We’ve
been discussing IT Governance over the last few weeks.  We will cover managing decisions today before
we wrap up the IT Governance topic next week.  

As we
go into the final stretch of this conversation I am going to recap the
objectives behind IT Governance to assure it is well understood.  I find planning IT Governance to be the fun part.  It is much harder to execute and monitor it.  A firm foundation of understanding the objective is necessary to adoption of the practice and realizing
the true value.

Again
– IT Governance is a framework that insures information technology decisions
are aligned with the business goals and objectives.  It is very similar to corporate governance
goals of ensuring that key decisions are consistent with corporate vision,
values, and strategy.  Both are driven by
the need for transparency of enterprise risks and the protection of shareholder
value.  The overall objective of IT
Governance is to understand the issues and the strategic importance if IT, so
that the Company can compete now and in the future as well as to assure
decisions made support company policy and the right to operate.   Hence IT governance exists within
corporations to ensure IT initiatives and the performance of IT meets the
following the following corporate objectives:

  • Strategic Alignment
    – Link IT & Business Goals
  • Value Delivery –
    Optimize the Cost & Value of IT Services
  • Resource Management
    – Optimize Resource Investment
  • Risk Management –
    Understand the Enterprise’s Appetite for Risk
  • Performance
    Management – Track & Monitor Achievements

Now
that I’ve emphasis the WHY IT GOVERNANCE IS IMPORTANT let’s move on to discuss
how we manage the decisions.

Simply put there are three general categories
of IT Governance decision management mechanisms – the decision making itself;
the process assignment; and the communication approaches.  Typical techniques used to manage within
these mechanisms include: 

  • Business
    IT Relationship Managers
  • IT
    leadership committee composed of the IT executives
  • IT
    Councils composed of business and IT executives
  • Senior
    business leadership committees (of which the CIO should be a standing member)
  • Capital
    approval committee (led by a senior business executive and comprised of senior
    business leadership including the CIO)
  • Architecture
    committee

Managing
the alignment of the decision to the overall corporate strategy and objectives
may utilize the following techniques:

  • Tracking
    of IT projects and resources consumed
  • Formalized
    Service level agreements (SLA) or objectives (SLO)
  • Formal
    project management lifecycle that includes tracking of business value of IT and decisions made
  • Chargeback
    or cost tracking arrangements

Approaches to communicating may
include:

  • Office
    of CIO or Office of IT Governance
  • Address
    failures in the process early on
  • Communicate
    adoption through announcements from Senior Management
  • Create,
    manage and monitor web-based portals and intranets articulating IT programs and
    progress

All
companies and especially publically held (or for those aspiring to issue an
IPO) companies should look to develop a Governance System Framework within
IT.  A recommendation for this framework would
best be based on the latest CobIT v5 (Control
Objectives for IT) governance model with supporting ITIL v3  (IT Infrastructure Library) system management operating
practices.  

COBIT
5 is a globally accepted  framework for
providing a business view of the governance of IT. Most often SOX audits are
based on its controls.  You can learn
more about CobIT 5 at:  http://www.isaca.org/COBIT/ 

ITIL
is the most widely accepted approach to IT service management.  It provides a cohesive set of best practices
drawn from a global community of IT leadership. To learn more about ITIL 3 visit: www.itil-officialsite.com/

Neither
of these frameworks were meant to stand alone (at least in my opinion).   CobIT provides the framework of policy,
process, procedures and metrics that give direction to ITIL systems management
framework for driving IT Operations, I like to think of CobIT as the WHY and
the WHAT you must do and ITIL as the HOW you will manage IT.  Perhaps in a future conversation we will
discuss these frameworks further.

In
addition the TOGAF 9 (The Open Group Architecture Framework) framework provides
an industry approach for designing, planning, implementing and governing
enterprise information architecture decisions. TOGAG is a high level and
holistic approach to design, which is model at four levels: Business,
Application, Data and Technology.   It provides a common set of tools and language
for developing and managing architecture. 
So that I don’t go too far into an area that I am not well versed, let me direct you to a better source of information: www.opengroup.org/togaf/  . 

In my
research I found an awesome white paper that describes the supporting
relationship between ITIL and TOGAF.

 www.best-management-practice.com/gempdf/ITIL_and_TOGAF_White_Paper_v0_3.pdf

With this we will pause today’s IT Governance conversation  with a memory of Steve Jobs

“People think focus means saying yes to the thing you’ve got to focus on. But that’s not what it means at all. It means saying no to the hundred other good ideas that there are. You have to pick carefully.” 

Think about it!  

We will pick up our conversation next time with “How are these decisions monitored?”,  In the meantime, please reach out with clarifying questions or
thoughts on the topic to date. 

Conversations sponsored by ITeffectivity.com – an IT
management consulting practice targeting CIO’s challenge of leading and
delivering business solutions with a focus on effective people, process, and
technology management.