IT Governance: Getting IT right
While every CIO worth his salt understands the importance
of IT Governance, the area where most go wrong is in getting the planning right.
In many organisations, Information Technology (IT) has become
crucial in sustaining and the growth of a business. This pervasive use of technology
has created a critical dependency on IT that calls for a specific focus on the
IT Governance and Compliance strategies of an enterprise.
In todays regulated environment, shareholders have become
more demanding and are paying more attention to the governance and compliance
strategies of an enterprise.
There are various regulatory compliance requirements today that are mandated
by the Organisation for Economic Co-operation and Developments (OECD)
Principles of Corporate Governance, Basel II, Sarbanes-Oxley and New York Stock
Exchange guidelines. The rationale behind such regulations is to ensure a verifiable
process to manage corporate risks and instill a corporate environment of respect
for all stakeholders.
Organisations are required to provide an assurance to the accuracy and integrity
of both financial reports and core business processes. Therefore, IT controls
have become integral to the effective governance of the modern enterprise. Corporate
IT groups have recognised the inherent value of corporate and IT governance
leading to the birth of the notion of business and IT alignment.
IT Governance in simple terms can be said to be a method for CIOs to manage
IT strategy and execution by enabling a consolidated view of key governance
functions such as project, demand, resource, risk and performance management.
The key benefits of IT Governance are alignment of IT with business needs, transparency
and better comprehension of IT activities and performance, clearer understanding
of objectives and expectations, clearer visibility of issues and priorities,
joint responsibility for planning and executing IS/IT in the business, improved
value delivery (operational and project), optimised costs, management of IT
related risks, and improved quality of service.
While every CIO worth his salt understands the importance of IT Governance,
the area where most CIOs go wrong is in getting the planning right. Some steps
to take are:
Undestand the scope of IT Governance
governance addresses two key areas that are considered as the outcomes of IT
ITs value delivery to the business: IT should
enable organisations to grow by delivering the expected business value through
the successful completion of critical projects on-time and within-budget.
Mitigation of IT risks: Embedding accountability into
the enterprise. Enterprises should identify their appetite for risk management
in IT investments especially with respect to the security, reliability and compliance
and have clear-cut strategies to manage risk.
Factors that drive outcomes
Strategic Alignment: Enterprises need to ensure that
that all investments in IT are selective and strategically aligned to long term
Resource Management: Managing resources (people, applications,
technology, facilities or data) is one of the key elements behind maximising
the business value of IT addressing needs of recruitment, retention, education,
training and development of IT staff.
Performance Measurement: Performance measurement is
a cumulative measure of available resources, processes and outcomes of IT Governance
and measures its effectiveness in delivering four key objectivesthe cost
effective use of IT, the effective use of IT for asset utilisation, the effective
use of IT for growth and for business flexibility.
See where you are
To gauge the effectiveness of their IT Governance strategy in addressing real
problems, organisations need to check their level of readiness by seeking answers
to relevant questions.
- How critical is IT for sustaining and growing the
- How far should the enterprise go in risk mitigation
and is the cost justified by the benefit?
- Is IT a regular item on the agenda of the board
and is it addressed in a structured manner?
- Is the board regularly briefed on the IT risks to
which the enterprise is exposed?
- Does the board articulate and communicate the business
objectives for IT alignment?
- Does the board have a clear view on the major IT
investments from a risk and return perspective?
- Is the board getting independent assurance on the
achievement of IT objectives and the containment of IT risks?
- Is the reporting level of the most senior IT manager
commensurate with the importance of IT?
Define Roles and responsibilities for your IT Governance
Define roles and responsibilities
for each of the five IT Governance domains. Organisations have to assign
accountability to all participants of the group responsible for IT Governance
Define roles and responsibilities for each of the five IT Governance domains.
Organisations have to assign accountability to all participants of the group
responsible for IT Governance implementation. Efforts should also be made to
establish committees (E.g. steering committee, technology council, IT architecture
review board) and define their responsibilities for every key IT Governance
Identify and prioritise
Decide the highest priority projects that will help improve the management and
governance of significant areas. This decision should be based on identifying
projects which promise the most potential benefits, are easy to implement, and
have a strong focus on important IT processes and core competencies.
Build a continuous improvement plan
order to build a continuous improvement plan, enterprises must continuously
assess the effectiveness of IT Governance in delivering value to the business.
IT Governance implementation should be considered as a closed loop. For example,
the business provides the direction that results in IT initiatives, or, activities
that should generate the desired results to meet the business expectations.
These results should be compared with the desired results to find out the performance.
The success of an organisation in the new economy will depend on its ability
to execute planned strategies accurately. However, no organisation can execute
strategies consistently without having their people to follow standard operating
processes designed using an accountability framework.
To summarise, IT Governance must be considered as a core element of an organisations
culture as it can ensure strategic alignment, resource alignment, quality delivery,
and compliance adherence all factors which are key for leadership and
shareholder loyalty in an increasingly competitive world.
By Satishchandra Nayak, Head - Center of Excellence
for BPM & ITG, Patni