Archives || Search || About Us || Advertise || Feedback || Subscribe-
Issue of February 2007

Untitled Document

 Home > Vendor Voice
 Print Friendly Page ||  Email this story

IT Governance: Getting IT right

While every CIO worth his salt understands the importance of IT Governance, the area where most go wrong is in getting the planning right.


In many organisations, Information Technology (IT) has become crucial in sustaining and the growth of a business. This pervasive use of technology has created a critical dependency on IT that calls for a specific focus on the IT Governance and Compliance strategies of an enterprise.

In today’s regulated environment, shareholders have become more demanding and are paying more attention to the governance and compliance strategies of an enterprise.

There are various regulatory compliance requirements today that are mandated by the Organisation for Economic Co-operation and Development’s (OECD) Principles of Corporate Governance, Basel II, Sarbanes-Oxley and New York Stock Exchange guidelines. The rationale behind such regulations is to ensure a verifiable process to manage corporate risks and instill a corporate environment of respect for all stakeholders.

Organisations are required to provide an assurance to the accuracy and integrity of both financial reports and core business processes. Therefore, IT controls have become integral to the effective governance of the modern enterprise. Corporate IT groups have recognised the inherent value of corporate and IT governance leading to the birth of the notion of business and IT alignment.

IT Governance in simple terms can be said to be a method for CIOs to manage IT strategy and execution by enabling a consolidated view of key governance functions such as project, demand, resource, risk and performance management.

The key benefits of IT Governance are alignment of IT with business needs, transparency and better comprehension of IT activities and performance, clearer understanding of objectives and expectations, clearer visibility of issues and priorities, joint responsibility for planning and executing IS/IT in the business, improved value delivery (operational and project), optimised costs, management of IT related risks, and improved quality of service.

While every CIO worth his salt understands the importance of IT Governance, the area where most CIOs go wrong is in getting the planning right. Some steps to take are:

Undestand the scope of IT Governance

IT governance addresses two key areas that are considered as the outcomes of IT Governance.

IT’s value delivery to the business: IT should enable organisations to grow by delivering the expected business value through the successful completion of critical projects on-time and within-budget.

Mitigation of IT risks: Embedding accountability into the enterprise. Enterprises should identify their appetite for risk management in IT investments especially with respect to the security, reliability and compliance and have clear-cut strategies to manage risk.

Factors that drive outcomes

Strategic Alignment: Enterprises need to ensure that that all investments in IT are selective and strategically aligned to long term business goals

Resource Management: Managing resources (people, applications, technology, facilities or data) is one of the key elements behind maximising the business value of IT addressing needs of recruitment, retention, education, training and development of IT staff.

Performance Measurement: Performance measurement is a cumulative measure of available resources, processes and outcomes of IT Governance and measures its effectiveness in delivering four key objectives—the cost effective use of IT, the effective use of IT for asset utilisation, the effective use of IT for growth and for business flexibility.

See where you are

To gauge the effectiveness of their IT Governance strategy in addressing real problems, organisations need to check their level of readiness by seeking answers to relevant questions.

  • How critical is IT for sustaining and growing the enterprise?
  • How far should the enterprise go in risk mitigation and is the cost justified by the benefit?
  • Is IT a regular item on the agenda of the board and is it addressed in a structured manner?
  • Is the board regularly briefed on the IT risks to which the enterprise is exposed?
  • Does the board articulate and communicate the business objectives for IT alignment?
  • Does the board have a clear view on the major IT investments from a risk and return perspective?
  • Is the board getting independent assurance on the achievement of IT objectives and the containment of IT risks?
  • Is the reporting level of the most senior IT manager commensurate with the importance of IT?

Define Roles and responsibilities for your IT Governance framework

Define roles and responsibilities for each of the five IT Governance domains. Organisations have to assign accountability to all participants of the group responsible for IT Governance implementation

Define roles and responsibilities for each of the five IT Governance domains. Organisations have to assign accountability to all participants of the group responsible for IT Governance implementation. Efforts should also be made to establish committees (E.g. steering committee, technology council, IT architecture review board) and define their responsibilities for every key IT Governance domain.

Identify and prioritise

Decide the highest priority projects that will help improve the management and governance of significant areas. This decision should be based on identifying projects which promise the most potential benefits, are easy to implement, and have a strong focus on important IT processes and core competencies.

Build a continuous improvement plan

In order to build a continuous improvement plan, enterprises must continuously assess the effectiveness of IT Governance in delivering value to the business. IT Governance implementation should be considered as a closed loop. For example, the business provides the direction that results in IT initiatives, or, activities that should generate the desired results to meet the business expectations. These results should be compared with the desired results to find out the performance.

The success of an organisation in the new economy will depend on its ability to execute planned strategies accurately. However, no organisation can execute strategies consistently without having their people to follow standard operating processes designed using an accountability framework.

To summarise, IT Governance must be considered as a core element of an organisation’s culture as it can ensure strategic alignment, resource alignment, quality delivery, and compliance adherence – all factors which are key for leadership and shareholder loyalty in an increasingly competitive world.

— By Satishchandra Nayak, Head - Center of Excellence for BPM & ITG, Patni

- <Back to Top>-  
Untitled Document
Indian Express - Business Publications Division

Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.