IT Governance Important piece of the puzzle Creative

  • Slides: 27
Download presentation
IT Governance Important piece of the puzzle Creative Commons License – Curt Hill.

IT Governance Important piece of the puzzle Creative Commons License – Curt Hill.

Introduction • The key in IT Governance is alignment • Historically, the governance process

Introduction • The key in IT Governance is alignment • Historically, the governance process was about hardware and software acquisition – Software could be bought or developed • Typically the choices were made by the CIO and the staff working for them – Sometimes their point of view diverged from the real needs of the enterprise Creative Commons License – Curt Hill.

Why? • The Enron scandal has focused attention on the importance of governance at

Why? • The Enron scandal has focused attention on the importance of governance at the corporate and IT levels • Like in enterprise governance both conformance and performance are important Creative Commons License – Curt Hill.

Benefits • Accountability and transparency – This assists in decision making • Value –

Benefits • Accountability and transparency – This assists in decision making • Value – Should yield increased ROI • Opportunities for partnerships – Improved agility – Facilitate joint ventures • Better compliance with laws and regulations • More appropriate IT input into strategic decisions Creative Commons License – Curt Hill.

IT Decisions • There are several decisions that need to be made concerning IT

IT Decisions • There are several decisions that need to be made concerning IT • Principles – Statement on how IT will be used • Architecture – A set of technical choices • Infrastructure strategy – The hardware, software and people needed to support the enterprise Creative Commons License – Curt Hill.

IT Decisions 2 • Business applications – Which are most needed for enterprise success

IT Decisions 2 • Business applications – Which are most needed for enterprise success • Investment prioritization – How limited funds will be used – Determination of the process Creative Commons License – Curt Hill.

Enterprise Concerns • Due to a lack of understanding from outside of IT, many

Enterprise Concerns • Due to a lack of understanding from outside of IT, many concerns exist: – Availability and security of IT systems affect entire enterprise – A difference between perception of needs from IT and rest of business – Concern that the current IT infrastructure will be sufficient for future needs – Ignorance of the risks of IT and the impact on the enterprise – The need to have appropriate management discipline and controls Creative Commons License – Curt Hill.

More Concerns • The value and risk of IT is often difficult to quantify

More Concerns • The value and risk of IT is often difficult to quantify – This makes return on investment problematic • The conformance problem is even more difficult – Are we conforming to the laws and regulations – Is our security sufficient for today’s environment Creative Commons License – Curt Hill.

Governance Topics • Like the enterprise board, IT governance cannot be involved in a

Governance Topics • Like the enterprise board, IT governance cannot be involved in a day to day way – Nor can they be concerned with every detail • Their attention should look at: – Alignment – Value delivery – Risk management – Resource management – Performance measurement Creative Commons License – Curt Hill.

Alignment • Governance needs to provide strategic guidance • Which services that IT provides

Alignment • Governance needs to provide strategic guidance • Which services that IT provides to the rest of the enterprise • Direction concerning the projects that should go forward or be delayed Creative Commons License – Curt Hill.

Value delivery • The desire for every department is that it provide maximum value

Value delivery • The desire for every department is that it provide maximum value to the rest of the enterprise – It is easy to try out the latest new thing, regardless of the value it provides • Assess return on investment (or other suitable metric) for the activities and acquisitions of IT • Accountability to the rest of the enterprise Creative Commons License – Curt Hill.

Risk management • Governance does not assess risk – They make sure it is

Risk management • Governance does not assess risk – They make sure it is done • They ensure that risk management processes are in place and effective • They will review reports concerning evaluation of risk and mitigation plans Creative Commons License – Curt Hill.

Resource management • Give direction for acquisition of IT resources • Recommend to budgeting

Resource management • Give direction for acquisition of IT resources • Recommend to budgeting entities proper funding • Ensure that IT possesses sufficient infrastructure for properly supporting the enterprise – Also the future enterprise Creative Commons License – Curt Hill.

Performance measurement • Verify the achievement of IT goals and objectives – This will

Performance measurement • Verify the achievement of IT goals and objectives – This will often include numerous measures of performance that IT gathers programmatically • Does IT contribute to the enterprise as it has promised? Creative Commons License – Curt Hill.

Best Practices 1 • Like most disciplines there is an evolving set of best

Best Practices 1 • Like most disciplines there is an evolving set of best practices – Here are several • Approach should include entire enterprise – Business and IT experts must work together – A committee for governance should have widespread representation – A shared view of IT’s role and governance Creative Commons License – Curt Hill.

Best Practices 2 • IT Governance needs commitment from Board of Directors – This

Best Practices 2 • IT Governance needs commitment from Board of Directors – This include accountability of the IT Governance to the Board – Responsibilities must be well defined • Requirement for an agreed upon governance framework – IT Governance must be integrated into other governance mechanisms – Good and frequent communication – Avoid too much bureaucracy Creative Commons License – Curt Hill.

Best Practices 3 • Trust must be established – Establish the governance board with

Best Practices 3 • Trust must be established – Establish the governance board with experienced and reliable people – Suppliers and the department need to see them as professionals • Establish objective measurements – Scorecards to demonstrate achievement and show its absence – Important metrics must reflect business concerns • Pay attention to costs – Improved governance will often result in Creative Commons License – Curt Hill. savings

Frameworks • Although IT governance is comparatively recent topic there are now a number

Frameworks • Although IT governance is comparatively recent topic there are now a number of frameworks in place – ISO/IEC 38500: 2015 Corporate governance of information technology • Originally Australian Standard for Corporate Governance of Information and Communication Technology – COBIT 5 provides a reference model of 37 IT processes typically found in an organization Creative Commons License – Curt Hill.

IGPMM • The Information Governance Process Maturity Model – One of the frameworks •

IGPMM • The Information Governance Process Maturity Model – One of the frameworks • There are 22 IT processes that need to be in place and functioning effectively • Considers requirements of the key stakeholders • Designed to improve management of information value, cost and risk Creative Commons License – Curt Hill.

IGPMM Stages • Each process matures through the following stages • Stage 1: Ad

IGPMM Stages • Each process matures through the following stages • Stage 1: Ad hoc and inconsistent • Stage 2: Siloed and manual • Stage 3: Siloed, consistent and instrumented • Stage 4: Integrated, instrumented and optimized Creative Commons License – Curt Hill.

Other Frameworks – Overlap with prior frameworks – Not usually covering everything – CMM

Other Frameworks – Overlap with prior frameworks – Not usually covering everything – CMM - The Capability Maturity Model: focus on software engineering – ITIL - The IT Infrastructure Library focus on IT Service management – ISO/IEC 20000 - Focus on IT Service management – ISO/IEC 27001 - Focus on Information Risk Management – ISO/IEC 29119 and ISTQB - Focus on Software Testing Creative Commons License – Curt Hill.

Audience Participation • What qualifications should be required to be on IT Governance? •

Audience Participation • What qualifications should be required to be on IT Governance? • From where in the company should these people come? Creative Commons License – Curt Hill.

Models • Weill surveyed businesses and found five forms of IT Governance – Determining

Models • Weill surveyed businesses and found five forms of IT Governance – Determining who made the IT decisions • • Business Monarchy - all by executives IT Monarchy – all by IT professionals Feudal – business units IT duopoly – IT and one other group – May be business unit or Cx. O • Federal – larger representation • Anarchy – individuals or small groups – Not really a governance form Creative Commons License – Curt Hill.

Decision Rights Creative Commons License – Curt Hill.

Decision Rights Creative Commons License – Curt Hill.

Usage Creative Commons License – Curt Hill.

Usage Creative Commons License – Curt Hill.

Success • IT governance is not a one-time thing – Like EA it is

Success • IT governance is not a one-time thing – Like EA it is continuing process in order to receive benefit • Enterprise Board must support and depend on IT governance • Cultural changes may be required to make function properly • Show patience – Like most things it takes time for governance to become effective Creative Commons License – Curt Hill.

Summary • The process of how decisions are made regarding IT purchases and projects

Summary • The process of how decisions are made regarding IT purchases and projects • The goal is aligning IT strategy with business goals • In this context it should be subordinate to enterprise governance – Just as EA governance is • An outcome of an EA is good IT governance Creative Commons License – Curt Hill.