In the spirit of leaving Las Vegas from EMC World I started thinking about the transformation of Las Vegas from a desert oasis created by organized crime to a billion-dollar industry. How did big business and Wall St. push the mob out of Vegas? Movies and television shows, such as Casino, Goodfellas, and the Sopranos illustrate a side of organized crime that few rarely ever witness or have witnessed. Las Vegas was created by organized crime to service their syndicate with money laundering, prostitution, entertainment and schmoozing services. It worked splendidly; until it didn’t. Something changed and it created a landslide that eventually saw Vegas’ founders ousted and replaced with a larger, more powerful and adept landlord—mega-corporations. How they accomplished this is a lesson that clearly should be noted by IT.
Believe it or not, Governance, Risk and Compliance (GRC) was the tool of choice in ousting organized crime from Vegas. Big business and government made it an inhospitable environment for crime syndicates to operate; at least with regard to gaming and hoteling. The first step was to foster transparency upon the casinos. Long suspected for ‘rigging’ of games, local and federal government initiatives pushed for regulation and compliance for gaming. This had the impact of reducing the ill-gotten gains for organized crime, while lowering the risk for gamblers since the odds were considerably greater in their favor without the magnetic roulette ball or aces tucked under the blackjack table.
Unfortunately, the downside of regulations is the need for auditing and, of course, the first twenty auditors are buried in the foundations of the older hotels—just joking! Seriously, though, increased regulation transformed gaming and hoteling for organized crime from stealing and laundering to operations and management, which clearly required much more effort than organized crimes leaders were willing to deal with leaving them to abandon the gaming and hoteling aspects to real businesses that were interested in providing these services.
So, in the first three paragraphs, we see the use of GRC to foster transparency, which changed the rules for the current operators and transformed the environment into something that was hundreds of times more profitable than the original operators ever imagined. If GRC has the power to transform Las Vegas from a criminal institution into a reputable business, what do you think it could do for transforming your IT organization? Today, on average, businesses are paying upwards of 70% to keep the lights on and that number is rising. IT, as we know it, grew up organically around the introduction of computers into the business and, just like the organized crime syndicates, as that number rises it’s going to get less and less interesting to do that job.
We need to use GRC to transform our IT organizations so that the next incarnation can start to arise on the ashes of the old, just like it did in Vegas. The next generation of IT will be faster, smarter and provide services that consumers want with the compliance and assurances that provide them comfort. After all, Vegas’ consumers didn’t change, it grew and more types of consumers were added to the mix. That’s the outcome we should expect for a transformed IT organization and the steps are already shown to us:
- Engage governance
- Change the rules
- Ensure the rules are being followed
- Make it less desirable to continue operating in the current manner
- Transform
One final note, many speak of IT transformation as a move to IT-as-a-Service (ITaaS), but an outcome of thinking about this blog entry has made me realize, we already are offering ITaaS, it’s just that the current services are a) not desired by the consumer, b) too costly for the consumer, or c) takes too long to consume. In the early days of Vegas the organized crime syndicates were providing services as I mentioned in the opening paragraph. The issue was there was a limited audience for the services they were offering. I believe that’s kind of what we see happening now with IT. By transforming IT and bringing in new operators and new rules, we change the services we are delivering and how they are delivered, thus creating a much larger audience.
Once big business took over in Vegas they started using data to remove their risk. For example, they eliminated card counters and collusion between dealers and players. Also, they changed the rules of the games so that odds were in their favor. Hence, they became more profitable and were able to expand into other services, such as conventions and large scale catering. Plus, as the economy ebbs and flows, they are oriented to respond quickly and modify their service catalog and costs to suit appropriately. So, now big business isn’t watching their costs rise and feeling like there’s no end in sight, but instead are focused on what is needed to continue growing and making profits. Ultimately, this is what IT needs to strive toward supporting.
You can’t manage what you cannot measure. Most IT GRC processes in government are not aligned with commercial best practices, as they represent a patch work of risk avoidance and oversight policies designed to prevent every mistake that has ever happened. Risk avoidance assures that the current risks are perpetuated, while avoiding small risks that deliver much greater capability.
The IT Acquisition Advisory Council has created a new federal GRC method called the Acquisition Assurance Method, based on Agile and SOA concepts born in the commercial market.
[…] Read More and Comment: JP’s The Tech Evangelist Blog […]