Governance >> Why
In years past, IT stood as the only department that championed the cause of technological advances. We tried to convince other departments that we could provide them with lots of easy-to-use tools that would allow them to do their jobs better. Now other departments often drive IT projects. The job of a CIO is to further the business objectives and strategies of the entire organization by way of IT. In light of this, IT governance cannot be isolated. It must be considered as an integral part of the enterprise.
IT governance
Enterprise governance concerns itself with the responsibilities and actions of the board and executive management (CIOs). It holds them responsible for the strategic direction of the enterprise, ensuring that objectives are achieved and that resources are used appropriately. Likewise, IT governance requires an organization to properly align IT strategy and utilize IT resources to provide competitive advantages for the company. Stated simply, IT governance applies enterprise governance principles to the IT department.
IT touches every aspect of business. Considering this, it should be obvious that IT governance is as necessary as standard business management. And while effective IT governance can generate real business benefits, such as reputation, trust, and market share, poor management carries risks. The speed of business today often requires near-immediate decisions based on sales data and market trends. Those decisions cannot be made if the systems providing that information are down. And employees caught browsing inappropriate web sites or sending offensive jokes through e-mail can dramatically affect a company's reputation for years. There are simply far too many negatives involved to allow inappropriate or misaligned use of IT resources.
How it works
IT governance usually occurs at various levels within an organization. Team leaders receive direction from managers; managers report to the executive; and the executive (i.e., CIO) reports to the board. Clearly this will not be effective without proper alignment of IT objectives and goals with buy-in or direction from the board.
Since IT governance is part of a broad framework of corporate governance, it begins with support at the board level. The Organization for Economic Co-operation and Development has published Principles of Corporate Governance, which covers in depth the rights, roles, and equitable treatment of shareholders, disclosure and transparency, and the responsibilities of the board. (You can download this report from the IT Governance Institute's web site.) Among the board's responsibilities are reviewing and guiding corporate strategy, setting and monitoring achievement of performance objectives, and ensuring the integrity of the organization's systems. To provide appropriate governance for IT systems, the board must ensure that the IT department is properly aligned with the business objectives of the company.
The goals and objectives of the company must be clearly articulated, and IT must share that vision. The expectations of the IT department should be clearly communicated to include IT's effect on profitability, market share, and service quality. Quantifiable goals must be set and responsibilities clearly defined. All business units must take ownership for accomplishing business goals, and IT must share in that responsibility. IT should assist other business units in determining what business systems are required to accomplish their goals and should specify how technology will be used to meet those objectives. Educate all team members in a business unit's operations. Without appropriate knowledge, IT will not make appropriate recommendations.
Once goals and objectives have been established, continuous review and improvement is necessary. Clearly defined objectives provide direction. IT's actions are based on direction provided by clearly defined objectives. On completion of any action, the performance must be measured against suitable success metrics. Compare the results achieved with the metrics and make adjustments in accordance with the previously defined objectives. Any adjustments made will provide better direction, which will lead to more successful actions. This continuous loop provides a framework for improvement (see Figure A).
Figure A
Support alignment with standards
In addition, there are emerging standards and other guidelines. Information Systems Audit and Control Association (ISACA) has published one of the standards: "Control Objectives for Information and related Technology" (CobiT). CobiT is in its fourth edition and comprises 34 high-level control objectives and 215 detailed control objectives designed to help businesses maintain effective control of IT. The following Case Studies support CobiT:
These are just some examples of how CobiT is being adopted today. Whether in private industry or government agency, IT governance is paying off.
A second standard is from the Information Technology Infrastructure Library (ITIL). ITIL is primarily designed to identify best practices and manage service levels. Organizations such as the U.S. Navy and Proctor and Gamble have used this standard and realized substantial savings.
These two standards differ. CobiT is strong in metrics and controls. ITIL focuses on processes, especially help desk issues. Of course, other companies have developed ad hoc methods of IT governance. But standards provide an existing framework and incorporate best practices of other high-profile organizations. There is no need to reinvent the wheel. The Manta Group is ready to help you get the wheels moving in your organization. Proper IT governance ensures that IT's performance is aligned with the organization's objectives, empowers business units to achieve business goals, ensures that resources are used appropriately, and helps mitigate risks.
The Manta Group provides the expertise and tools necessary for successful implementation of a good IT governance strategy.
