IT maturity assessments come in many shapes and sizes. Some are broad and look at a large number of areas, like strategy, culture, governance, people, skills, transparency, risk management, security, processes, asset management, customer satisfaction and supplier management. Others are deep, looking in detail at how your organisation aligns to a best practice framework, like ITIL or COBIT. Either way, an IT maturity assessment is designed to benchmark your current IT capabilities against a fixed scale. It will give you a baseline – a snapshot of where you are now – from which you can plan a roadmap for improvement. An IT maturity assessment tool can be a valuable tool, but some planning is needed to make sure you get value from your effort - so here are some of the things you should be aware of...
The first question you need to ask is why do I want to assess my IT maturity? If it’s to benchmark your IT capability against the rest of your industry, you’re doing it for the wrong reasons. If it’s to arm yourself with a maturity score to fend off attacks from the business, think again. To get the most value, you need to take a step back and look at the bigger picture. An IT maturity assessment is worth nothing without a commitment to acting on the result. The value of an IT maturity assessment lies in the context of improvement. It will tell you where you are now. From there, you can plot a roadmap of actions to get you to where you need to be (we’ll look at that in a moment). Once you’ve followed that path, you can use the IT maturity assessment again to benchmark against your former self and identify if you’ve actually arrived. However, it’s important to remember that IT maturity is a moving target. As soon as you take a step forward, it moves away from you. IT maturity is the pot of gold at the end of the rainbow. You never quite reach it, because there will always be room for improvement as new technologies and best practices emerge.
So, we’ve mentioned where you need to be. In other words: what does IT maturity look like? It looks like what the business wants it to look like. Whatever IT capabilities the business needs to compete and succeed – that’s what IT maturity looks like. In the cycle of strategic IT improvement, once you’ve done a maturity assessment, your gap analysis should be against where the business needs you to be. Alignment with ITIL best practices doesn’t make IT mature in the eyes of the business. The business doesn’t care about ITIL. So, if you want to define what mature looks like, you have to involve business stakeholders and it has to be done in non-technical business language. Once you’ve defined it, get acceptance from the business before you proceed.
Every business is different, so every IT department is different. With many of the “commoditised” IT functions (like email) being outsourced to the cloud, what remains is the technology that makes your company different. The chances are that your data centre is changing, and the people and process factors are becoming a bigger part of IT capability. So IT maturity will look different in every organization. It’s up to you and the business to decide what IT maturity looks like. That means looking at business objectives and identifying the IT capabilities that support those objectives. It’s unlikely that you’ll find an “off the shelf” IT maturity assessment that represents what IT maturity looks like in your organisation, but as long as you are mindful of the differences a ready-made maturity model can be is a good starting point – particularly if you’re ranking at the lower end of the scale. Over time, you will be able to form a better picture of what your own IT maturity looks like, so you can adapt the model to form a better fit.
IT is a complex domain, so IT maturity assessments can become very involved, with dozens or hundreds of probing questions. What happens if you hit an “I don’t know” question half way through? Do you abandon the assessment? Do you just guess? Or do you go and find the guy who knows? Soon you’ve got a room full of people arguing over each and every input. But who’s right? Egos and self-preservation quickly come to the surface. And didn’t they all have jobs to do half an hour ago? Maybe you persevere with the assessment on your own. With no universally agreed metrics, the numbers you plug in to a maturity assessment will always be subjective, and people tend to err on the positive side. Nobody wants to hand the boss “a rod for their own back” by submitting a low score, so a few minor adjustments will make the picture a bit rosier and the boss a bit happier about IT. But if the assessment is to form a baseline for improvement, you’re starting off on a shaky foundation.