Maturity analysis

For some time now, the importance and complexity of IT within modern companies has been increasing. This no longer only affects large companies or corporations. In the meantime, the business processes of SMEs have also become so deeply intertwined with IT that they can no longer exist without IT support.

Keeping an eye on all IT

In addition to a functioning IT, the optimal use of resources is essential for achieving the highest possible cost-benefit factor. For this, however, not only sections or subsections of IT must be considered, but an analysis of IT in its entirety is required.

After all, IT is more than just maintaining systems and networks; it encompasses other disciplines such as aligning IT strategy with corporate strategy, complying with legal requirements and regulations, defining standards and processes, or sensibly managing resources such as hardware, software, or personnel.

A holistic view of IT management is found in very few SMEs. The reasons for this are complex. They range from a lack of awareness of the IT or business management to a lack of

Geared to the needs of SMEs

The reasons for this range from a lack of leadership for the topic to a lack of know-how or resources. Another fundamental reason is that the IT management models and frameworks currently available were not developed for SMEs and can therefore only be adapted to relatively small environments with a great deal of effort.

The IT Management Model

There are countless definitions for the term IT management, which can have different characteristics depending on the view of the respective authors. I have developed an IT management model for the maturity assessment of IT processes, which is divided into four domains:

•  IT Governance, IT Risk and IT Compliance Management 
• IT Resource Management
• IT service and IT process management 
• IT project and IT project portfolio management

These four domains can be easily distinguished from each other in practice and can also be considered separately if necessary. Taken as a whole, they are clearly oriented towards the needs of SME customers and thus pave the way for aligning IT with corporate strategy.

The approach described below is aimed primarily at medium-sized companies and is based on a maturity model that structures IT, divides it into processes and determines the maturity of the respective management processes. The resulting findings can then be used to derive recommendations for action for the further development of the IT management processes examined. In order to identify the individual areas of IT management, the above-mentioned domains are described in detail and those IT management processes that need to be mastered are derived from the description. These processes can be measured and classified using a simple questionnaire for management.

Method for measuring maturity

We distinguish between two phases in this method: In the first phase, the SME to be assessed discusses the individual IT management processes together with a consultant and defines a maturity level to be achieved per process. In a second phase, different people within the company are interviewed. The people to be questioned range from members of the management to users. The decisive factor here is that each question is answered by at least two hierarchical levels. This has the advantage that each process is examined from at least two perspectives.

Always from two perspectives

is judged. If the respective answers differ from each other, this usually indicates a concrete need for action. 

In order to be able to evaluate the answers to the respective questions in a structured manner, a separate maturity model was developed. The CMMI model and the COBIT model served as the basis. The maturity model divides the states of the IT management processes into five levels. The maturity levels range from "non-existent" to "established". Respondents can choose from five states that are specific to the question. This should allow an exact and concrete answer for each respondent and prevent possible interpretations.

The maturity model also takes into account the great diversity of SMEs by making an inventory together with the respective SME in the first phase. The goals and core topics that result from this inventory are subsequently prioritized and adapted to the company. In order to be able to carry out the described maturity level analysis in a practical manner and to process the results, a corresponding evaluation is carried out in parallel to the stocktaking. This makes it possible to compile the questions of the company divisions, to determine the corresponding key figures and to present them visually. In this way, it is possible to record how the maturity levels of individual IT management disciplines are changing. The SME uses this information for further improvement cycles by measuring the respective progress.

How IT processes change

Conclusion

In most companies today, IT has more or less permeated the core processes. And although, for example, the effects of an IT failure or data loss are very well known, SMEs in particular still manage IT on an ad-hoc basis. A holistic and structured approach to IT management should improve the quality of IT and the quality of an SME's products and services. Every company needs to use its IT in a deliberate and focused way to increase the effectiveness of its core processes. Known and repeatable processes improve the efficiency of IT and allow its cost-effective operation. This holistic approach ensures trouble-free, continuous and secure operation of the entire enterprise. Only when IT understands the core business and is itself optimally managed is it possible to develop it further in line with the company's requirements. This can either go in the direction of IT service management or entail appropriate outsourcing concepts. Basically, it is important that IT supports the business - and not the other way around.