A Fun Read for IT Operations, Governance, Risk, And Audit Professionals

Norman Marks

My very good friend, Gene Kim, together with Kim Behr and George Spafford, have published a fun read: “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win

I strongly recommend signing up for their whitepapers and can tell you that I enjoyed reading the book – so go ahead and spring for it!  Amazon has a great price if you don’t want to buy it from the site above.

Why do I like it?

  • It’s a fun read, as I said before. The drama is in vivid color and credible
  • As you read it, you can learn how the theory of constraints, as famously brought to us in The Goal: A Process of Ongoing Improvement, can be applied within an IT function
  • It illustrates that most problems within organizations (and many are described in The Phoenix Project) have a root cause – people

It would be interesting to have a discussion on the IT General Control issues that can be found. I will start the list:

  • A failure to ensure that all changes to applications and other infrastructure are approved by all affected areas and IT management
  • A failure to adequately test all changes
  • An inability to coordinate related changes
  • Ineffective management of IT resources, including the prioritization of work
  • A culture of heroes (especially one hero, who is relied upon for pretty much everything)
  • A failure of responsible leadership
  • The CISO did not perform a risk assessment, and was irresponsible in directing his and other staff to bypass controls
  • Inadequate resources
  • A lack of trust among the IT leadership members

I welcome your comments on the book and its messages.