We wrap up our IT Governance conversations today with a discussion
on monitoring decisions made. 

Why is it so
important to monitor decisions made?  Monitoring
plays a key role in by enabling transparency of decision actions, progress, and
outcome as well as informs lessons learned for continual improvement of
decision making.   

Notice I did not
use Governance in that last sentence. 
There is a trend towards eliminating Governance from our management
vocabulary. There are some people who claim Governance is passé. 
Personally I find that these people also don’t feel then need to manage
their own career or plan for retirement. 
Without it – success is an accident. 

I am the first to
admit it overused and misused at time. 
At the same time decision are made, thus they need to be managed and
monitored.

Okay, now
that I got that off of my chest – what is monitoring IT Governance all about…

Think about this – business leaders are accountable for making decisions
required to support the corporate objectives. 
In pursuit of building the capability required to meet the objectives
they are delegated the authority to make and approve design decisions.  Along with the design decisions the business
leader is authorized to approve the funding needed to support within their
designated delegation of authority.   

Without monitoring the organization would be blinded to the quality of
the actions and return of the investments made. It would be akin to building
and mortgaging a home without bank approval, without an architected plan,
without quality inspections and without a bank appraisal.   Does that resonate? 

In the IT space various techniques have proven useful in monitoring IT
decisions made.  More important these
practices are fundamental to running IT as a business.

IT Portfolio Management

Portfolio Management ensures that technology
projects complement overall business strategy and value. IT utilizes a project
prioritization methodology that reflects the enterprise’s strategic goals and
monitors changing circumstances throughout the portfolio lifecycle.

The fundamental objective of the IT Portfolio
Management process is to determine the optimal mix and sequencing of proposed
projects to best achieve the organization’s overall goals – typically expressed
in terms of hard economic measures, business strategy goals, or technical
strategy goals – while honoring constraints imposed by management or external
real-world factors (such as disasters, funding, and resources).

Typical attributes of projects being analyzed
in a portfolio management process include each project’s total expected cost,
consumption of scarce resources (human or otherwise) expected timeline and
schedule of investment, expected nature, magnitude and timing of benefits to be
realized, and relationship or inter-dependencies with other projects in the
portfolio.

IT Balanced Scorecard

The IT Balanced Scorecard is a methodology for assessing the state of an IT
Department. This could be a conversation on itself. 

The IT balanced scorecard was developed in the early 90’s by Kaplan and
Norton as a set of measures that would give management a view into the
business.  The Information Systems Audit
and Control Association gives a great history and explanation of its value on
their site:

http://www.isaca.org/Journal/Past-Issues/2000/Volume-2/Pages/The-IT-Balanced-Scorecard-A-Roadmap-to-Effective-Governance-of-a-Shared-Services-IT-Organization.aspx

Simply put  – it reports on four key
perspectives – The customer, internal processes, employee learning and growth,
and financials. In my opinion it is one of the most impactful maturing process
an IT organization can take to articulate the value IT provides to the
organization.

IT Project Management

Project managers (PM) need to report
project status weekly on a Red/Yellow/Green scale across multiple categories,
including: Delivery, Resources, Budget, Technical, and Overall.  Written updates on costs, key milestones,
ongoing issues, and next-step action items are also included.

Project information should be kept
up to date on a weekly basis in whatever systems the company deems
appropriate.  I am agnostic to what is
chosen as long as the process allows the PM to track schedules, actual work
performed, budgets, spend, forecasts, issues, risks, and project changes.  Each week, the PM evaluates the information
in the tracking system to ensure that it is accurate and provide an assessment
of the overall project performance using this suggested rating scale:

  • Green – Project is performing within
    expected thresholds

  • Yellow – Project is at risk for missing delivery expectations
  • Red – Project will miss delivery expectations


Here I ask you all for your
thoughts and recommendations for implementing these or other methodologies for
monitoring decisions made. 

While you are
thinking about that I want to outline additional policy, processes and
organizations
that contribute to the success of the IT practice:  

  • The IT Policy
    is a formal management policy that governs corporate practice with
    respect to the authority of the Chief Information Officer (CIO).  The policy sets out the principles under
    which ALL services relating to electronic information and technologies (Information
    Technology Services, or ‘IT’) are provided in the company.  It should outline the authority and the
    responsibility of the CIO clearly. This is a key policy needs to be sponsored
    by the CEO or highest leader of the organization on behalf of the CIO and
    IT.  It is the policy that all IT,
    Accounting, Sourcing, and Legal policies should link back to.  
    The power of this
    policy is applied to internally and externally hosted systems and should
    outline the guidance and ramifications of obtaining IT services outside of the
    central IT decision making process. For example – if a department decides to
    take advantage of a software-as-a-service offering without engaging IT
    technically there is nothing IT can do to stop it.  The question one must ask – who is
    accountable if there is a breach of privacy. Who is the steward and accountable
    for the contractual and financial liability? Let’s talk if you want to learn
    more about it.

  • The Information Security Policy establishes mandatory requirements that
    assure the confidentiality, integrity and availability of electronic
    information and the systems which store and process that information.

  • The Portfolio
    Management Process
    facilitates development of enterprise
    portfolio prioritization, recommendation and portfolio approvals. 
    It is designed to ensure timely processing of
    approvals for all projects and initiatives while ensuring alignment with IT
    principles and the business strategies and goals of the company.

  • The Project Management Process, which utilizes the IT Project Delivery
    Methodology (IS PDM) provides
    ongoing governance of approved projects.
  • Change Management is the process of scheduling,
    coordinating and monitoring all changes to an information system resource.  Its’ objectives are to assess, prioritize and
    authorize all changes, and to ensure that changes are made with minimum disruption
    to the system availability.
  • The Capital Expenditure Request (CER) Process
    outlines the steps for the procurement of all capital assets and how to get
    funding.
  • An IT Solution Design and Delivery practice is
    responsible for the design and delivery of IS systems acquisition, development,
    deployment, and maintenance activities. 
    IT develops and delivers a variety of systems and applications ranging
    from stand-alone systems to server-based systems, commercial-off-the-shelf
    (COTS) to custom-developed software.  It
    also manages external and contractual partnerships for vendor-hosted solutions
    and managed service agreements.
  • The Architecture Review Board (ARB) is a governing body that provides a
    technical review and reporting for all IS projects.  Call it anything you want but hopefully you
    can see the value.
  • Audits
    and Risk Assessments
    are integral parts of both corporate and IT governance.
    The CIO will work with the head of Internal Audit department and the IT leadership
    to ensure that the benefits of audit and risk assessment activities are
    maximized and institutionalized.
  • Office
    of General Council, Finance, and Sourcing and Procurement
    are integral
    parts of the IT governance process and will be involved in all major
    procurement decisions. The focus of sourcing is to leverage the buying power of
    the company and to leverage assets across the organization while assuring
    financial and contract obligations are understood and managed.

I’ve given you a great deal to consider today and across all of the IT Governance conversations. Let me help by adding a simple thought as you contemplate how to best apply all that I have shared.

The role of IT and the potential value IT brings to the company is
ever increasing. Competition is driving the need for innovation at the same
time shrinking profit margins call demand scrutiny of every dollar
invested.  The role of IT governance is
critical to both – are we investing in the right systems that will enable the
right capability at the right cost?

This ends our series on IT Governance.  Stay tuned to next week’s
conversation where I just might surprise you with a less intense
conversation. 

Until next time – enjoy life!

Conversations
sponsored by ITeffectivity.com – an IT management consulting practice targeting
CIO’s challenge of leading and delivering business solutions with a focus on
effective people, process, and technology management

.