ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Mr. Potato Head, Agility and Technical Architecture

Mr. Potato Head, Agility and Technical Architecture

| Published: 6/28/2010 8:00 AM | Permalink | Email this Post | Comments (0)

By William A. Yarberry Jr., CISA, CPA

A few months ago, one of my clients in Florida contracted with a major enterprise resource planning (ERP) vendor to implement a transportation management system (TMS). I stopped by the project manager’s office to check on progress. Here’s a shortened transcript:

Me:  Fred, how’s the TMS implementation going?
Fred (the project manager):  Well, Bill, it looks great on paper. It’s on time, within budget and we even did change control right this time.
Me:  So what’s the problem?
Fred:  There’s this guy on the vendor implementation team who just loves the scripting language Python. I like it too, but I’ll need a Python resource for ongoing support. We already have Scheme, Ruby and Perl. How many of these things do we need? And, did anybody think to budget for a new ongoing technology? We’ll be paying for this decision for years.
Me:  Python’s not in your technical architecture?
Fred:  We never finished our technical architecture. I had nothing to point to when the Python subject came up and the user VP just wants the project done.

This is one way IT organizations lose their agility. The recession notwithstanding, there are more tools, languages, development environments and infrastructure options than ever before. Most of these new technologies are really good. However, if an organization fails to develop a strong technical architecture—starting with infrastructure and stretching to include standards such as integrated development environments (IDEs), languages, database philosophies and strategic alignment—then incompatible systems will proliferate. And, worse, the maintenance effort as a percentage of the total IT budget will creep up until the chief information officer’s entire day job is to manage developers cross-linking disparate technologies. It’s hard to respond quickly to customer, regulatory or competitor demands if you don’t have a consistent and logical technology base.
One of our jobs as IT auditors is to point out the cost of having no architectural vision. Systems may work, pass unit and user acceptance tests, include security features, and so on; however, if they depend on a mishmash of technologies, assembled like Mr. Potato Head, then they are fragile. But unlike Mr. Potato Head, they cannot be changed easily. We need to look down the road and whisper in the decision maker’s ears, “If you buy every new technology you see and look at technology only from a short-term perspective, it’s really going to cost you!”
Read William A. Yarberry Jr.'s recent Journal Article: 
IT Risk Analysis—The Missing ‘A’,” ISACA Journal, volume 3, 2010


There are no comments yet for this post.