Skip to content

IT Governance Process: Measurement

June 12, 2008

See the image below


Corporate Contribution


Ensuring maximum profit while mitigating IT related risks


Strategic Alignment


Weighted governance performance

Strategic match of major IT projects

Percentage of development capacity engaged in strategic projects

Percentage of business goals supported by IT goals

Value Delivery


Business unit performance management

Business value of major IT projects based on ROI, NPV, IRR, PB

Ratio IT costs/total turnover

IT costs charged back to the business

Risk Management


Number of new implemented IT security initiatives and security breaches

Attainment of disaster recovery plans

Number of IT audits performed and reported shortcomings

Corporate contribution


Stakeholders Orientation


Measuring up to stakeholders’ expectations




Stakeholders’ satisfaction surveys on fixed times

Number of complaints of stakeholders

Index of availability of systems and applications

Management of stakeholders’ needs


Number of meetings with stakeholders

Clear communication in place with CEO and board members

Index of CEO/board involvement in new and major IT initiatives

Number of major IT projects within SLA

Legal and ethical compliance


IT adherence to Sarbanes-Oxley Act

IT adherence to privacy regulations

Adherence to IT code of ethics/ IT code of conduct



Operational Excellence


Ensuring effective and sustained IT governance




Number of meetings of IT strategy committee and IT steering committees

Composition of IT committees

Overall attendance of IT committees

CIO on board or member of executive management



Level of IT strategy planning and business planning

Number of hours spent on IT/business strategic issues

Existence of an IT balanced scorecard and a business balanced scorecard

Number of IT processes measured through a scorecard

Number of IT processes covered by COBIT

Number of IT processes covered by ITIL

Maturity levels of IT processes

Percentage of IT goals supported by IT processes



Overall level of the IT governance process maturity

Operational excellence


Future Orientation


Building foundations for IT governance delivery


Skills and knowledge


Number and level of cross-functional business/IT training sessions

Number of overall IT governance training sessions

Percentage completed IT governance education per skill type

Number of IT governance presentations for CEO and board members

Level and use of IT governance knowledge management system

IT/business partnership


Percentage of senior managers IT literate

Percentage of IT managers business literate

Level of business perception of IT value

Future orientation

Governance Measurement

0 Non Existent. Complete lack of any recognisable processes. Organisation has not even recognised that there is an issue to be addressed.

1 Initial. There is evidence that the organisation has recognised that the issues exist and need to be addressed. There are, however, no standardised processes but instead there are ad hoc approaches that tend to be applied on an individual or case by case basis. The overall approach to management is chaotic.

2 Repeatable. Processes have developed to the stage where similar procedures are followed different people undertaking the same task. There is no formal training or communication of standard procedures and responsibility is left to the individual. There is a high degree of reliance on the knowledge of individuals and therefore errors are likely.

3 Defined. Procedures have been standardised and documented, and communicated through training. It is however left to the individual to follow these processes, and any deviations would be unlikely to be detected. The procedures themselves are not sophisticated but are the formalisation of existing practices.

4 Managed. It is possible to monitor and measure compliance with procedures and to take action where processes appear not to be working effectively. Processes are under constant improvement and provide good practice. Automation and tools are used in a limited or fragmented way.

5 Optimised. Processes have been refined to a level of best practice, based on the results of continuous improvement and maturity modelling with other organisations. IT is used in an integrated way to automate the workflow and provide tools to improve quality and effectiveness.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: