Unraveling the CAB

By Patrick Gray
Summary
A Change Advisory Board tends to get overcomplicated when it's implemented at many organizations. Here's how to avoid that.
A Change Advisory Board (CAB) is another good idea that tends to get overcomplicated when it's implemented at many organizations.
At its core, the CAB exists to provide a balanced analysis of any changes to a company's systems and processes and to provide a final "ruling" on whether a proposed change moves forward or is shelved. The CAB concept is promoted by some of the popular IT management methodologies, which overlay the conceptually simple concept with layers of formalities and a veneer of unnecessary complexity.
Scope changes are generally the only way to control costs on an IT project, with seemingly minor changes made by junior analysts often carrying six-figure price tags. With this fact in mind, the CAB is your best defense against these changes dragging your projects deep into the red.
With this objective in mind, consider the following two keys to implementing an effective CAB.
Representation and transparency are key
If a CAB is seen as primarily an IT function, it will rapidly become a bureaucracy to be avoided, sabotaged and dodged.
In all but the most mundane infrastructure projects, most of your IT projects will be done to impact your company's business. As such, many of the change requests will be business-related and impact finance, marketing, sales and operations and often are fundamentally business decisions of how to allocate scarce resources rather than purely technical decisions. Therefore, your CAB must have representation from each business unit that is respected and empowered to make decisions.
IT gets the same vote as other business units and, save for articulating part of the costs of each change and guiding the process, does not gain any additional power to influence the CAB.
With the right people on the CAB, an arbitrator is required for any stalemates that arise. Depending on whether your company is more operationally or financially oriented, this might be the COO or CFO or in some cases even the CEO. In any case, each person on the CAB has voting power and is at a high-enough level that the buck stops with them rather than their decision being subject to reevaluation and overriding by a superior. It should be clear who makes the decisions, and each item that comes before the CAB should be allocated a rapid time frame in which it will be evaluated.
At the end of the day, when change requests come to the CAB you want them to be decided quickly and the people and process behind the decision to be respected by the company, even if it is disagreed with.
Time is money
A CAB's value comes from two areas: respected and fair people and process, and timelines. If you have painstakingly recruited the right people, but your CAB takes four months to reach a decision, it will rapidly lose its value.
While some recommend quarterly CAB meetings, this is generally too long, especially if you are implementing large-scale projects like ERP or CRM systems. Monthly meetings of the CAB should be the baseline objective, and with some forethought, each can be short and effective. Send a summary of each change request, the facts around the issue, and any background in advance of the meeting, and actually CAB meetings can be about final fact finding, analysis, and decision-making rather than endless debates.
A good decision is often better than a great decision two months from now, so in the case where information is missing or the environment is unclear, document the assumptions that went into a decision and document any triggers that might cause the board to reevaluate the decision and move on. Major organizational projects can burn significant amounts of cash just waiting for a critical decision, so be sure to convey the very real cost of inaction.
With the right people, a transparent decision-making process, and a focus on making good decisions as rapidly as possible, the CAB can be a very valuable tool. Rather than an administrative hurdle, it becomes a tool for ensuring money is spent effectively, changes are evaluated in light of the company's core business, and projects are able to move forward in the face of competing priorities rather than spinning their wheels (and burning cash) waiting for decisions.
For the CIO, an effective CAB shows his or her peers that the CIO understands that IT exists to facilitate the company's business and also demonstrates the value an effective IT organization provides to the larger company. Each member of the CAB will see IT efforts tied directly back to their business benefit and grow to understand that IT is about far more than servers and software.
Patrick Gray is the founder and president of Prevoyance Group, and author of "Breakthrough IT: Supercharging Organizational Value through Technology". Prevoyance Group provides strategic IT consulting services to Fortune 500 and 1000 companies.
READ MORE - Unraveling the CAB

Salary, not 'fun perks', attract IT talent

By Jamie Yap

Summary

A good pay package is still the best draw to attract and keep employees, note recruiters. However, tech firms say offering "fun perks" at work provides similar appeal.
Axer Goh, manager of contracting division at Robert Walters, highlighted to ZDNet Asia that the "ultimate factor" that motivates many job candidates is the money on offer. This is the first thing most potential employees would think of upon taking up a new role, she noted.
"I have yet to come across a candidate who is more interested to find out about non-monetary job perks than the pay package provided by a new employer," she said in her e-mail.
Annie Lim, manager of IT commerce at Robert Walters, added to Goh's observations, saying that as the job market in the technology sector continues to pick up, job seekers and employees are factoring higher salary increments in their decision-making.
Gavin Henshaw, head of Kelly IT Resources, a specialist division within recruitment firm Kelly Services, concurred that a competitive salary will always play an important part in an applicant's decision-making process.
He noted in his e-mail that non-monetary perks are usually considered by people as "luxuries and non-essential" and will not be able to help retain staff.
Goh, however, said additional perks do "help retain talent to a certain extent" as employees are less likely to be actively exploring external work opportunities if they are happy in their current workplace.
Companies dangle perks
Despite the recruiters' assertions that salary remains the top draw for most potential and existing employees, IT companies ZDNet Asia spoke to said that "fun perks" play an equally important role in attracting top talent.
Myriam Boublil, head of communications and public affairs at Google Southeast Asia, for one, said "people don't join or stay with a company for money only". It is with this in mind that Google is "committed to providing its employees with benefits that encourage work-life balance and make employees' time at work as enjoyable and productive as possible", she added.
Elaborating on the company's work philosophy, she noted that besides a "competitive compensation package, which comprises of salary, yearly bonuses, and equity grants", all Google offices, including Singapore, have game rooms with Nintendo Wii consoles and pool tables, massage chairs, and cafes offering free meals all day. All these features are included to ensure that "work is challenging yet fun", she said.
"Our people are our greatest assets and we will always look after them so they are able to keep creating, inventing, finding solutions and breaking boundaries," Boublil noted in an e-mail.
Google's employee-centric approach appears to have paid off. The search giant was ranked fourth in Fortune magazine's "100 Best Companies to Work For" this year.
Scott Morris, managing director at NetApp Asean, also emphasized that today's employees have "different priorities and an increasingly bigger pay packet can no longer ensure employee loyalty". Studies have shown that employees who are happy and have job satisfaction are productive, he added in his e-mail.
"Happy employees are more willing to ride through the tough times with the employer and have a greater sense of ownership. This, in turn, manifests itself in happy customers and partners, thus favorably contributing to our bottom line," Morris elaborated.
Ranked fifth in Fortune's list of top places to work for, data storage firm NetApp also has "simple practices [in its Singapore office] to make coming to work more fun" such as breakfast gatherings on Fridays, free espressos daily and fruits weekly, the executive noted.
Social gaming company Zynga also believes in providing incentives to employees to reward them for their work. Colleen McCreary, the firm's chief people officer, said Zynga is "proud to offers its employees [in San Francisco] great perks such as free weekday meals, haircuts, massages, and bringing their dogs to work."
"Offering fun perks is a way for Zynga to give back to our staff in special ways," she explained in an e-mail. "They work hard and we want to make sure they feel appreciated, rewarded and cared for."
Career progression also important
Beyond these fun perks though, Kelly IT Resources' Henshaw pointed out that other offerings such as training and career progression may be more beneficial to employees in the long run.
"A great working environment is a bonus, [but] it is of less importance if it is not matched with personal reward and benefit," he stated.
Morris concurred. He said that NetApp nurtures its people and provides opportunities for career progression and expansion within the company, which is why preference is given to internal candidates for new job offerings.
Boublil, too, stressed that "Google is all about learning and offers many training and career development programs and initiatives". For instance, its engineers are placed under a "20 percent time" program that allows them to work on independent projects which interests them yet does not fall under their usual job scope, she explained.
READ MORE - Salary, not 'fun perks', attract IT talent

How to engage employees in the workplace

What does it take for a company to become successful at engaging its employees?  Socialcast created this infographic to explore this very question.
In the formula that makes up an organization’s success, a key factor is employee engagement. Top-performing companies know this. Human Resources departments know this. However, studies show that there is still an overwhelming number of employees who are disengaged in the workplace. What are the factors contributing to this issue, and how can companies address this challenge to improve engagement and ultimately the bottom line?
(Click on the infographic below to learn more.)
READ MORE - How to engage employees in the workplace

5 management tenets for every CIO

By Scott Lowe,


Summary

It's far easier to keep the people you have than it is to hire new ones. Here are five management tenets that are critically important to staffing success.
Topics


Finding and retaining good staff is extremely difficult, but it's even more difficult when employees are working under unfair conditions.

In this blog, I'll outline five management tenets that I believe are critically important to staffing success.

1. Recognize that people want to do well, so treat them well
In general, your IT staff doesn't come to work every morning with high hopes for achieving mediocrity or failure. People want to do a good job, want to contribute, and want to know that their efforts mean something. Make that your guiding principle in all your dealings with your staff.

Frankly, this can be really, really hard sometimes, particularly as you get stressed out and are dealing with something that might seem trivial. It's more than likely that, at some point in your management career, you'll look back and realize that you handled a particular employee action pretty poorly. When this happens, the affected person deserves an explanation and an apology.

This actually goes both ways, too. If you've treated your staff well, it's more than likely that they'll treat you well, and if they treat you unfairly at some point, they'll realize it and make it right.

I was in this exact situation a few weeks ago. One of my guys had a particularly bad day, and at the end of the day, a tense situation arose and he took it out on me. Now, the guy is awesome at his job and we generally have a great working relationship, but it obviously still bugged me. However, the next morning, he called me up, we had breakfast, and he apologized.

Of course, this just provides further proof that I have the best IT staff on the planet.

2. Understand that people (usually) fire themselves...do it fast
For clarification, I'm not talking about layoffs here. This topic is focused solely on the act of firing someone.

Even if you've made the best possible effort to recognize that people want to do well and you've infused this idea into all the conversations you have with your people, not everyone will be able to stay on board with the organization. It's up to you (and, of course, your team) to create an environment in which they want to operate. Unfortunately, when it comes to voting people off the island, that duty usually falls to you.

I've written before that it's important that people not be surprised that they're being erased from the org chart--at least when it's for performance or attitude reasons. Obviously, no matter how egregious the performance or attitude problems and no matter how many warnings have been provided, at that moment when you break the news, there will be surprise. However, after the shock subsides and the person is able to look back through the lens of time, I believe that, in hindsight, that surprise factor will lessen.

On this point, too, always use the probationary period as it was intended. Most organizations have a probationary period during which either the employer or the employee can opt out of the arrangement with or without cause. In many cases, this is done for fit reasons (in either direction) or if the employer discovers that the person is missing a key skill, although this should be caught during the interview. It's much easier to take this step during the probationary period than it is later on.

I will admit that I have fired someone during the probationary period due to fit, and I will admit, it was probably one of the best decisions I've made. Keeping someone around that can't fit or can't carry his or her weight is a drag on the whole group.

3. Give feedback, ask for feedback, and mean it
I'll go on the record as saying that I truly despise the annual performance review process. I find it close to useless for everyone except HR. People should know where they stand throughout the year, not at just a single point in time.

If something is going really well during the year, make sure the person knows it--better yet make sure the whole team knows it. When I get a note from someone on campus praising one of my staff, I usually forward it on to the whole IT staff.

If something needs improvement, improve it. Don't wait for performance review time. It's not fair to the organization, and it's not fair to the employee. The longer you let something go, the more opportunity there is for resentment to build among the staff about the situation, so address it sooner.

Also, make sure to be able to accept feedback from the staff from time to time, too. This is incredibly difficult sometimes, but it leads to a much better and much happier staff. If you tell your staff that you're willing to listen to feedback, actually, you know, listen to it. Like I said, it's tough, but I'm far from perfect and even make mistakes every now and then. I'm very fortunate that I have a staff that is more than willing to tell me when they think I've blown it, and, in most cases, they do so in a reasonable, respectful way.

Obviously, there are times that I disagree with their assessment, but we have a positive enough working relationship that, in most cases, they're willing to accept it. Just as often, if not more often, they "win", although that's really too strong a word.

4. Say "please' and "thank you"...the golden rule applies
My kids have gotten pretty good at the whole manners thing, but it astounds me at how often people forget to take these basic steps in the workplace. My staff works their butts off to do the work that has been assigned to them. As is the case with most IT staffs, we get more and more work to do and the staff count isn't exactly skyrocketing. When I ask them to do something, it's generally accompanied by a "please" and, upon completion, a "thank you".

5. Don't be a pushover... be fair, but firm
You might think that the advice in this article makes it look like I'm recommending that you be a pushover. Nothing could be further from the truth. Instead, when it comes to working with my staff, I simply believe that the people who work so hard to make me (seriously, I'd fail without the people I have working with me) and the organization successful deserve to be treated well, listened to, and respected. That said, I do expect results. After all, this is a job.

On that front, over the past few months, my staff and I have overhauled our project prioritization mechanisms in order to ensure that we have sustainable workloads that still meet the needs of the organization. I work with each staff person to assess project plans and determine time frames, and then we commit to those time frames and I expect completion.

That said, life always throws curveballs, so we maintain open lines of communication and, when necessary, adjust project time lines. Recently, we had a project due at the end of the month, but due to "scope creep" that was outside our control on another initiative, the project had to be delayed. Due to the critical nature of the "creeping" initiative, it was an easy decision to postpone the deliverable on the original project, but that decision was made in concert with the staff people on the projects to make sure that everyone understood why we were where we were and what we were going to do to ensure success on both projects. In this way, we dealt fairly with the situation (i.e. didn't punish my person because some other department had a problem) while instituting a new deadline, which, by the way, was met.

Summary
It's far easier to keep people you have than it is to hire new ones. Although I do believe in making sure that new blood and new ideas come into the organization, that can happen through other natural attrition, so make sure that you treat your people with fairness and respect. They will be more successful because of it, and you will be more successful because of it.

Scott Lowe has spent 15 years in the IT world and is currently the vice president and CIO for Westminster College in Fulton, Missouri.

source: TechRepublic
READ MORE - 5 management tenets for every CIO

Jailbreaking device paves way for malware

By Liau Yun Qing

Summary

Mobile users root devices to gain better control over their gadgets and have platform choice, but doing so increases security vulnerabilities, note security experts.
Jailbreaking a device is similar to implanting malevolent code into the device, thereby increasing its vulnerability to malware, warns a security researcher, while another notes that ultimately, such efforts boil down to "personal choice".
In an e-mail interview with ZDNet Asia, Kwee Anping, senior technical consultant at Symantec Singapore, likened jailbreaking a device to exploiting vulnerabilities in an operating platform. "It is how malicious codes are typically installed on a gadget and it increases the risk of the device being infected with malware," Kwee said.
He pointed to the Ikee worm and a hacktool, which exploited third-party Secure Shell (SSH) utilities installed on jailbroken Apple iPhones. "While Ikee simply changed the infected device's wallpaper to a photo of singer Rick Astley, the hacktool could reportedly steal data on the device and connect back to the attacker, giving him control over the phone including the ability to download and install other malware onto it," he said.
He added that attackers are also able to change the root password of the affected device and prevent the owner from accessing the phone.
However, that does not mean non-jailbroken devices are not vulnerable to security risks, he noted.
The growth in smartphone and tablets and their increasing connectivity and capability means there is a corresponding increase in attention, targeting mobile platforms, from both threat developers and security researchers, he said.
Axelle Apvrille, senior mobile antivirus analyst and researcher at Fortinet FortiGuard Labs, added that even the closely-guarded Apple App Store is not immune to malware such as the Adware/LBTM app, which poses as a free application.
Other than viruses, both jailbroken and non-jailbroken phones are vulnerable to security holes in the device's browser, she added in an e-mail.
Jailbreaking to more choice
Despite the security risks, Apvrille said it boils down to "personal choice" in which users decide if jailbreaking their gadgets is worth the trouble. "People who are not at ease with technology won't jailbreak their device, and they are probably better off that way," she said.
"[On the other hand], those who are more familiar with computing devices can feel too limited in Apple's business model and wish to 'escape the jail'," she said. "Sometimes, it's also [about subscribing to] a philosophy, [such as] not being tied to a single vendor or having the possibility to use open source software."
Apvrille said: "In any case, by jailbreaking your device, you may be able to give more power over your device.
"But of course, with greater power comes greater responsibility."
She urged users who are looking to jailbreak their device to go through the manuals carefully. "It is critical to read README [files], release notes and installation notes to install [the jailbreak] properly," she said.
Apvrille cited the case of the iPhone/Eeki.A worm, which infected jailbroken devices of users who did not read an important recommendation to change their root password. Users who jailbroke their device but changed the password were not susceptible to the worm, she said.
Symantec's Kwee, though, is adamant that users should not modify their device.
"Consumers jailbreak their mobile devices believing that it expands the functional or customization capabilities. What they are unaware of, however, is that the process of jailbreaking a device through exploits is not very different from using exploits to install malicious code," he said.
Similar to desktop computers, the exploitation of vulnerabilities can bring more inconveniences than benefits as initially thought, and users of jailbroken devices would leave themselves open to malicious attacks, he cautioned.
Despite the security risks, some mobile users have not refrained from tweaking their devices. In fact, the jailbreak software for Apple's iOS 4.3.1 release was available less than two weeks after the update was launched.
One self-proclaimed "loyal" Apple fan, who jailbroke her iPhone two months ago, said she was not fully aware of the security risks but did hear from friends that such phones were more vulnerable to viruses and system crashes. The 22-year old allied healthcare worker, who declined to be named, said she jailbroke her phone mainly to access free apps and "themes" which are only available on jailbroken devices. Themes provide more icons, skins and wallpapers for the iPhone.
She said she decided to jailbreak her phone only after the warranty ended.
"With the warranty, if my phone crashes I can still get it replaced. But after the warranty expires, it doesn't matter," she said.
Manufacturers warn against jailbreaks
Hardware makers and software developers have made efforts to combat jailbreaks by limiting the warranty of jailbroken products or pursuing the legal route to stop jailbreakers.
"Users should be advised that the loading of unapproved software on a Motorola device can void the warranty," said a Motorola Mobility spokesperson in an e-mail interview.
"Motorola's primary focus is the security of our end-users and protection of their data, while also meeting carrier, partner and legal requirements," he said. "A majority of Motorola's Android-based consumer devices in the market today have a secured bootloader in order to meet these security needs."
Microsoft also implemented similar initiatives for its mobile OS. "Microsoft does not support Windows Phones that have been altered from manufacturer- and carrier-specifications, and we caution that such alterations can dramatically impact reliability, performance, compatibility and security," said a company spokesperson in an e-mail.
Asked what the company is doing to prevent jailbreaking, he pointed to a whitepaper on anti-piracy in the Windows Phone Marketplace.
"Developers fuel Microsoft platforms, and we understand the importance of intellectual property in these ecosystems. We have a long history of developing protection strategies for our software and services and those of third-party developers, Windows Phone 7 and Windows Phone Marketplace are no exceptions," he said.
When contacted, Korean consumer electronics giant Samsung declined to reveal specifics on how it is preventing users from jailbreaking its Android handsets. Winston Goh, the company's product marketing manager of telecommunications, told ZDNet Asia in an e-mail that such information is "highly confidential" and cannot be revealed to the public.
Goh did stress, though, that consumers who root their Android devices will have their warranty "rendered null and void".
"If we allow users to root our devices and, subsequently, those users [make tweaks to] their Samsung Android device that cause it to fail, then brings it back to our customer service centers for repair--it would be very difficult for us to diagnose and pinpoint the exact issue since we may not have any evidence of what the user actually did," said Goh.
"This could potentially tie up our customer service resources, resulting in less time and resources available for other customers with valid issues.
"While we appreciate the fact that Android devices are inherently very flexible devices, we do need to maintain a certain level of control for the sake of [delivering] more efficient product management and customer service process," he said.
READ MORE - Jailbreaking device paves way for malware

A tale of two PMOs

By Patrick Gray
Summary
The actual benefits and most effective way to set up your project management office are difficult to identify. Here's a look at two different PMOs–one an administrative service, the other involving portfolio management.
If you've spent any amount of time in IT management circles, you've likely heard of a program/project management office or perhaps been asked to set one up for your organization.
Like many ideas in IT management, the actual benefits and most effective way to set up your PMO are difficult to identify and, in the worst case, quickly descend into a sales pitch for tools and services that do little to build an effective PMO.
Rather than focus on the minutiae of establishing a PMO, let's examine two different PMOs, one of which is unfortunately far rarer than the other.
The "Italian Job" PMO
I spent about four months living in Italy, and perhaps some of the best advice I received during our first visit to look for an apartment was to expect that few services would work correctly, which would make our stay far less stressful rather than lamenting every little thing that went wrong or every minor administrative hurdle thrown in the way of daily life.
The Italians had a zeal for administrative formality that was impressive, with the lowest level bureaucrat sporting a color-coordinated uniform, to the police whose impeccable uniforms, shined boots, and myriad badges, patches and epaulets made other police forces look downright slovenly.
Many PMOs are analogous to this system, with form trumping function. In the best case, this PMO serves as an administrative clearinghouse, managing the various people and projects occurring within the organization and ensuring they don't step on each other's toes.
In the worst case, these groups place their "traffic control" duties to the side and focus on formalities. While these efforts are certainly well-intentioned, this PMO gradually accumulates reams of standards, policies, and out-of-control knowledge repositories that become overwhelming to anyone actually trying to get real work done.
A struggling project manager likely hears from this group only when issuing new pronouncements about which forms must be completed or threatening an "audit" to make sure documentation is complete rather than providing assistance or insight into how to right a struggling project.
For the CIO, this PMO tracks projects and presumably provides standard reporting about their status, but does little to deliver insight into how the projects relate to the company's overall business. While there is nothing wrong with an organization that provides this consolidated view, it has little impact on the organization other than an administrative function.
The Investment Management PMO
For the rare organization that takes its PMO beyond its administrative role, the most effective function is managing the company's portfolio of projects like an investment portfolio. Traditional project management is tightly focused on tracking objectives and costs, but misses the mark on tying those objectives back to a business result with an expected return, risk level, and time frame to achieve that return.
Much as one might sit with their financial adviser and discuss their goals, the CIO can sit with this type of PMO and discuss where he or she sees the business going in the coming months and years. Someone nearing retirement might focus on bonds and low-risk investments, just as a CIO in a stagnant industry or facing a severe economic downturn might focus on short-term, low-right projects. Like the financial adviser, this PMO can quickly point to which projects are more strategic and likely more risky and which are "bread-and-butter" maintenance and infrastructure projects.
When considering new projects, the Investment Management PMO can look at where they fit among the existing portfolio and suggest changes before the organization takes on too many high-risk projects or encourage bolder efforts when the competitive landscape demands it. Effectively, this PMO becomes the key means for the CIO to deliver business results and convey the value that IT brings to the larger organization beyond just keeping the infrastructure up and running.
The latter PMO is obviously the preferred option for most organizations, but the price of admission is perfecting the former. No one would want a disorganized investment manager who could not instantly identify which stocks and bonds you were holding, just as no PMO can move into portfolio management without being able to track and manage projects from an administrative perspective.
Building an investment management PMO requires careful care and nurturing from the CIO and a variety of talents beyond raw technical skill or project management techniques. A project portfolio requires what is effectively P&L responsibility, since projects frequently are a big slice of the IT budget and the only area where true business returns can be demonstrated, short of selling IT services as a product to external customers. If your PMO cannot brief you on the key business objectives of each project and the likelihood of delivering those business results, you are simply not getting the maximum value from your PMO.
Patrick Gray is the founder and president of Prevoyance Group, and author of "Breakthrough IT: Supercharging Organizational Value through Technology". Prevoyance Group provides strategic IT consulting services to Fortune 500 and 1000 companies.
Source: http://www.zdnetasia.com/a-tale-of-two-pmos-62208252.htm?scid=nl_z_tgtm
READ MORE - A tale of two PMOs