Skip to content

Nine Points for Better Governance in IT

June 16, 2008

1. Define Business Goals and IT Goals
2. Define the Right IT Governance Processes
3. Set Up a Clear IT Organization and Decision Structure
4. Involve Executive Management and the Board of Directors
5. Manage Roles and Responsibilities
6. Install IT Steering and IT Strategy Committees
7. Manage and Align the IT Investment Portfolio
8. Use Performance Measurement Tools
9. Set Up and Support Communication and Awareness Mechanisms

1. Define Business Goals and IT Goals

Achieving better IT governance starts with the business, and more specifically with understanding its strategy and goals. Each organization should own clear business goals and a related business strategy, communicated to and adopted by the entire organization. In earlier research on aligning IT and business goals it was confirmed that in practice this is not always the case. Business strategy and goals are not always formally written out and if so, people throughout the organization are not always aware of them. Preferably, IT management should be involved early in the business strategy definition process, especially in those companies that are highly dependent on IT.

The IT goals should be aligned to the business goals. A good exercise may be to write out the business and IT goals and put them into a matrix indicating whether the IT goal is of primary (P), secondary (S), or of no importance in achieving the business goal. While doing this exercise, gaps may be identified or IT goals may be reviewed in order to better align with the business goals.

  • Clear business goals, communicated to the entire organisation

  • Early involvement of IT in business strategy process

  • Align IT goals to business goals

  • Derive IT strategy from business strategy

2. Define the Right IT Governance Processes

Whenever the business goals and the IT goals are aligned, it is important for IT to organise itself around a set of efficient and effective IT processes. The COBIT framework provides a set of 34 generally accepted IT processes. Each process is well-documented with clear control objectives, management guidelines and metrics (KGIs and KPIs). Dependent on the business/IT strategy and its goals, an organisation may start developing those processes that are of high importance for supporting the IT goals. Assign a process owner and clearly define the scope and control objectives of the process. By linking a process to other processes, clear inputs and deliverables can be defined. In addition, the different responsibilities and accountabilities (the RACI diagrams can provide guidance here.) must be identified. A process can only be identified as effective when some clear metrics are set up. Both KGIs and KPIs mutual relationship must be set on different levels. Finally, the maturity models, offer a comprehensible method for measuring the progress of the process itself. The current (as-is) situation can be placed against the desirable (to-be) situation and the gap between both can be identified and necessary actions can be set up.

  • Select most important IT processes

  • Assign process owners

  • Develop metrics

  • Measure the progress (maturity models)

3. Set Up a Clear IT Organization and Decision Structure

As described before, effective IT governance is also determined by the way the IT function is organized and where the IT decision-making authority is located within the organization. From the case studies, the federal organizing structure for the IT function is confirmed to be the most popular. The federal structure is merely a hybrid design of centralized infrastructure control and decentralized application control. Cost optimization and economies of scale are the main reasons for centralizing IT responsibilities. Especially in large organizations, post-acquisitions, and merger there is a pressure towards centralization, particularly in the areas of infrastructure and global standardization. Development activities or the decision rights over IT development projects, including budgets are typically kept close to the business units. Some calls this the “global” approach, combining an optimal mix of global synergies and local responsiveness offering the required flexibility. Others explicitly see the application development and architecture teams as the most important player in the IT organization because of their close relationship with the business units.

A short distance between IT management (CIO) and executive management (CEO) is favoured. A CIO reporting directly to the CEO is a straightforward solution but other set-ups where for example the CIO sits down with the CEO on a regular basis or where IT management is involved in executive committees may imply similar positive results. Today, a number of IT departments still report into an overall financial department possibly resulting in a financially oriented approach, which may be too unilateral for the IT function.

  • Federal structure for IT organisations are most popular and are seen as most effective

    • Candidates for centralized approach: global infrastructure, group-wide standards for IT purchases, security

    • Candidates for decentralized approach: business applications, decision for business specific IT projects (applications)

  • Strive for a short distance between IT management and corporate management

  • A specific HR management for the IT department may be required

Image from book

4. Involve Executive Management and the Board of Directors

The examples from our case studies confirm the fact that IT governance initiatives are initiated by IT and are in some cases still exclusively in the hands of IT. Adoption from the business is important but maybe even more important is that executive management is aware of it and is actively participating in the existing IT governance activities.

As observed during the case study research, different structures exist on project (execution) level to involve IT into the business and vice versa; but on executive level IT and business are not always well aligned. A mechanism that encourages higher executive involvement in IT consists of an IT strategy committee, where executive management is involved and plays an active role in the decision taking process around the IT strategy and the alignment of that strategy with the corporate strategy. Also, an organizational structure, where the CIO reports directly to executive management favours a better execute involvement in IT governance.

  • Establish an IT strategy committee

  • Involve the board

  • Establish an IT governance team with executive and business involvement

  • Invite IT Director to executive committee

  • CIO close to board of directors

5. Manage Roles and Responsibilities

As described before, IT governance structures involve the organisation, the location of the IT function, the existence of clearly defined roles and responsibilities and a diversity of IT/business committees. Most case study companies did define or are in the process of defining formal roles and responsibilities documents. Defining these responsibilities and writing them down in documents is one thing, acting upon them is of course more important. All (IT) people, working in an IT governance context should have, besides their IT specific responsibilities, clear responsibilities defined towards the business they work for, and this throughout all levels, including the CIO and IT management. To make sure individuals adopt and execute upon their roles and responsibilities, a process of ‘formal’ evaluation and review is a good mechanism. Typically a person and his/her manager review and evaluate the defined roles and responsibilities against the delivered activities. This way each individual is formally informed about their function. Roles and responsibilities should also be communicated throughout the organisation or at least within functional teams, so expectations are set clear.

  • Define clear roles and responsibilities for all functions on all levels

  • Include business responsibilities for IT people

  • Communicate to individuals

  • Communicate throughout the organisation

  • Review and evaluate

6. Install IT Steering and IT Strategy Committees

Good working (IT) committees play an important role in establishing a good IT/business alignment. As described earlier in this post, IT steering committees and IT strategy committees are both important IT governance structures. While the IT strategy committee operates at the board level, the IT steering committee is situated at executive level, which implies that they have different responsibility, authority and membership. In practice most companies are well organised with IT steering committees, while IT strategy committees are still scarce. However, having a type of IT strategy committee in place does bring value to the IT governance set-up. IT issues and projects are discussed on executive level and management is much earlier involved and better informed in IT related matters.

  • Setup IT strategy committee

  • IT steering committees

7. Manage and Align the IT Investment Portfolio

Results from the case study research show that a lot of the IT-business interaction occurs around “projects.” In essence this is the tactical and tangible (‘pragmatic’) way of translating specific business needs into supporting applications and infrastructure. Also, more successful IT governance companies held a clear project evaluation and Prioritisation methodology, where both IT and business people were closely involved. Prioritisation methods where not only financial aspects, such as costs, ROI, NVP play a role but also other factors like quality of service, customer satisfaction and competitive advantage are seen as useful. In one particular case, for each project IT was responsible for calculating the costs of a project, while business was responsible for analyzing the anticipated benefits.

Good working project-related committees, where both IT and business are represented play a crucial role. In addition, formal tandems of IT people (e.g., IT architect) and responsible business people were created. Also, early involvement in the project cycle of both IT and business owners, provides a good base for successful completion.

  • Adopt a project evaluation method

    Incorporate financial parameters (ROI, NVP, )

    Incorporate non financial parameters such as:

    • Strategic value

    • Customer satisfaction

  • Adopt a project prioritisation method

    Make sure this is used consequently

    Make sure everybody is aware of this methodology in use

  • Involvement of both business and IT people from early project phase on

8. Use Performance Measurement Tools

Measuring and monitoring the different IT processes on different levels is very important. It is important to identify per domain or per process those metrics that support the related goals. Using the balanced scorecard technique gives the possibility to not only use financial metrics, but also metrics that refer to for example end-user satisfaction, corporate contribution and training. Metrics should be ‘measurable,’ preferably quantified and should be placed against a target to be achieved within a given timeframe, for example, 15 IT developers trained by end of the calendar year. Each metric should have a responsible person or team of persons. Some successful performance monitoring, done by both IT and the business, were identified during the case study. Relationships between metrics are also important elements in measuring performance. Different scorecards may be built and maintained per application domain, like more operational oriented scorecards for the different application development domains. Ideally, those scorecards are rolled up and/or aggregated into one overall scorecard, containing the most important and crucial metrics. The IT scorecard can in turn be linked to the business scorecard.

9. Set Up and Support Communication and Awareness Mechanisms

Companies, who score better in IT/business relationship, also have a good communication ‘infrastructure’ in place in order to encourage the relationship between business and IT. Good communication mechanisms come in different forms.

There is nothing more effective than people having a direct dialogue. In order to encourage such a direct communication between business and IT people different mechanisms can be implemented. During the case studies some good functioning mechanisms were identified, like tandem functions (see point 7) and the role of an IT steering committee (see point 5) where both business people are represented. Of course good communication must be established between different levels of the organization and additional attention should be given to the higher levels of the organisational structure (see executive involvement). Tandem functions, where IT people have a direct counterpart in the business come in different roles and positions. These functions do exist on project levels; that is, during the course of a project an IT person is appointed, who has a business-specific responsibility and talks to business people. A more structural approach is where specific IT people do have long-term responsibilities for a specific business unit. A commonly used name is ‘account manager.’

But good communication is more than having the right people ‘around the table.’ Speaking the same language, where both parties (business and IT) understand each other, is important. IT people must be informed about the business, its specific terminology, its way of working, and its processes in place. But in order to encourage qualitative communication, business people should also be aware of (at least) basic IT terminology. Providing the necessary training to educate both is a first instrument. But co-location, meaning physically placing the IT people’s workplace into the business department, and job-ration can also encourage a better integration of IT responsibles with the business unit(s). In one particular case, the incorporation of the IT development group into the business unit was seen as the main driver for the optimal relationship between IT and the business group. The developers share the same work space as the business people and daily contacts are enforced by the physical landscape of the working environment.

  • ‘Formal’ tandem functions business-IT people

    • Project based

    • Business unit based

  • Train IT people on business topics

  • Train business people on IT topics

  • Co-location

  • Job-ration

  • Knowledge management systems / Intranet sites

    • Publish success stories

    • Project status overview

    • Scorecards

  • Informal meeting points

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: