Importance of Best Practices

Why Senior Management Needs to Know About Best Practices 

Due to their technical nature, IT standards and best practices are mostly known to the experts—IT professionals, managers and advisors—who may adopt and use them with good intent but potentially without a business focus or the customer’s involvement and support. Even in organisations where practices such as COBIT and ITIL have been implemented, some business managers understand little about their real purpose and are unable to influence their use. To realise the full value of best practices, the customers of IT services need be involved, as the effective use of IT should be a collaborative experience between the customer and internal and external service providers, with the customer setting the requirements. Other interested stakeholders, such as the board, senior executives, auditors and regulators, also have a vested interest in either receiving or providing assurance that the IT investment is properly protected and delivering value. 

Figure summarises who has an interest in how IT standards and best practices can help address IT managementissues. 

Why Best Practices Are Important

The effective use of IT is critical to the success of enterprise strategy, as illustrated by the following quote:

The use of IT has the potential to be the major driver of economic wealth in the 21st century. While IT is already critical to enterprise success, provides opportunities to obtain a competitive advantage and offers a means for increasing productivity, it will do all this even more so in the future. IT also carries risks. It is clear that in these days of doing business on a global scale around the clock, system and network downtime has become far too costly for any enterprise to afford. In some industries, IT is a necessary competitive resource to differentiate and provide a competitive advantage, while in many others it determines survival, not just prosperity. 

Best Practices and Standards Help Enable Effective Governance of IT Activities

Increasingly, the use of standards and best practices, such as ITIL, COBIT and ISO 17799, is being driven by business requirements for improved performance, value transparency and increased control over IT activities. 

The UK government recognised very early on the significance of IT best practices to government and, for many years, has developed best practices to guide the use of IT in government departments. These practices have now become de facto standards around the world in private and public sectors. ITIL was developed more than 15 years ago todocument best practice for IT service management, with that best practice being determined through the involvement of industry experts, consultants and practitioners. BS 15000, which is aligned with ITIL, was recently created as a new service management standard. The IT Security Code of Practice, developed initially with support from industry, became BS 7799 and then became ISO 17799, the first international security management standard. PRINCE, and now PRINCE2, was created by CCTA (now OCG) to provide a best practice for project management. 

ISACA recognised in the early 1990s that auditors, who had their own checklists for assessing IT controls and effectiveness, were talking a different language to business managers and IT practitioners. In response to this communication gap, COBIT was created as an IT control framework for business managers, IT managers and auditors based on a generic set of IT processes meaningful to IT people and, increasingly, business managers. The best practices in COBIT are a common approach to good IT control—implemented by business and IT managers, and assessed on the same basis by auditors. Over the years, COBIT has been developed as an open standard and is now increasingly being adopted globally as the control model for implementing and demonstrating effective IT governance. In 1998, ISACA created an affiliated body, the IT Governance Institute, to better communicate IT governance-related messages to business managers and, in particular, the boardroom. 

Today, as every organisation tries to deliver value from IT while managing an increasingly complex range of IT related risks, the effective use of best practices can help to avoid re-inventing wheels, optimise the use of scarce IT resources and reduce the occurrence of major IT risks, such as:

• Project failures
• Wasted investments
• Security breaches
• System crashes
• Failures by service providers to understand and meet customer requirements 

OGC is at the forefront in delivering and disseminating best practice material to address these and other current challenges. 

Best Practices Provide Many Benefits

The effective adoption of best practices can provide many benefits, especially in the area of advanced technology.

These include:

• Avoiding re-inventing wheels
• Reducing dependency on technology experts
• Increasing the potential to utilise less-experienced staff if properly trained
• Making it easier to leverage external assistance
• Overcoming vertical silos and nonconforming behaviour
• Reducing risks and errors
• Improving quality
• Improving the ability to manage and monitor
• Increasing standardisation leading to cost reduction
• Improving trust and confidence from management and partners
• Creating respect from regulators and other external reviewers
• Safeguarding and proving value 

Adherence to best practice also helps strengthen supplier/customer relations, make contractual obligations easier to monitor and enforce, and improve the market position of those service providers seen to be compliant with accepted standards, such as BS 15000.