thread that we can all hang onto. Maybe it was unfair to expect this “pry-bar” to be as exciting as the ITIL “paintbrush”. COBIT struggled to make its value obvious and was only of interest to a small community. It achieved its modest success in the realm of the Auditor. There were some organizations using COBIT as guidance for assurance and control over critical processes but that was certainly not the norm.

With ISACA’s release of COBIT 5, we see a move to a more holistic and consolidated view of the governance and management of IT. This framework is now as relevant to a process manager as it is to a functional leader, a CIO or an Auditor. It is still difficult to pick out one central focal point (Like ITIL’s Service Lifecycle) but it certainly is better connected than ever before.  You kind of need to look at cobit from 2 perspectives to get the whole picture.

The first perspective is the Goals Cascade. The Goals Cascade gives the user guidance on how to take high level stakeholder needs and translate them into Enabler Goals (For the purpose of this conversation lets say that Enabler goals = Process Goals, In a moment I will explain the other enablers). This detailed mapping creates a transparent picture of how the work we are doing in IT lines up to your stakeholders needs. The Goals cascade is not new to COBIT5 and was in fact, part of the Cobit 4.1 Implementors course. Most of my students and customers feel that it is one of the most valuable elements of COBIT. Making it part of the foundations course was a brilliant decision by ISACA.

The second perspective is that governance and management must be considered across all 7 of the enablers.  COBIT 5 defines these enablers as:

  1. Principles, Policies and Frameworks
  2. Processes
  3. Organizational Structures
  4. Culture, Ethics & Behaviour
  5. Information
  6. Services, Infrastructure and Applications
  7. People, Skills and Competencies

This holistic perspective helps shed light on the interdependencies within IT. For example, in order for a Process to deliver benefits in the organization, you may need to adjust Policies based on the Culture in your organization and then you may need to adjust the required Skills sets of the People executing the process.

Setting and managing to the goals for all 7 of these enablers, in line with the Goals Cascade previously discussed, is the fundamental premise behind COBIT 5. We are starting to see this message propagate throughout our client community.  Our clients are actively spreading the word. We have seen a massive rise in COBIT 5 training and a broadening in interest from Auditors to Leaders, Managers and IT Staff in general..  COBIT 5 has the Kool-aid factor!

Click here to obtain a free copy of our COBIT 5 and ITIL Foundation Overviews



Simply Governance – 5 principles for governance

GovI deliver a lot of courses and workshops on IT Governance and on the Governance of IT. (Yes – there is a difference). One of my favorite exercises is to put the word “GOVERNANCE” up on the white board and then I put a stack of pens on the table and ask the attendees to write the first word that comes into their minds when they think of Governance.

A simple little exercise that  opens a lot of eyes as to the different perspectives on governance. The term governance is used inconsistently within organizations. There are those that are focussed on being able to pass an audit, those who want to gain and demonstrate that they have control, and so on. I then proceed to explain my view on good governance.

I walk up to the front of the room. I tell them that this room represents our fictitious organization and I am the leader of this organization. The people in the first row are my first line management team. They report to me. If I am governing well, the leaders in the front row will make the same decisions as I would make. They would have appropriate policies, guidelines and rules that I put forward. These leaders are both accountable for, and have the authority up to, a certain level of risk and a certain level of financial expenditure. This affords me the luxury of focusing on things that are of higher risk or of a higher strategic importance.

As the leader of this organization, I have 2 primary responsibilities:

  1. “Manage” all aspects of risk and financial decision making that are not addressed by the corporate governance model
  2. Continually improve the Corporate Governance Model

The better I handle item #2, the less I am doing item #1.

I then look at the next row of people in the workshop and I tell them that they represent the second line management team. They report to the first line. If I am doing a really good job of governance, they will have the appropriate policies, guidelines and rules to support their management decisions up to a level of financial and risk control that we set for them. They will be making the same decisions that their management team would be making, which would be the same decisions I would be making. This model is replicated all the way down the organization to enable consistent decision making throughout the organization. Sounds obvious.. and a little to too easy...

Now for reality…

In order for a governance model to be effective you must consider at least these 5 principles:

  1. Flexibility
  2. Leadership
  3. Engagement
  4. Rewards
  5. Measurement and Continual Improvement

It is very easy to take this to such an extreme that any benefits from tighter governance are lost to the bureaucracy of the model. It is important that the policies, guidelines and rules that are put in place allow for a certain degree of flexibility. There are always unknowns and a good governance model will allow for them. The pendulum will naturally swing from flexible to rigid and back again. A good governance model will help us address the extreme swings.

The purpose of good governance is to drive consistent behaviours through the organization. These behaviours must be modelled by senior leadership. While there is no guarantee that the organization will emulate the desired behaviour exhibited by their leaders, it is a much better bet that undesired behaviour will be emulated.

The desired behaviour of an organization must be realistic and practical. Putting together a governance model that requires the organization to comply to rules, policies and guidelines that can not realistically be done in the context of an individuals job, is likely to be met with resistance and will cause staff to circumvent the processes. In order to ensure that the governance model is both fit for use and fit for purpose, stakeholder engagement is critical throughout its creation and continual improvement.

When it comes to governance shortcomings, focus must be on the governance model and not on people. It is seldom that negligence can be labeled as the root cause of an issues related to governance. Even when people fail to follow established policy, you can often attribute it to poor communication or awareness. It is important to continually market the desired behaviour. Recognizing and rewarding the desired behaviour at every opportunity goes a long way to establish the behaviours as part of the culture. If you are trying to establish more of a risk taking culture and you slam someone who takes a risk that they believed was acceptable – what are the odds that that individual will take risks in the future?

The problem with governance is that it exists even when we dont plan it. Nature abhors a vacuum and when we fail to govern, systems will organically grow into place. This means that varying and conflicting pockets of governance and management will start to surface in the organization. As consultants, we see it all the time. Different sets of policies or rules depending on the manager you report to.

Governance requirements change all the time and the holes in the governance model show up as stakeholder pain points and as triggers. It is important to be on top of the required changes to the model – at all times. Governance is not a project, it must be continually monitored and improved in order to be able to keep it aligned with the organizational goals and objectives.

Of course – you cant cover a topic like governance in one blog article but hopefully it gives you some thing to think about. I strongly recommend my clients look at IT Governance by Weill and Ross or consider taking a COBIT 5 course