IT Governance: a Continuous Program of Improvement

A Primer on IT Governance

IT governance is "Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT.” 
~ Weill and Ross

IT Governance Delivers Value

Fundamentally, IT governance is concerned with IT’s delivery of value to the business and the mitigation of IT risks. Both are enabled by strategic alignment of IT with the business, and the availability of adequate resources. Management measures performance to monitor progress toward desired goals.


Delivering Value Requires Focus:

  • Strategic alignment—Achieve Business goals using effective IT governance structures
  • Value delivery—Create, maintain and extend existing value—eliminate non-value add stuff
  • Risk management—Address IT-related risk and use IT to assist in managing business risk
  • Resource management—Have the right capability to execute strategic plans
  • Performance measurement—Track achievements and compliance with external requirements

IT Governance addresses the following key areas:

Governing and Leading the IT Organization: IT has a policy setting body composed of the IT Senior Leadership team, and Finance; it owns the framework, establishes new governance mechanisms, and ratifies/creates new policies as needed. It is responsible for ensuring governance is operating.

Implementing and Enforcing Policies and Standards: IT has a series of governing bodies that set policies and/or standards for hardware, software, architecture, systems development and security/risk. These bodies craft policies and standards that are brought to the IT Governance Council for ratification. Once ratified, they are law.

Steering and Overseeing IT Performance: IT has mechanisms to ensure expenditures are aligned with corporate and business goals, that our vendor mix is optimized and performing well, that security programs are operating as designed, and that our infrastructure is meeting service level commitments.

Steering and Overseeing IT Initiatives: IT has mechanisms ensure that IT initiatives are fully aligned with corporate and line of business goals through the planning function, that funded initiatives are following governance processes, as well as fully embracing the systems development lifecycle.

IT Governance Involves Continuous Process Improvement

IT governance is a continuous process, as an integral part of enterprise governance, focuses on strategic objectives. Business unit leaders and IT management regularly assess their organizations to ensure they are delivering value and addressing risk. At regular intervals—and on a continual basis—performance is monitored and the results measured, reported and acted upon. On a continuous basis, strategy is re-evaluated and aligned with the business as necessary.

Key Players Involved with IT Governance

IT governance occurs at different layers. Project Managers and Team leaders report to and receive direction from their managers; managers’ report up to the CIO’s; and the CIO’s report to executives, who report to the board of directors. Reporting includes descriptions of any activities that show signs of deviating from targeted objectives. Each level, when reporting these deviations, includes recommendations for action that must be endorsed by the governing bodies above.

Stakeholders play a part in IT governance. At the heart of the governance responsibilities of setting strategy, managing risks, allocating resources, delivering value and measuring performance, are the stakeholder values, which drive the enterprise and IT strategy. Sustaining the current business and growing into new business models are certainly stakeholder expectations and are achieved with adequate governance of the IT infrastructure.

Next in this series: 2. Achieve IT Governance by Adopting Good Practices

 

No comments: