The governance maturity assessment identified an overall maturity level of 2, indicating some repeatable governance processes. Recommendations include chartering cross-enterprise governance committees, developing architectures to guide improvements, and requiring compliance with architectures and policies. Managing core capabilities, empowering technical providers, and defining issue escalation are also recommended to improve governance maturity. The assessment highlights the need for collaboration between business and IT leaders at strategic, tactical, and operational levels of governance.
2. Discussion Topics
IT Governance
– What is it and why is it important?
– Maturity assessment approach
– Assessment results
– Recommended actions
2
3. What is IT governance … why is it important?
IT Governance ensures IT supports business needs
– Aligns IT services and spending
Business
with business priorities Focus
– Integrates IT through the use of
common architectures
– Lowers costs by requiring
conformance with standards IT
Focus
– Verifies the line-of-sight
between business and IT to
ensure everyone is working to
accomplish the same goals
Governance deficiencies typically result in higher IT costs,
lower quality and less timely service delivery
3
4. Purpose for governance maturity assessment
IT Business
Governance Process
Governance maturity was assessed to:
– Identify current maturity levels
– Realize the effects of governance deficiencies …
– and to create a compelling case for improvement
4
5. The maturity assessment approach
Survey of manager and director-level leaders
Findings – scoring and feedback are summarized
and framed within governance lifecycle
Recommendations are based on findings
5
6. The assessment survey addressed five
governance sections
5. Organizational Learning
4. Procurement Supporting Implementation and Delivery
3. Implementing Strategies and Business Plans
2. Strategic Thinking and Business Planning
1. Organizational Framework & Business Context
Questions Initial Repeatable & Intuitive Defined Process Managed, Measurable Optimized
• Explicit role definitions
• Governance committees • Key organizational roles covering enactment of • Flexibility and co-
• Governance processes
/ forums exist and defined in functional business processes ordination of roles in
are not defined
Does the organization's perform key functions terms; forums have • Well-established funding order to deliver business
• Governance roles and
governance framework fully such as budget and cost formalized charters and resource allocation improvements
responsibilities have not
encapsulate key management, quality • Some top-to-bottom mechanisms, reflecting • Widespread use of
been defined
committees, roles, management alignment among forums alignment with business strategy, cluster and
• Governance is not
processes and • Policy framework • Policy framework well priorities improvement teams
performed in explicitly-
organizational controls? covering regulations and established & relevant • Policy framework within the business,
chartered bodies /
essential legislative policies & procedures sufficiently robust to deal focused on improving
forums
requirements defined with crosscutting delivery
initiatives
• Business operations • Performance measures
• Performance measures
Does the organization have (service delivery) and rationalized in terms of
are not defined for • Measures of all key
a complete approach to projects are monitored framework components, • Performance
business operations business processes and
performance and reported on e.g. Balanced Scorecard management processes
processes (service services regularly taken
management, supported • Measures tend not to • Performance measures fully integrated within the
delivery) • Some success at
by an explicit framework relate readily to used to track and rectify business planning
• Projects monitored and relating measures to
and established reporting organizational goals and deviations, and lifecycle
reported only in business drivers
mechanisms? key performance understand areas of
qualitative terms
indicators. weakness
• Architecture models are • Robust architectures
Are architectures defined • No common models the ‘common language’ support ‘what if’ scenario
• Some models exist and • Process, data,
and maintained that exist of the organization planning
are used to context application and
represent both business • References to business • Architectures consist of • Models are ‘active’ in the
projects and technology organizational models
and technological and technology high-to-low layered sense that, as business
solutions in general exist and are used to
dimensions of the constructs are intuitive frameworks that enable and technology change,
terms plan and scope projects
organization? and approximations disparate perspectives to they change to provide
relate to one another accurate representations
• Staff training focusing on
Are staff development and • Training requirements • Formal staff appraisals in
• No formal mechanisms standard courses
training significantly are reviewed regularly place and development • Roles reviewed in
exist for personnel • Some training and
influenced by review, and the organization plans agreed for all staff relation to new business
development development plans
feedback and other forms assures that training • Formal business processes and
• Appraisal / feedback is established aimed
of organizational reflects Best Practice facilitation of learning organizational transitions
not reliably provided towards commonality of
learning? guidance and growth
approach
6
7. The assessment findings reveal overall maturity to
be at level 2 ‘Repeatable and Intuitive’
4. Procurement
1. Organizational 3. Implementing Policy, Supporting
Framework & 2. Strategic Thinking and Strategies and Business Implementation & 5. Organizational
Business Context Business Planning Plans Delivery Learning
1A 1B 1C 1D 2A 2B 2C 2D 2D 3A 3B 3C 3D 3E 4A 4B 4C 4D 5A 5B 5C 5D
Question Average 1.3 2.7 1.8 2.3 1.8 1.9 2.3 1.9 1.9 2.4 2.4 1.8 2.3 1.6 1.7 2.2 1.8 2.1 2.2 2.1 2.4 2.3
Section Average 2.0 2.0 2.1 1.9 2.3
Overall Average 2.0
Optimized (5)
Focus on process
• Advanced & forward looking of governance improvement
issues & solutions
Managed & Measurable (4)
• Full understanding at all levels Process measured and
• Monitor & measure compliance with controlled
procedures & process metrics
• Fully operationalized governance structure
Defined Processes (3)
• Governance understood & accepted
• Participation & responsibilities agreed
Process characterized, fairly well
to by all stakeholders understood
• Governance support organization
functional
Repeatable & Intuitive (2)
• Processes follow a consistent pattern Can repeat previously mastered tasks
• Beginning to define standards for
processes & technical architecture
Initial (1)
• Processes are ad hoc and disorganized Unpredictable and poorly controlled
• Recognized governance issues exist &
need to be addressed Source: IT Governance Institute
Maturity level 2 indicates that some governance skills have been accomplished
7
8. Assessment findings and recommendations
were framed on a governance lifecycle
Reconfirm Business and IT Alignment, Revise Architectures
Establish and
Sponsor and Manage
Align Business Maintain
Fund Initiatives Capabilities and
and IT Architectures
and Services IT Portfolio
and IT Policies
•Convey an enterprise vision •Establish standards based •Ensure architecture and •Maintain knowledge and skills
vs. vendor specific policy conformance
•Target business processes architectures •Set service levels
for improvement •Require business cases
•Establish IT policies, •Monitor service levels
•Institute demand planning standards and procedures •Evaluate proposals for
enterprise integration •Add and retire applications &
•Establish investment priority •Develop technical reference services
guidelines models (Reference •Consider both top-down and
Architectures) bottom-up opportunities
•Establish IT value metrics
•Require visible ownership of
initiatives
8
9. Issue escalation and infrastructure maintenance
are essential components of governance
Reconfirm Business and IT Alignment, Revise Architectures
Establish and
Sponsor and Manage
Align Business Maintain
Fund Initiatives Capabilities and
and IT Architectures
and Services IT Portfolio
and IT Policies
Escalate and Resolve Issues
Maintain Infrastructure
9
10. Governing IT requires collaboration of business and
technology leaders at several organizational levels
Reconfirm Business and IT Alignment, Revise Architectures
Establish and
Sponsor and Manage
Align Business Maintain
Fund Initiatives Capabilities and
and IT Architectures
and Services IT Portfolio
and IT Policies
Escalate and Resolve Issues
Maintain Infrastructure
Align Business and IT
Recommendations
• Charter* strategic, tactical and operational governance forums
integrated across the enterprise
• Develop enterprise-level business vision
• Establish and communicate IT goals and strategies
• Initiate demand planning
• Define framework for Service Level Agreements
• Provide guidance and oversight for programs
• Do not devolve into problem solving
*Charter includes mission, scope, authority, schedule, guiding principles, structure and membership, roles and responsibilities
10
11. Establishing architectures and policies
promotes IT consistency and integration
Reconfirm Business and IT Alignment, Revise Architectures
Establish and
Sponsor and Manage
Align Business Maintain
Fund Initiatives Capabilities and
and IT Architectures
and Services IT Portfolio
and IT Policies
Escalate and Resolve Issues
Maintain Infrastructure
Establish and Maintain Architectures and IT Policies
Recommendations
• Develop architectures that represent the business and technical dimensions
• Context existing IT applications within the architectures to identify overlaps, gaps
and integration opportunities
• Use architectures to target improvement, scope initiatives and evaluate
compliance
• Establish and communicate IT standards and policies
11
12. A common understanding of funding strategies
and criteria is needed across the enterprise
Reconfirm Business and IT Alignment, Revise Architectures
Establish and
Sponsor and Manage
Align Business Maintain
Fund Initiatives Capabilities and
and IT Architectures
and Services IT Portfolio
and IT Policies
Escalate and Resolve Issues
Maintain Infrastructure
Sponsor and Fund Initiatives and Services
Recommendations
• Set the tone for architecture compliance
• Target and scope improvement within architecture context
• Require proposals to comply with architectures and policies
• Allocate funding to proposals supporting IT strategies – but allow for ‘bottom up’
opportunities
• Require business cases and active sponsorship
12
13. Service delivery depends on management of
capabilities and the IT portfolio
Reconfirm Business and IT Alignment, Revise Architectures
Establish and
Sponsor and Manage
Align Business Maintain
Fund Initiatives Capabilities and
and IT Architectures
and Services IT Portfolio
and IT Policies
Escalate and Resolve Issues
Maintain Infrastructure
Manage Capabilities and IT Portfolio
Recommendations
• Identify the core capabilities needed to develop and deliver services
• Establish ‘make / buy’ decision criteria for core vs. non-core capabilities
• Plan to migrate from non-standard technologies
• Empower technical providers to manage computing assets in areas of
inventories, hardware and software versions
13
14. Procedures are needed to escalate and resolve
issues - across governance layers
Reconfirm Business and IT Alignment, Revise Architectures
Establish and
Sponsor and Manage
Align Business Maintain
Fund Initiatives Capabilities and
and IT Architectures
and Services IT Portfolio
and IT Policies
Escalate and Resolve Issues
Maintain Infrastructure
Escalate and Resolve Issues
Recommendations
• Define issue escalation and resolution process
• Clearly define managers’ responsibilities to rule in specific areas
• Define how unresolved issues can be escalated – without retribution
14
15. Future infrastructure requirements must be
planned and funded
Reconfirm Business and IT Alignment, Revise Architectures
Establish and
Sponsor and Manage
Align Business Maintain
Fund Initiatives Capabilities and
and IT Architectures
and Services IT Portfolio
and IT Policies
Escalate and Resolve Issues
Maintain Infrastructure
Maintain Infrastructure
Recommendations
• Institute demand planning to anticipate and respond to future infrastructure
requirements
• Provide funding for infrastructure management
15
16. Summary of recommended actions
Charter strategic, tactical and Develop and use architectures to Establish executive metrics linked
operational governance committees target and scope improvements, to operational measures
across the enterprise evaluate compliance Identify and manage the core
Integrate governance across capabilities needed to develop and
committees Require proposals to comply with deliver services
Assign roles and responsibilities to architectures and policies
committee members Require business cases and active
Initiate demand planning sponsorship
Reconfirm Business and IT Alignment, Revise Architectures
Establish and
Sponsor and Manage
Align Business Maintain
Fund Initiatives Capabilities and
and IT Architectures
and Services IT Portfolio
and IT Policies
Escalate and Resolve Issues
Maintain Infrastructure
Define issue escalation and Empower technical providers to
resolution process manage computing assets
Clearly define managers’ Provide funding for infrastructure
responsibilities to rule management
Define how unresolved issues
can be escalated
16
17. Governing IT requires collaboration of business and
technology leaders at several organizational levels
•Senior business and IT
•Corporate business direction
Governance Board •Goals and strategies
•Approve architecture, policies,
Quarterly funding plans
OpCo
Business
Issue Management
Architecture Steering
Steering Program Office
Governance Committee
Committee
Integration
Monthly
Architectures: •Business and IT •Monitor, measure & report on
•Business •OpCo business direction service delivery performance
•Applications •Sponsor and fund initiatives •Oversee initiatives
•Infrastructure •Ensure integration
•Information •Accountable for service
•Security delivery performance
Service Providers
Internal and External
•Responsible for service delivery
•Manage computing assets
•Manage change control
17
19. Summary of recommended actions
Charter strategic, tactical and operational governance committees across
the enterprise
Integrate governance across committees
– Business direction, demand planning, service request, issue escalation etc.
Assign roles and responsibilities to committee members
Develop and use architectures to target and scope improvements,
evaluate compliance. Require proposals to comply with architectures and
policies
Identify and manage the core capabilities needed to develop and deliver
services
Ensure that projects have sponsors, business cases and are properly
managed
Measure performance
– Establish meaningful executive metrics that relate to priority business
applications and other investments
– Use operational and executive-level milestones to track initiatives
Empower technical providers to manage computing assets
– Inventories, hardware and software versions
19
20. Governing IT requires collaboration of business and
technology leaders at several organizational levels
Strategic Tactical
Performed by executive IT and business Performed by senior IT & business leaders
leaders – driven by the business at the enterprise and business unit level
– Set strategic vision and direction (at the – Create operational guidelines, policy, and
What gets theme level), ensure it is communicated and decision criteria
refreshed appropriately
done – Create and manage overall transformation
– Define & approve high level funding plan
allocations
– Guide funding decisions (project by project)
– Define major transformation milestones
– Arbitrate directional / project priority issues
– Ensure anticipated / required results are
– Ensure integration of initiatives across the
achieved
enterprise
Performed by senior IT managers and IT Performed by IT architects and line IT
architects management
How it – Set architectural principles – Create and manage design and
gets done – Set the tone for architecture compliance
implementation guidelines and rules
– Validate adherence and compliance to the
direction
– Create and manage architecture/technology
plan
20
21. Governance – Big Rules
• Separate what gets done from how it gets done – business
drives the “what”; IT drives the “how”
• Senior managers must set a tone for compliance – enforcement
of compliance should be built into the project lifecycle
• Project priority decisions should be guided by a multi-year plan
with budget cycle draw-downs
• Project decisions should be made within a priority framework
built around higher-level business themes and established by
business and IT executives
21
22. Summary of recommended actions
Reconfirm Business and IT Alignment, Revise Architectures
Establish and
Sponsor and Manage
Align Business Maintain
Fund Initiatives Capabilities and
and IT Architectures
and Services IT Portfolio
and IT Policies
Escalate and Resolve Issues
Maintain Infrastructure
Charter strategic, tactical and operational governance committees across the enterprise
Integrate governance across committees
– Business direction, demand planning, service request, issue escalation etc.
Assign roles and responsibilities to committee members
Develop and use architectures to target and scope improvements, evaluate compliance. Require proposals to
comply with architectures and policies
Identify and manage the core capabilities needed to develop and deliver services
Ensure that projects have sponsors, business cases and are properly managed
Measure performance
– Establish meaningful executive metrics that relate to priority business applications and other investments
– Use operational and executive-level milestones to track initiatives
Empower technical providers to manage computing assets
– Inventories, hardware and software versions
22