Another day, another survey claiming that every IT project any company ever
bothers to embark on is an abject failure. In fact, on this particular day it
Both came from reputable sources, depending on your point of view, of course.
So, when KPMG claimed that “IT projects fail to deliver promised benefits” and
Deloitte reported that 70% of CIOs claim their organisations “failed to deliver
at least one in four of their IT projects on time and to budget”, finance
directors would be forgiven for throwing in the towel and ripping up any cheques
they were about to sign.
And who can blame them? Sitting through a recent presentation at the Finance
Directors’ Forum, the 70% figure raised its ugly head again. Only this time it
was even worse. The research claimed that 70% of all IT projects fail. Yet that
wasn’t the worst bit. The worst bit was that Standish, the organisation that
conducted the research, had a rather loose interpretation of what constitutes a
Standish defined an IT failure as any project that went over budget and ran
over time by at least 100% of what was originally quoted. In other words, any IT
project that is completed in less than twice the original expected time, or for
less than twice the predicted cost, should be counted as a success. It’s a
frightening statistic, however you look at it.
What is not clear is why this should be the case. One would have thought
that, by now, CIOs would have learned from previous mistakes and improved the
estimates of project costs and timeframes. The cynics out there could well be
justified in believing that some IT departments deliberately under-estimate the
eventual costs of a project in order to improve their chances of getting the
So it was with some relief that I received a call about something that could
make a difference to the success rate of IT projects, and which could help
businesses iron out their problems with IT implementations during the planning
The call was about the alarmingly-named Control Objectives for Information
and related Technology standard. Or Cobit for short. Now, before you stick
needles in your eyes, humour me for a moment. The EU has selected Cobit as an
auditing standard. Fidelty Investments, the fund manager, which has around
$1trillion worth of assets under its control, also uses the standard. As does
Unysis, the Uruguay Central Bank and the Municipality of Dubai.
The call I received was to bring my attention to the latest incarnation of
the standard, version 4.0. Drawn up and published by the IT Governance
Institute, Cobit 4.0 is designed to enable “clear policy development and good
practice for IT control throughout organisations”.
The latest version of Cobit should be made required reading for any
organisation thinking about a substantial technology project outlay. In fact, it
should be read in detail by your IT department, whether or not a major project
is on the horizon.
The core content of the latest version of Cobit is divided into 34 IT
processes, with each process being split into four sections. With each of these
four sections being handed a full page in the 207-page publication. Soundbites
they are not!
Consider for a moment what the IT Governance Institute lists as its five main
focus areas: strategic alignment; value delivery; resource management; risk
management and performance measurement. Together, they help the ITGI determine
how companies can ensure that “IT delivers the promised benefits against
strategy”. They also allow the institute to “track and monitor strategy
implementation, project completion, resource usage, process performance and
In short, Cobit provides a framework to allow companies to address the very
issues that numerous studies and research projects take great pleasure in
pointing out. While IT projects do go over budget and are not always completed
on time, directors should perhaps be more realistic with their expectations.
Perhaps IT directors should avoid promising something they are not absolutely
certain can be delivered.
It has long been said that communication between the finance and IT functions
is lacking and must be improved if the true business value of IT is to be
realised. The problem has always been finding that common ground for them to get
started on. Cobit 4.0, may not be completely relevant to every organisation, but
it provides a useful starting point.
“For many enterprises, information and the technology that supports it
represent their most valuable, but often least understood, assets,” says the
executive summary to the new Cobit standard. “Successful enterprises recognise
the benefits of information technology and use it to drive their stakeholders’
If the 205 pages that follow that statement go even a small way to achieving
that goal, it will have been well worth the time spent digesting it. You never
know, IT and finance could finally find some common ground. n