The last 10 years have seen a significant change in the information technology business. And I don’t mean the technology—that change is a given. Ten years ago, only the information technology companies had thought in real depth about people’s IT skills, and how to have the right capability in the right place at the right time.
The change is that, now, most large organisations not only have this on their agenda, but also have some idea of how to go about it. Why did this happen? Was it an awareness of large and expensive IT projects that failed to deliver on their promises? Or maybe it was simply the dissemination of ideas? Certainly, there had to be a change. One large bank I visited graded its IT staff on the same basis as bankers. The all-powerful HR function would not allow any other approach! Thankfully, this has also been part of the change.
The need to build quality into the organisation’s operations has stimulated plenty of activity and investment. At first there was a flurry of activity among people who thought they were playing a game called “Skills Development”. Over time, some of them have come to realise that the prime motivation is that of putting people to work: the skills development is a means to an end. Given the criticality of IT to modern organisations, having the right skills in the right place at the right time is a “running the company” matter, and quite commonly now has visibility at board level.
So what do people do that they didn’t do before? For one thing, they don’t make it up as they go along. Their job descriptions and role profiles are no longer unique creations: they draw upon standard frameworks for definitions of the capabilities required. The language of project management has become standardised. There are many similar examples throughout our industry.
It is important to get the definitions right, but it is also essential to make sure that the contents of the package match the description. As a result, certification has assumed a key role in the management of IT. Correctly specifying what skills are needed and making sure that people really have them enable us to develop the skilled assets we need to run the business.
The changes I have seen in many organisations include the following.
· The same definitions of skill are used throughout the skills management cycle: recruit, deploy, assess, develop, reward and, of course, manage resources.
· The organisation has a common language of skills, so there is no misunderstanding of what is expected from, for example, an architect.
· There is recognition that the most important factor in your development is not your next training course, but your next project.
· As well as defining the liability (the work to be done) the mature organisation describes the asset (the skilled people who do it), typically by identifying a small number (no more than 20) of categories of IT professionals whose broad capabilities are understood.
· Performance assessments really happen, they are based on rational information, and they are followed by analysis from which development plans can be drawn. (Oh yes, the development plans really happen, too!)
· Things are done for real, not just in theory: external certifications such those provided by ISACA underwrite all the key capabilities.
In some organisations these actions have made a profound difference to the way IT is managed. The UK Government, for example, outsources all major IT development projects. The procurement of skills from many outsourcing companies is based on definitions drawn from a skills framework (SFIA – Skills Framework for the Information Age).
So the message is this: whatever you do to improve IT, let the sunlight shine in from outside, embrace external skills frameworks like SFIA, and trust certifications like those provided by ISACA.
Note: SFIA recently recognized CISA and CISM in its mapping. View this announcement for more information.
We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post.
To view all blog posts, please click on the ISACA Now link in the blue box on the left.