4. The Increasing Complexity of IT Programs & Projects
According to CIO.com, "Managing an IT project is like juggling chunks of Jell-O. It's neither easy nor pretty. Information technology is especially slippery because it's always moving, changing, adapting and challenging business, as we know it. IT project management is complicated by shifting business needs and demanding stakeholders. IT projects fail because they're just plain harder. They include the usual project-management challenges, such as deadlines, budget constraints and too few people to devote to the project. But they also face unique technology challenges, from hardware, operating system, network or database woes, to security risks, interoperability issues, and the changes manufacturers make to their hardware and software configurations."
IT projects are much more complex than most people realize, and getting more complex all the time - for several important reasons. For large IT projects, involving multiple organizations, platforms, technologies and locations, and with many people involved, the complexities become mind-boggling. Some of the complexity is due to rapidly changing and advancing technologies, in underlying hardware and software, and the interplay of individual complex technologies in system configurations.
An additional level of complexity has been added in recent years with the growing importance of governance, risk and compliance (GRC). This is a challenging trend in the IT field, combining issues associated with various standards, schemes and complex controls all together. There is still a lot of confusion on what exactly GRC is and what sub-components to consider.
Speaking in London on May 21, 2008 to senior IT security professionals, Lord Erroll, spokesman for the House of Lords Science and Technology Select Committee's report on personal internet security, said:
"The issue of IT security is complex. There are rules and regulations to adhere to, but the IT professional is still unsure of their role or their requirements to ensure their company's compliancy. Cybercrime and its implications on businesses are still not fully understood, or taken seriously at a governmental level, even in the wake of such serious data loss incidents as reported by the media. The government needs to take responsibility and put into place a serious provision of support and incentive guidelines, including technical information, for all UK businesses. The future lies in governance (not control) and incentives; in new and evolving encryption and authentication technology and in groups committed to cyber warfare, such as the CPNI (Centre for the Protection of National Infrastructure)."
Compliance can be defined as the risk of legal or regulatory sanctions; material financial loss or loss to reputation a company may suffer as a result of its failure to be compliant. Simply put, compliance enables companies to assure the integrity and confidentiality of their data. Companies must identify the rules, regulations, laws and policies applicable to their company, breakdown the IT requirements and control objectives, ensure there is no duplication of IT requirement to fix one problem, and map out the business processes, use existing or new frameworks, and implement, monitor, analyze and report on compliances needed.
GRC includes increased competitive pressures, ethical and financial standards, accountability demands, increasing regulations and demands from stakeholders. Different approaches to gaining compliance include asset based risk assessments; threat modeling; technical auditing; dependency modeling and gap analysis. When added to an already complex project environment, GRC can compound the difficulties.
There are many reasons for complexity on IT projects, but it may lie in the very definition of IT now. If an IT project manager must understand the underlying technical complexities of semiconductors, hardware, networks, subsystems, systems and the interplay of those various components, then the complexity becomes more apparent.
In my opinion, this is exactly what has happened. While hardware has become smaller, more mobile and more powerful, the compatibility, software, and systems integration issues have become more complex. And all the time, technologies continue to change.