While the previous statements may be open to debate, it is clear that Enterprises rely on IT for their competitive advantage and cannot afford to apply to IT anything less than the same level of commitment they devote to financial supervision and overall Corporate Governance .
Now is the time for Boards of Directors to provide necessary oversight and form dedicated IT committees.
Surveys conducted in 2001 by Acadys (Europe) and the Standish Group (USA) found that businesses do not treat their IT as an important enabler because they do not treat IT as a partner or top management does not provide IT its rightful attention
Furthermore, only a few are able to measure the value that IT returns
While the majority of IT projects continue to fail
Information’s actual value is more often than not, underestimated.
According to the Brookings Institute, only 15 percent of the market value of an Enterprise resides in tangible assets, while 85 percent rests in intangible assets— the largest part of those intangibles being information.
The importance of IT, must place it firmly onto the governance agenda of both boards and executives.
Investors have acknowledged their awareness of the importance of governance demonstrating a willingness to pay a premium of up to 20 percent on shares of Enterprises known to have a governance framework in place.
Conversely, today’s headlines have demonstrated the results of non compliance or lackluster governance policies
Regulators are becoming outspoken as well, addressing awareness, transparency and accountability, for example:
Boards of companies listed on the American, Pacific, New York and London Stock Exchange must address corporate risks and be transparent about them IT has traditionally been treated as an entity separate to the business.
Critical systems supporting the financial Industry are required by the Bank for International Settlements (BIS) to have a transparent, effective and accountable governance structure.
Despite the extensive investments and risks inherent in IT, IT Governance has not received the attention it merits, mainly because IT oversight differs from the oversight of business strategy and risks in many ways:
IT requires more technical insight than do other disciplines to understand how it enables the Enterprise and creates risks and opportunities.
IT has traditionally been treated as an entity separate to the business.
IT is complex, even more so in the extended Enterprise operating in a networked economy.
IT knowledge at the board level generally has been limited.
IT Governance is the responsibility of the Board of Directors:
The directors exercise that responsibility by providing leadership and by ensuring IT sustains and extends the organization’s strategies and objectives.
Board members do not need to become technology experts, but they do need to equip themselves with a high-level understanding of their changing roles and responsibilities regarding IT oversight and should consider attracting more IT-related business skills to the boardroom.
Second, boards should set up an IT Strategy Committee .
Some boards hesitate to do so, due to members’ reluctance to sit on what may be perceived as a “technical” committee and/or the CEO’s wariness at having to deal with yet another board committee.
However, the importance of the IT Strategy Committee is such that these objections should be overcome.
The committee should review and approve IT strategy, providing high-level direction and control about the value IT needs to deliver and the IT risks that need to be managed.
IT Governance is also the responsibility of management:
Management should align business and IT strategy, cascading strategy and goals down into the enterprise and translating them into action for employees at each level.
After aligning business and IT strategy, management should align IT and the business organization, promoting co-responsibility for the success of IT projects and the return of business value.
Management ensures that risk analysis is an integral part of planning, focusing on the vulnerabilities of the IT infrastructure, exposure of intangible assets to security and operational risks, and the risk of IT project failures.
Management should implement performance measurement based on the aligned strategy and goals. The emerging eminent tool for this is the balanced business scorecard, with the understanding that, when building an IT scorecard, the value of information defies traditional business metrics.
The CIO should have the clout or influence to make these steps happen, wielding a position of authority in the organization and holding the power to say “no.” While currently only one in five CIOs reports to the CEO, that situation gradually is changing.
One of the major challenges for management is aligning IT with the business.
In 50% of the cases, IT is considered just an operator or service supplier rather than a true partner; in only 40% is there some form of strategy integration and in only 20% is there true strategic alignment.
A recent survey of Fortune 500 companies by the IT Governance Institute measured the responses against a scale illustrating the degree to which enterprises have begun to appreciate the importance of IT and the need to govern it.
The predictions of reputable market analysts such as Gartner, Compass, Giga and Computer Sciences Corporation reveal that the top issues for IT management in 2002 have transitioned from technology to management-related issues which clearly map to the following IT governance responsibilities :
Strategic Alignment - focusing on aligning IT with the business and collaborative solutions
Value Delivery - concentrating on optimizing expenses and proving the value of IT
IT Asset Managemen t - focusing on knowledge and IT infrastructure
Risk Management - addressing the safeguarding of IT assets and disaster recovery
This explains the emergence of IT Balanced Scorecards in more advanced Enterprises. The need for IT Performance Management is illustrated by the same surveys referred to previously. Acadys found that only one in eight Enterprises is able to measure the value of IT. The Standish Group found that, internationally, three of 10 IT projects fail outright, two of 10 are seriously challenged and, of the remainder, more than half deliver below expectations.
Major market analysts have shown that IT has moved from a technology issue to a management and governance issue.
IT’s impact on intangibles, its crucial role for survival and the need to optimize its value make it imperative to place IT governance on the board’s agenda as an integral part of enterprise governance.
Good governance practices definitely impact shareholder value.