Development and management of IT systems are complex, demanding, and yet crucial to an organization success and its competitive position in the marketplace. Due to rapid changes in emerging technologies there is a need for constant improvement and adjustment to IT systems. There are a large number of processes involved in IT system development and monitoring. The interdependencies of these processes make it very difficult for Chief Information Officers (CIOs) to comprehend and be aware of effect of inefficiencies that may exist in development of these processes in their organization. This chapter considers the implementation of a Fuzzy Cognitive Maps (FCM) to provide facilities to capture and represent complex relationships in an IT management model and their related processes to improve the understanding of CIOs about the systems and its associated risks. By using FCMs CIOs can regularly review and improve their IT systems and provide greater improvement in development, monitoring and maintenance of IT facilities. CIOs can perform what-if analysis to better understand vulnerabilities of their designed system.
TopIntroduction
IT processes are activities for development and maintenance of applications, supporting infrastructure (e.g., hardware, systems software, and networks), to managing human resources. Luftman (Luftman, 2004) described 38 IT processes that cover all aspects or IT management in an organization. These IT processes have been categorized in three main layers. These layers include strategic layer which focuses on the long-term goals and how IT can enable the achievement of these goals in an organization. The second layer is the tactical layer which works towards achieving the strategic goals and finally operational layer which covers day-to-day operation activities. Strategic level consist of strategic planning control that covers business analysis planning, architecture planning and IT strategic planning control. Figure 1 shows sub-processes of strategic layer. Tactical layer consists of management planning, development planning, resource planning and service planning. These four processes are divided into 15 sub processes. Figure 2 shows the sub-processes. The operational level consists of six processes project management, resource control, service control, development and maintenance, administration services and information services. The six processes are divided into 22 sub processes. Figure 3 shows the processes of operational layer. These processes include all stages of IT management from planning, organizing, and administering processes required to effectively and efficiently manage IT. Using the three layers approach it is possible to distinguish the sub processes and codependences between IT functions. It can be noted that the strategic layer impacts the tactical layer by changing the technologies, tools, and methodologies used in tactical processes. Consequently new technologies, tools, and methodologies impact the operational level by changing the requirements of staff, their training, and job functions [Luftman, 2004]. Successful completion of tactical processes impact operational layer. Using this three layer approach it is possible to note the codependences of these layers and the impact of one layer on other layers.
Figure 1. Sub-processes of strategic layer
Figure 2. Sub-processes of tactical layer
Figure 3. Sub-processes of operational layer
It should be noted that leading management-consulting firms such as Ernst & Young, Price Waterhouse Coopers, et al as well as the Society of Information Management (SIM) provide different number of IT Processes. For example Ernst & Young have presented 70 IT processes, PricewaterhouseCoopers use 62 IT processes, Society of Information Management (SIM) has listed 40 IT processes and David Feeney lists nine major (core) categories of IT processes. CobiT and the IT Governance Institute display 34 IT processes. CobiT consists of six major categories and there is no distinction between strategic, tactical, or operational layer.
No matter which model is used there are a large number of sub processes that the Chief Information Office (CIO) needs to consider to be able to successfully manage the IT for an organization. In this paper Luftman (Luftman, 2004) 38 IT processes are considered for IT management and risk analysis in an organization. Other models can easily be substituted to discover risk in the IT management of such models.