Conversations from the Mirror42 Team

I was in a discussion yesterday, with a potential client, regarding managing and distributing Key IT Control data with Microsoft Excel. Here a my top reasons why one should not use Excel to manage Key IT Controls / Key Performance Indicators (KPIs).

1. Nature of Excel makes it easy “breakable”

Especially in a heterogenous organization, when sharing Excel files with many people, calculation might break, potentially creating information “garbage”.

2. It is difficult (if not imposible) to personalize information for each stakeholder

In most cases information for each stakeholder will differ, therefore this information should be personalized to keep it simple. Try doing that in Excel.

3. Size of files might impose (system) limits

I have seen KPI Excel sheets grow at a client into multi GB files, making it almost impossible to open let alone maintain it. And try sending a 1 GB file via email.

4. Distribution by email is a potential information security risk

Once information has been sent via email potential risks of forwarding files outside the organization are more likely.

5. It is almost impossible to gather and consolidate information in a highly heterogenous organization

Typically when using Excel, spreadsheets are sent throughout the organization to collect information. Once all information has been collected, these sheets are consolidated for upper management. This is a labour intensive task with many opportunities to create (again) information “garbage”.

This ComputerWorld article contains a nice list of simple do’s and don’ts with respect to implementing IT Governance processes and procedures.

DO set realistic goals and objectives for your company. DON’T merely copy a successful organization’s governance style. After all, that company may have different goals, objectives and corporate culture than yours. It might be after growth, while you may be focusing on profitability.

DO create relevance between business objectives, IT governance processes and project implementation goals. DON’T make irrelevant, ivory-tower demands. People will find a way around them. IT governance processes must start at the highest business level and extend all the way down into the project-execution phase — in a relevant, meaningful manner.

DO make it repeatable. DON’T just “govern once” at your organization. Approach IT governance as an investment in repeatable, reusable processes; it’s a mind-set that extends from management through planning and into development.

DO measure results. DON’T underestimate the importance of setting business controls and auditing. A full-cycle IT governance approach ensures that the money invested produces the desired result.

DO keep it reasonable. DON’T overengineer your approach to IT governance. Every organization has its strengths and weaknesses. Start where your processes are strong and grow from there. Start today.

DO the right things, the right way, at the right time. DON’T focus on only one “right” thing. It’s simply not enough just to focus on doing the “right” things, if they’re not carried out in the “right” way or in the “right” time frame.