IT Governance and Infrastructure Learning Outcomes n n

IT Governance and Infrastructure

Learning Outcomes n n n Understand what IT governance is. Understand what a manager should expect from the MIS organization. Describe why a manager must know the organization’s particular needs. Define what a lean, competitive enterprise looks like and what role IT plays. Understand how decision rights are allocated. Identify the risks of a global MIS organization.

What is IT Governance? n n IT Governance focuses specifically on information technology systems, their performance and risk management. The primary goals of IT Governance are to assure that the investments in IT generate business value, and to mitigate the risks that are associated with IT. This can be done by implementing an organisational structure with well-defined roles outlining the responsibility of information, business processes, applications and infrastructure.

What is IT Governance? n IT governance should be viewed as: How IT creates value that fits into the overall Corporate Governance Strategy of the organisation. . .

IT Governance Definitions…. . n n n The structure, oversight and management processes which ensure the delivery of the expected benefits of IT in a controlled way to help enhance the long-term sustainable success of the enterprise. IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes.

IT Governance Definitions…. . n Specifying the decision rights and accountability framework to encourage desirable behaviours in the use of IT. n Governance is not about what decisions get made – that is management – but it is about who makes the decisions and how they are made. n IT governance is the term used to describe how those persons entrusted with governance of an entity will consider IT in their supervision, monitoring, control and direction of the entity. How IT is applied will have an immense impact on whether the entity will attain its vision, mission or strategic goals.

Why is IT Governance Necessary? n IT governance is needed to ensure that the investments in IT generate value-reward - and mitigate IT-associated risks, avoiding failure. n How to balance risk and rewards when using IT to enable organisational change. . .

UNDERSTANDING THE IS ORGANIZATION

CIO n n n The CIO (Chief Information Officer) is at the helm of the IS organization. CIO’s primary goal is to manage IT resources to implement enterprise strategy. Provide technology vision and leadership for developing and implementing IT initiatives to help the enterprise maintain a competitive advantage. As the importance of technology has increased so has the position of the CIO. Must work effectively with ALL units of the company, not just IS.

Twelve Main CIO Responsibilities The following responsibilities often define the role of the CIO: 1. Championing the organization. 2. Architecture management. 3. Business strategy consultant. 4. Business technology planning. 5. Application development. 6. IT infrastructure management. 7. Sourcing. 8. Partnership developer. 9. Technology transfer agent. 10. Customer satisfaction management. 11. Training. 12. Business discontinuity/disaster recovery planning.

CIO n n Must have both technical and business skills. Must see the business vision and how IT can help facilitate that vision. Is both a strategist and operations manager. Some organizations do not have a CIO. They hire someone to “run” their computer systems and do not give them much decision making authority.

CTO, CPO, and Other Roles n n n The CIO, particularly in larger organizations, cannot guide the enterprise toward the future alone. Other strategic areas require more focused guidance. The CTO is a critical role. Works alongside the CIO. Needs business savvy and communication skills. Must be able to create an organizational vision. n New positions created to deal with this growing need.

WHAT A MANAGER CAN EXPECT FROM THE IS ORGANIZATION

Business Continuity Plan n n Approved set of preparations and sufficient procedures for responding to a variety of disaster events. What do we do in case of an emergency such as 9/11? Three major stages of BCP: Pre-planning - management’s responsibility is defined, possible risks are evaluated, and a business impact analysis is performed. Planning - alternative business recovery operating strategies are determined. Post-planning - familiarizes employees with the plan through awareness and training programs.

Managing Data, Information and Knowledge n n Managing information and knowledge in the enterprise is of particular concern to IS. Database administration. Includes the collecting and storing the actual data created, developed, or discovered. Deciding on format, location, and indexing of stored data.

Managing Internet and Network Services n n Intranets, extranets, Web pages, and e-mail are becoming essential in most business environments. General managers must interact with the Web master, Web designers, and Web developers. Networking groups design, build, maintain, and manage the network architecture. Managers must be concerned with telecommunications and their costs.

Managing Human Resources n n n IS must manage its own resources. Provide business and technical training. Hiring and firing of staff. Tracking time, managing budgets, etc. Maintain skills inventory. Individual managers are responsible.

Operating Data Centre n n n Houses large mainframe computers or rows of servers on which the company’s data and business applications reside. Managers rarely have direct contact with data centre staff. Many organizations outsource data centre operations.

Providing General Support n n n Providing support for users of IS. Support requests are normally centralized. Centralized help desk – first contact point. Forward requests to knowledgeable staff. n Many companies outsource this function. Not uncommon to call support and speak to someone in another country.

User management activities

What IS Does Not Do n Does not perform core business functions such as: Selling Manufacturing Accounting. n Does not set business strategy. General managers must not delegate critical technology decisions.

Centralized vs. Decentralized Organizational Structures n Centralized – bring together all staff, hardware, software, data, and processing into a single location. n Decentralized – the components in the centralized structure are scattered in different locations to address local business needs. n Federalism – a combination of centralized and decentralized structures.

Federal IT

Another Perspective on IT Governance n n n Weill and his colleagues define IT governance as “specifying the decision rights and accountability framework to encourage desirable behavior in using IT. ” The focus is not what, but who! Good IT governance provides a structure to make good decisions. The assignment of decision-making authority and responsibility The decision-making mechanisms

Category Description Examples of Affected IS Activities IT Principles High-level statements about how IT is used in the business Participating in Setting Strategic Direction An integrated set of technical choices to Establishing architecture IT Architecture guide the organization in satisfying and standards business needs. The architecture is a set of policies and rules for the use of IT and plots a migration path to the way business will be done IT Infrastructure Strategies for the base foundation of Managing internet and Strategies budgeted-for IT capability (both technical network services; providing and human) shared throughout the firm general support; Managing as reliable services, and centrally data; Managing human coordinated resources Business Application Specification of the business need for Developing and Needs purchased or internally developed IT maintaining information applications systems IT Investment & Decision about how much and where to Anticipating new Prioritization invest in IT including project approvals technologies and justification techniques Five major categories of IT decisions

Decision-Making Mechanisms n n Policies may be used. The steering committee is common and works well in the federal archetype. IT Governance Council – steering committee at the highest level. Reports to board or CEO. Comprised of top-level executives. Provides strategic direction and funding authority. Lower level steering committees are responsible for effectively allocating scarce resources. Companies usually have one or the other.

Managing the Global Considerations n Large global MIS organizations face many of the same organizational issues as any other global department. n For IS, a number of issues arise that put the business at risk beyond the typical global considerations. n Table in the next slide summarizes how a global IT perspective affects six information management issues.

Issue Global IT Perspective Example Political Stability How risky is investment in a country with an unstable government ? India, a country that faces conflict with Pakistan Transparency Domestically, an IT network can be end-to-end with little effort compared to global networks SAP-R 3 can be used to support production processes but only if installed Business Continuity Planning When crossing borders, it is important to make sure that contingency plans are in place Concern when crossing boarders is will data center be available when/if needed Cultural Differences IT systems must not offend or insult those of a different culture Using images or artifacts may be insulting to another culture Sourcing Some technologies cannot be exported or imported into specific countries Exporting it to some countries, especially those who are not political allies is not possible Data Flow across Borders Data, especially private or personal data, is not allowed to cross some borders. For example: Brazil Global Considerations for the MIS Organization

Summary n n The CIO is a high-level IS officer. There a variety of key job titles in the IS organizations can be expected to anticipate new technologies, set strategic direction, etc. Managers must work with IT leaders to develop a lean, competitive enterprise, where IT acts as a strategic enabler.

Seminar n Read the case study and answer the following questions: 1. Describe the IT governance mechanisms used at UPS. What does the representation of UPS’s executive steering committee suggest to you? Do you think that IT plays a strategic role at UPS? Why or why not? 2.

Solutions n 1. Answer: Most students have some work experience on which to draw an answer to this question. Some students will be familiar with very large fortune 500 companies, consulting firms or service organizations, which usually have a CIO. In that case, they will most likely describe an executive type individual who is a strategist for the company. In other cases, the student will have worked for a company where the most senior information systems person is either the person running the data center or someone who makes sure all the PCs are running. IN that case, the description will be of an operationalist, someone concerned with operations but not involved with the business strategy on a regular basis.

Solutions n 2. Answer: The CIO brings both a business and a technical perspective to a business. He or she typically has a technical background (although not always) and a general business background. The CIO helps the senior executive team make decisions with information systems impacts in mind. Not having a CIO might mean that a business decision is made which either costs too much to implement or is technically infeasible. A disadvantage of having a CIO might be that this person is often expensive. Finding someone who understands the business side of the equation as well as the technical side is difficult, and for some organizations it is too costly. Another disadvantage is that in some cases, having a CIO is seen by other managers as a signal that they, themselves, do not have to understand or worry about information systems impacts. Their thinking goes like this, “if there is a CIO, then he/she is going to worry about the IS side of things and I don’t have to”. But in an increasingly web-based marketplace every manager must be knowledgeable about IS and understand the impacts as they are wide reaching and devastating if problems occur.