Home > Risk > A Fun Read for IT Operations, Governance, Risk, and Audit Professionals

A Fun Read for IT Operations, Governance, Risk, and Audit Professionals

January 15, 2013 Leave a comment Go to comments

My very good friend, Gene Kim, together with Kim Behr and George Spafford, have published a fun read: “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win

I strongly recommend signing up for their whitepapers and can tell you that I enjoyed reading the book – so go ahead and spring for it!       Amazon has a great price if you don’t want to buy it from the site above.

Why do I like it?

  • It’s a fun read, as I said before. The drama is in vivid color and credible
  • As you read it, you can learn how the theory of constraints, as famously brought to us in The Goal: A Process of Ongoing Improvement, can be applied within an IT function
  • It illustrates that most problems within organizations (and many are described in The Phoenix Project) have a root cause – people

It would be interesting to have a discussion on the IT General Control issues that can be found. I will start the list:

  • A failure to ensure that all changes to applications and other infrastructure are approved by all affected areas and IT management
  • A failure to adequately test all changes
  • An inability to coordinate related changes
  • Ineffective management of IT resources, including the prioritization of work
  • A culture of heroes (especially one hero, who is relied upon for pretty much everything)
  • A failure of responsible leadership
  • The CISO did not perform a risk assessment, and was irresponsible in directing his and other staff to bypass controls
  • Inadequate resources
  • A lack of trust among the IT leadership members

I welcome your comments on the book and its messages.

  1. February 4, 2013 at 11:15 PM

    I personally ponder the reason why you labeled this specific article,
    “A Fun Read for IT Operations, Governance, Risk, and
    Audit Professionals Norman Marks on Governance, Risk Management, and Audit”.
    In any event I actually loved the post!I appreciate it,Arturo

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: