2. What is Strategic IT Governance?
IT governance is the formal process of defining the
strategy of the IT organization and overseeing its
execution to achieve the goals of the enterprise.
Aligned/synchronized with the
enterprise strategy, including
other key asset strategies
Decision
rights
framework &
mechanisms
Vision,
goals/priorities, measures; value
prop & service portfolio;
resource approaches &
commitments;
change management
plans
Translation into
aligned, tactical, operational
plans; closed-loop monitoring & control;
accountability;
regulatory compliance
3. Why is IT Governance
important?
Compliance with regulations
Competitive advantage
Support of enterprise goals
Growth and innovation
Increase in intangible assets
Reduction of risk
4. IT Strategic Alignment, such as formalized business objectives, up
to date IT strategy, linkage between business objectives and IT
initiatives;
Value Delivery: IT tactical plans, clear benefits for each level of
the organization: infra-structure (systems uptime), applications
(degree of automation), operational (productivity), financial
(income);
Risk Management: defined responsibilities for risk management,
risk analysis methodology, defined strategies for addressing risks,
continuous monitoring of threats, occurrence and impact;
Resource Management: sourcing strategies, human management
practices, user manuals, segregation of duties, time reporting,
infra-structure life cycle management, acceptable usage policies.
Performance Measurement: relevant and measurable metrics,
continuous monitoring and reporting, follow-up policies, root
cause analysis and problem management, benchmarking against
industry practices and proven standards or frameworks.
Elements of IT Governance
5. Core Competencies for Effective IT Governance
Enterprise
Architecture
Mgmt
Relationship
Mgmt
IT Strategy
Mgmt
Financial
Mgmt
Supply /
Demand
Mgmt
Portfolio
Mgmt
IT Operating
Model
• Align operational and
strategic IT investments to
business strategies &
objectives.
• Establish
policies,
standards,
models and
processes
for
managing IT
as an
enterprise
asset
• Lifecycle management of
infrastructure, applications
and services
• Understand
the drivers of
IT costs to
allocate
appropriate
costs to the
consumers of
IT services.
• Establish effective,
collaborative relationships
with business stakeholders
and suppliers.
• Balance the demand for IT
services with available resources
to meet immediate and strategic
goals.
6. Benefits of IT Governance
Strengthens the relationship between the organization and IT;
Helps ensure limited IT resources are focused on the right strategic
and tactical activities at the right time
Synergies with Enterprise Risk Management (ERM) and other risk
management activities; Helps ensure the appropriate IT risk
management processes and activities are in place and operating
effectively
Enhanced visibility into the IT Function’s ability to achieve its both
tactical and strategic objectives; Key Performance Indicators
(KPIs) for day-to-day activities and longer-term/strategic initiatives
Improved adaptability of the IT Function to organizational and IT
environment changes; Formality of Governance structure,
processes and activities enables more efficient and effective
response to change
8. Capability Maturity Modeling
Integration (CMMI)- For Process
Improvement
Information Technology
Infrastructure Library (ITIL)- For
IT Service Management.
Six Sigma- For Process
Improvement especially security
processes.
Control Objectives for
Information and Related
Technology (COBIT) - For
information technology (IT)
management and IT governance
The Balanced Scorecard (BSC) -
method to assess an
organization’s performance in
different areas.
Frameworks for IT Governance
11. Needs, Issues & Challenges
Procedure, Audits, Metrics
Control
Strategic
Tactical
Operations
Demand
IT and
Business
Resources
Supply
Capital, Capacity, Priorities
Planning
Alignment Flexibility
EfficiencyQuality
Lack of Business aligned strategyLack of Business aligned strategy
Reduce costs across businessReduce costs across businessIneffective project ManagementIneffective project Management
Deployment Complexity through
lack of standard & legacy
Deployment Complexity through
lack of standard & legacy
No Audit TrailsNo Audit Trails
Management of Service ChangesManagement of Service Changes
Must reduce IT costs by 30%Must reduce IT costs by 30%
Lack of IT resource transparencyLack of IT resource transparency
Missed targets due to lack of steering controlMissed targets due to lack of steering control
Deployment Complexity in number
of project
Deployment Complexity in number
of project
Cannot aggregate need and
distribute ROI
Cannot aggregate need and
distribute ROI
No means of governing outsourced contractsNo means of governing outsourced contracts
No means of capturing demandsNo means of capturing demands
No means of prioritization of
business need
No means of prioritization of
business need
No means of reporting SLANo means of reporting SLA
Making new outsourcing
decisions
Making new outsourcing
decisions
12. Aligning IT and Business Strategy
Corporate Mission – Business Goals – IT Strategy
Requires involvement from many levels and activities
within the enterprise.
Lack of alignment leads to adverse business issues.
Strong IT Governance contributes toward proper
alignment.
13.
14. Ensuring Value and Effectiveness
IT issues are the least understood, despite increasing
reliance placed on IT.
Initiate IT governance structures with the right level of
executive involvement.
Board of Director’s require essential IT related skills
15. IT Governance
Consists of leadership, organizational structures and
processes that safeguard information.
Security over information assets.
Benefits of IT Governance.
IT is a top-down process.
16. Measuring IT Governance
Performance
Measuring IT performance is a key concern as it
demonstrates the effectiveness and added business
value of IT.
Commonly seen as the IT “Black Hole” – costs
continually rise without clear evidence of value derived
from the IT function.
Traditional performance measurement methods require
monetary values which are hard to apply to IT systems.
18. IT Balanced Scorecard
One of the most effective means to aid an
organization in achieving IT and business
alignment.
Provides a systematic translation of the IT strategy
into tangible success factors and metrics.
Gives a balanced view of the value added by IT to
the business.
Calculating the value of IT investments is a
business issue for which business managers are
ultimately responsible for.
External Auditors are using COBIT
COBIT is a good framework talking about the “what” and also including control objectives
Build Slide:
<Click>
When you look at the myriad of regulations out that, as well as what it means to have “good IT Governance”, a common set of IT Controls will boil up to the top. Whether it’s SOX 404, Basel II Operational Risk, FDA 21 CFR Part 11—requirement such has effective Change Mgmt, Security, Availability, Transaction Integrity ALL need to be considered and proven in order to be considered compliant.
<Click>
COSO, or the Committee of Sponsoring Organizations, built a Risk Management Framework several years ago to give organizations a guideline or model as to what they should do in order to put risk management processes in place and ensure it on an ongoing basis. It is very high level framework and doesn’t get too specific as to what IT needs to do.
<Click>
COBIT, or Control Objectives for Information (and related) Technology, was published jointly by the IT Governance Institute and ISACA (Information Systems Audit and Control Association). In conjunction with COSO, it provides specific direction to IT departments as to what they need to do to satisfy regulations such as SOX 404. Examples include ensuring change management processes are in place and being follows, or ensuring that access to applications is restricted and monitored, systems are kept up to date with the latest patches and configurations, etc, etc. In essences….it is “WHAT” you need to do to become compliant.
<Click>
ITIL is the “HOW” you should do it. ITIL provides a recognized set of best practices for managing IT processes. Many customers (like HP) are using, and Analysts are prescribing the use of ITIL in conjunction with COSO and COBIT to achieve compliance with regulations and ensure good IT Governance. Additionally, some of the large security standards such as ISO 17799 and new standards such as ISO20000 are becoming even more prescriptive.
<Click>
HP and HP OpenView has long been a proponent of ITIL, building in and automating ITIL processes in the product suite. (Service Desk, SDO, Config, etc all support ITIL, and additionally, IdM support ISO 17799.) The release of OV Compliance Manager reinforces the linkage of the models such as COBIT and ITIL by reporting out-of-the-box on those key process areas such as change, config, release, incidents, availability, and security.
OpenView helps by automating these controls, monitoring and reporting on this data.
These goals are the result or “output” of combining two business functions together
Doing the right things:
Planning & Demand = Alignment: make prioritised financial and resource decisions (investment portfolio) with respect to demand from business
Planning & Supply = Flexibility: define and adjust project plans to deliver on a chosen (and often changing) investment portfolio
Doing things right:
Control & Supply = Efficiency: execute programs and projects in the most cost effective and efficient way
Control & Demand = Quality: deliver on agreed expectations set at time of demand intake
This provides a business framework for PPM.
To put it into use requires input from the customer.
Gather the needs, issues and challenges from the organization to reveal the pain points and identify where the likely starting point is.