A Practical Action Plan

As you contemplate building an identity process inventory for your organization, you may feel overwhelmed. Most organizations have no idea how many processes they perform and are often surprised at the size of the number. The good news is that you can often make progress on the maturity of your processes in a piecemeal fashion, making the task much easier to accomplish. In the last section, I said that tasks lead to processes. Tasks are also one of the keys to prioritizing your action plan.

As you look at tasks, try to identify those tasks that are causing the organization considerable pain, because they're not performed well or those that are costing a lot to accomplish. The processes associated with these tasks are where you should start. As an example, consider that task we mentioned in the last section: resetting user passwords. Most organizations spend a lot of money on help desk-supported password resets, and there can be considerable benefit from automating the processes that support this task.

As you dive into the processes surrounding password reset, you're likely to find that there's not just one process, but many. Furthermore, they likely overlap and compete with one another. In an organization at the ad hoc or focused levels, there will be multiple password reset processes for each system and application. Furthermore, the administration of these passwords will likely be manual, requiring expensive intervention by multiple administrators.

After you've chosen the most critical processes to improve, envision the goal state for each of them. The goal state would likely include standardizing and documenting the process and replacing the manual processes on the various systems with an automated self-service system. Staffing may need to change, skills may need updating, and metrics developed. You may also move to integrate some or all of the many processes into a single process at the same time, or you may take that as a second step after the systems have been standardized.

The goal state can be documented in the same format as the process inventory given previously. Be wary of creating unrealistic goal states. For example, you may upgrade the technology platform significantly and move the automation ranking a great deal, but the stability ranking may not be able to move much until other process have been redone. Keep current skill sets, staffing levels, and budgets in mind when you're planning. Its OK to move slowly if that's all you can do. The important thing is having a process for continuous improvement.