Minimize
Blogger List

Johannes Ahrends
Toad and Oracle

Ben Boise
Toad SC Discussions

Kevin Dalton
Benchmark Factory

Steven Feuerstein
PL/SQL Obsession

Devin Gallagher
Toad SC discussions

Stuart Hodgins
JProbe Discussions
  Henrik "Mauritz" Johnson
Toad Tips & Tricks on the "other" Toads
  Mark Kurtz
Toad SC discussions
  Michael Lumbard
Toad SC discussions
Daniel Norwood
Toad for Data Analysts,
Toad Extension for Visual Studio
Debbie Peabody
Toad for Data Analysts
Gary Piper
Toad Reports Manager
John Pocknell
Toad for Oracle, JProbe
Kuljit Sangha
Toad SC discussions
Bert Scalzo Indicates Oracle ACE status
Toad for Oracle, Data Modeling, Benchmarking
Jeff Smith
Toad product family
Richard To
SQL Optimization
Jim Wankowski
DB2 - LUW and z/OS
John Weathington
  Toad Data Modeler Opens in a new window
Data Modeling		  
  Real Automated Code Testing for Oracle
Quest Code Tester blog
 
Minimize
Blog Categories
 
Minimize
Blog Tags
toad for oracle (122)
oracle (62)
plsql (46)
sql optimization (37)
toad for data analysts (28)
code tester (19)
toad for ibm db2 (13)
automation (11)
batch optimizer (10)
virtualization (10)
schema browser (9)
toad for sql server (9)
data grid (8)
sql (8)
sql editor (8)
toad data modeler (8)
benchmark factory (7)
excel (7)
query builder (7)
report manager (7)
toad extension (7)
visual studio (7)
11g (6)
configuration (6)
freeware (6)
health check (6)
vmware (6)
connect (5)
dba module (5)
er diagrammer (5)
F4 (5)
linux (5)
refactoring (5)
spotlight (5)
unicode (5)
compare (4)
debugger (4)
export (4)
formatter (4)
make code (4)
rman (4)
strip code (4)
benchmark (3)
bfscript (3)
bulk collect (3)
code templates (3)
code xpert (3)
database browser (3)
db2 (3)
notebook (3)
oem (3)
RAC (3)
session browser (3)
speed (3)
sql optimizer (3)
toad for mysql (3)
tpc-c (3)
9.7 (2)
alert log (2)
app designer (2)
awr (2)
code insight (2)
code snippets (2)
collection (2)
compare and sync (2)
compliance (2)
data generator (2)
data warehouse (2)
database explorer (2)
database monitor (2)
explain (2)
forall (2)
ftp (2)
group execute (2)
handbook (2)
installation (2)
job scheduler (2)
multi-task (2)
nested table (2)
os command (2)
profiler (2)
recovery (2)
release history (2)
save as (2)
schema compare (2)
sql recall (2)
stats pack (2)
subversion (2)
team coding (2)
trace file browser (2)
while loop (2)
10g (1)
64 bit (1)
7zip (1)
action (1)
addm (1)
alter (1)
ansi join (1)
array (1)
ccleaner (1)
code coverage (1)
code road map (1)
CRON (1)
cursor for loop (1)
data browser (1)
data subset (1)
database probe (1)
dbms_flashback (1)
dbms_profiler (1)
ddl (1)
feuerstein (1)
filezilla (1)
flash drive (1)
flow control (1)
for loop (1)
group policy manager (1)
hints (1)
import (1)
index (1)
inheritance (1)
invoker rights (1)
ipad (1)
java (1)
latency (1)
log switch (1)
logical model (1)
ltrim (1)
master-detail browser (1)
monitor (1)
multi-select (1)
naming standards (1)
network (1)
object explorer (1)
OEBS (1)
package (1)
parser (1)
partitioning (1)
performance (1)
pragma (1)
project manager (1)
RAT (1)
revo (1)
REXEC (1)
schema report (1)
script manager (1)
search (1)
set operator (1)
sga (1)
slow (1)
sonarsource (1)
source control (1)
space projection (1)
sql monitor (1)
sql navigator (1)
sql script (1)
sql tracker (1)
sql*plus (1)
standards (1)
statistics (1)
stored procedure (1)
string parser (1)
sub-model (1)
sub-type (1)
synch (1)
synchback (1)
TELNET (1)
toad (1)
trace (1)
unit test (1)
unix (1)
usb (1)
utility (1)
v10 (1)
v9.5 (1)
version control (1)
waits (1)
workload replay (1)
workspace (1)
xml (1)
 
WELCOME, GUEST
 
 

Blogs
Toad and Database Commentaries

Toad World blogs are a mix of insightful how-tos from Quest experts as well as their commentary on experiences with new database technologies.  Have some views of your own to share?  Post your comments!  Note:  Comments are restricted to registered Toad World users.

Do you have a topic that you'd like discussed?  We'd love to hear from you.  Send us your idea for a blog topic.

IT Independence – How Much Centralization is the Right Amount?

Jul 3

Written by: JohnWeathington
Thursday, July 03, 2008  RssIcon

Happy Independence Day!

On this festive occasion, which celebrates our independence as a nation, I saw it appropriate to discuss the independence of Information Technology in a corporation’s compliance program. In other words, how much centralization is a good thing, when it comes to pulling off a compliance effort in your company?
Compliance aside, this debate has been going on ever since the birth of IT. I feel the classic answer of, “Well, it depends,” is a cop out for the intellectually curious to debate over for hours, days, or even months, without moving an inch forward on a consensus.

So, is IT independence a good thing for a company’s compliance efforts? In general, the answer is “No.” Of course complete decentralization is not the answer either, however in my view the gauge favors decentralization over centralization. To help you see my point, let’s look at some advantages and disadvantages to both sides of the scale.

The Advantages of Centralization

The biggest advantage to centralization is IT governance. You might find it odd that I’m a proponent of decentralization given that IT governance is core to my business, but I have to call it straight. When IT is centralized, it’s much easier to get IT governance under control. Having the control and influence that centralization affords, is key to governing the operations that IT performs. Even data governance is easier to manage with a centralized effort, as it’s easier to catalog your data when your scope of visibility is wide. This can only be accomplished in a centralized operation.

Aside from IT governance, IT centralization helps the IT function run in an efficient manner. If you view IT as a service business with a set of processes, it’s much easier to get your processes under control and lean (elimination of duplication and waste) when things are more centralized.

Finally, centralization allows the concerns of IT to be organized and enforced. There are certain things that are good for the organization, that nobody else but IT will worry about. For example, the business may not realize that running your compliance system on a Microsoft Access database is a bad idea!

The Advantages of Decentralization

So, let’s now discuss the reasons why a tendency toward decentralization is the best way to organize your IT function. The number one reason why decentralization is important is because it affords the best alignment with the business objectives – in our case compliance. IT is a support function, and that needs to be remembered. Data systems cannot build themselves. Even with talented architects, if you ignore the real business need, you’re just practicing your skills on something that has no value to the business. Even if you think you know what’s best for the business, that’s not your role.

My lovely dog is a perfect example of how I see some IT shops work. I love her to death, but she really has a mind of her own. We don’t give her commands – to her they’re “suggestions.” One day we were all out in the front yard, when her sister, the instigator, took off running for no apparent reason. Obviously we screamed, “Come here right now!” On this occasion, she decided that although this was a reasonable idea, it made more sense to follow her sister across the street and down the sidewalk. She came within a few feet of an oncoming car.

Don’t misunderstand me. I’m not saying IT is not valuable. In fact in my view, IT is the most important part of the equation. It takes a lot of skill to be an IT professional, especially one that’s involved in a compliance-related effort (because the stakes are usually high). Just remember however, that your skill and talent doesn’t translate to your authority to run the show. It’s a compliance problem you’re trying to solve, not an IT problem, so leave the requirements to the compliance specialists.

There are some other advantages to decentralization. In general, a decentralized organization is more flexible, which is vitally important in a compliance environment. As you may have heard me mention before, expect requirements on a compliance project to change – sometimes radically and often with very short notice. The ability of a decentralized organization to react to these changes is a big advantage.

Finally, for most IT people, being in a decentralized organization is just more fun. IT people are intelligent people that love to learn. Learning about compliance is actually very interesting, and it adds a great dimension to your breadth of knowledge. Being part of something bigger than IT, and seeing your efforts make an impact, is a very rewarding experience.

One Part Centralized, Three Parts Decentralized

 The best mix for me is one part centralization, and three parts decentralization. Don’t take this literally; it’s just a conceptual rule of thumb. You need to exploit all the advantages of decentralization, while taking advantage of as much centralization as you can.

To do this effectively, decentralize as much as possible, and build good metrics around your compliance function. Capture metrics that demonstrate how efficient your compliance function is, without regard for IT specific constraints.

At this point I would formally improve ( i.e. through Six Sigma ) your compliance program as much as you can while your IT function is completely decentralized. If done properly, you should have good control plans around your compliance processes, so you know what levels you should be operating at.

Then, and only then, start to centralize the IT function, watching your compliance metrics closely. The instant the efficiency of your compliance program degrades even a small amount, stop! Centralization cannot be allowed to encroach on your business’ ability to conduct proper compliance.

To Centralize or Decentralize, That is the Question

Well, you have my answer.

If you want the compliance efforts at your company to be the most effective, mix one part centralization with three parts decentralization. Your IT organization should be completely aligned with the compliance function of your company, flexible and adaptable to change, and the people should be having fun. This is not equivocal. With this specification firmly in place, you should strive to be as centralized as you can, eliminating redundancies and administering proper governance.

If your compliance efforts are not where they need to be, analyze your level of IT centralization. You may find that you need to decentralize a bit, to obtain optimum performance.

Trackback Print
Tags:
Categories:
Location: Blogs Parent Separator John Weathington's Blog
Minimize
Most Popular
 
Search Blog Entries
 
Blog Archives