IT Organizations Missing Opportunities for Easy-to-Establish Best Practices, Survey Finds

Some IT management best practices enjoy fairly consistent use—those concerning IT security or disaster recovery, for instance. But other best practices have yet to establish much of a foothold. Surprisingly, these include some that are easy to establish and deliver significant benefits, according to this year’s IT Management Best Practices study from Computer Economics.

The study, now in its 13th year, provides insight into how IT companies are putting 32 best practices into action and which are lagging. This year, we allowed respondents to indicate to what extent they have adopted each best practice: whether they are practicing it informally, formally but inconsistently, or formally and consistently. These options allow us to see the relative maturity of each best practice.

As shown in Figure 2 from the full study, the least-mature best practice is software metrics, which has a mere 3% of respondents practicing it formally and consistently. This is not surprising, as our sample largely consists of IT end-user organizations, not software development companies. End-user organizations tend to rely more on packaged software and do not have software development as a core competency, with a need to track software development metrics.

Three practices earn a 5% maturity rating: DevOps, ITIL, and IT service catalog. DevOps, a relatively new term, is an organizational model, method, or process for enhancing cross-departmental collaboration between software developers and IT operations to support more frequent deployment of software changes. The fact that DevOps is a relatively new practice, combined with the fact that most of our respondents are not doing a great deal of custom software development in-house to merit practicing DevOps, leads naturally to the result that the maturity of DevOps among corporate IT organizations, generally, is low. Post-implementation audits rounds out the least-mature list, with 7% of respondents conducting such audits formally and consistently.

“It’s a shame that a discipline like post-implementation audits is not more widely and consistently practiced,” said Tom Dunlap, director of research for Computer Economics, based in Irvine, Calif. “It’s one of those things that, if you skip it, nothing bad happens immediately. But over time, you fail to benefit from lessons learned or hold the organization accountable for success.”

In the full study, we examine the growth and maturity of 32 IT management practices. Some of these are well-established disciplines and are widely accepted. Others are gaining traction among leading-edge organizations. Still other practices are being widely promoted by tool vendors and consultants but only rarely adopted. Our goal in this study is to provide IT executives with real-world data on how widely each practice is implemented, a basis for comparing their organizations with their peers, and a means of identifying emerging best practices.

This study is now in its 13th year. Each year, we ask IT organizations in our annual survey to what extent they have adopted a selected list of IT management best practices. Survey participants have five response choices:

• No Activity: We are not practicing this discipline in any way.
   
• Implementing: We are in process of implementing this best practice.
   
• Practicing Informally: We do not have formal policies or procedures for this discipline, but we do practice it in an informal or ad-hoc manner.
   
• Practicing Formally but Inconsistently: We have formal policies and procedures for this discipline, but we do not follow them consistently or to the extent that we should.
   
• Practicing Formally and Consistently: We have formal policies and procedures for this discipline and we follow them consistently.

The best practices in the study are as follows:

• IT governance practices: IT strategic planning, IT steering committee, IT project portfolio management, IT change control board, organizational change management, and project management office.
   
• IT financial management practices: IT personnel time tracking, service-based cost accounting, chargeback of IT costs, showback of IT costs, IT service catalog, and benchmarking IT spending.
   
• IT operational management practices:  IT policies and procedures, IT Infrastructure Library (ITIL), IT asset management system, bring your own device, user-satisfaction surveying, and IT performance metrics.
   
• IT security and risk management practices: IT security policies, data classification and retention, IT security compliance audits, security incident management, disaster recovery planning, disaster recovery testing, and business continuity planning.
   
• Software development practices: system development life cycle, agile development, software change management, software metrics, enterprise architecture, post-implementation audits, and DevOps.

This study is designed to increase the awareness of IT leaders concerning what are the best practices in IT management, provide benchmarks against which an IT organization can compare its own adoption and practice level, and justify investments to improve an organization’s IT management practices.

This Research Byte is a brief overview of our report on this subject, IT Management Best Practices 2017-2018. The full report is available at no charge for Computer Economics clients, or it may be purchased by non-clients directly from our website (click for pricing).