Successfully reported this slideshow.

Governing IT

5,204 views

Published on

Published in: Business
  • Be the first to comment

Governing IT

  1. 1. Governing IT Louis Boyle Vice President Gartner Executive Programs
  2. 2. Agenda <ul><li>Definitions & context </li></ul><ul><li>IT Governance Framework </li></ul><ul><ul><li>What – the decisions </li></ul></ul><ul><ul><li>Who – the deciders </li></ul></ul><ul><ul><li>How – the mechanisms </li></ul></ul><ul><ul><li>Implementation – change management/communications </li></ul></ul><ul><li>Key Success Factors </li></ul><ul><li>Case Study </li></ul><ul><li>Q & A </li></ul>
  3. 3. Effective IT Governance Is Critical, But Difficult To Achieve <ul><ul><li>Smart IT governance helps enterprises deal with complexity </li></ul></ul><ul><ul><li>But both business and IT governance are poorly understood . . . top level IT governance just happens </li></ul></ul><ul><ul><li>IT governance is ‘the assignment of decision rights and the accountability framework to encourage desirable behavior in the use of IT’ (Weill, 2001; Broadbent & Weill, 1998) </li></ul></ul><ul><ul><li>Defining desirable behaviors takes time, effort, focus . . . cost savings, innovation, growth, reuse, sharing </li></ul></ul><ul><ul><li>Effective IT governance is not ‘one size fits all’ . . . differs by business objectives, behavior sought </li></ul></ul><ul><ul><li>IT business value directly results from effective IT governance . . .Firms with superior IT governance have at least 20% higher profits (ROA) than firms with poor governance given the same strategic objectives. </li></ul></ul>© 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc.
  4. 4. High Governance Performers Have Sharper Strategies, Focus And Commitment* <ul><li>Characteristics of High IT Governance Performers </li></ul><ul><ul><li>More focused strategies </li></ul></ul><ul><ul><ul><li>Greater differentiation between customer intimacy, product innovation, or operational excellence </li></ul></ul></ul><ul><ul><li>Clearer business objectives for IT investment </li></ul></ul><ul><ul><ul><li>Greater differentiation between supporting new ways of doing business, improving flexibility, or facilitating customer communication </li></ul></ul></ul><ul><ul><li>High level executive participation in IT governance </li></ul></ul><ul><ul><ul><li>Greater involvement, impact of CEO, COO, Business Heads, Business Unit CIOs and CFO </li></ul></ul></ul><ul><ul><ul><li>Who could accurately describe IT governance arrangements </li></ul></ul></ul><ul><ul><li>Stable IT governance, fewer changes year to year </li></ul></ul><ul><ul><li>Well functioning formal exception processes </li></ul></ul><ul><ul><li>Formal communication methods </li></ul></ul>*Statistically significant relationship with governance performance © 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc
  5. 5. What is IT Governance and what does it address within an organization? <ul><li>Top Level IT Governance Addresses Three Major Components: </li></ul><ul><li>What decisions need to be made? . . . decisions about major IT domains </li></ul><ul><ul><ul><ul><li>IT Principles </li></ul></ul></ul></ul><ul><ul><ul><ul><li>IT Infrastructure Strategies </li></ul></ul></ul></ul><ul><ul><ul><ul><li>IT Architecture </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Business Application Needs </li></ul></ul></ul></ul><ul><ul><ul><ul><li>IT Investment and Prioritization </li></ul></ul></ul></ul><ul><ul><ul><ul><li>External Relationships </li></ul></ul></ul></ul><ul><li>Who has decision and input rights? . . . Rights are exercised in different governance styles </li></ul><ul><ul><ul><ul><li>Monarchy, Feudal, Federal, Duopoly, Anarchy </li></ul></ul></ul></ul><ul><li>How are the decisions formed and enacted? . . . Multiple mechanisms make governance work </li></ul><ul><ul><ul><ul><li>Decision Making Councils (e.g., Office of CIO) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Business/IT Relationship Managers </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Process Teams </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Service-Level Agreements </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Chargeback Arrangements </li></ul></ul></ul></ul>IT governance specifies decision rights and creates an accountability framework that encourages desirable behavior in the use of IT Governance approaches should be based on the degree of enterprise commonality that exists, the urgency of required responses and the frenzy (and pressure) to perform. Consequently, Gartner recommends tailoring and balancing general-purpose management models to meet unique organizational needs. Balancing the IT Management Triad Vision and Business Alignment Funding, Budgeting and Pricing Staffing and Organization • Reinvestment? • Application prioritization? • Continuous migration? • Outside suppliers? • Roles and responsibilities? • Process? • Compensation? • Retention? • IT policy? • IT strategy? • Governance? • Shared services? IT as a back- office utility overhead IT as a business enabler and competitive weapon
  6. 6. Administrative Process Map: IT Governance Aligns these Processes Political Agenda IT Strategic Plan Budget Desires Decisions Tactical Execution Cross-Agency Budget Cutting Service Delivery Project Management Human Resources Acquisition Strategic Sourcing Corporate Performance Management Investment Prioritization Business Strategic Plan <ul><li>Business Case Inputs </li></ul><ul><li>Organizational Capacity </li></ul><ul><li>Cost </li></ul><ul><li>Time </li></ul><ul><li>Risk </li></ul><ul><li>Procurement </li></ul><ul><li>Portfolio Performance </li></ul>
  7. 7. IT Governance and Management Are Not the Same <ul><li>What IT Governance Is: </li></ul><ul><li>Collective decisions and guidance about: </li></ul><ul><ul><li>How IT should be used in the business (policies, principles) </li></ul></ul><ul><ul><li>Who makes What decisions How (clear accountabilities) </li></ul></ul><ul><ul><li>Business cases and investments (priorities, ownership and benefits realization) </li></ul></ul><ul><li>What IT Governance Is Not: </li></ul><ul><ul><li>Internal IT operations </li></ul></ul><ul><ul><li>IT people management </li></ul></ul><ul><ul><li>IT contract management </li></ul></ul><ul><ul><li>Internal IT organization </li></ul></ul><ul><ul><li>Project management </li></ul></ul><ul><ul><li>System testing </li></ul></ul><ul><ul><li>Audits </li></ul></ul><ul><ul><li>Procurement of hardware </li></ul></ul><ul><ul><li>Facilities management </li></ul></ul><ul><ul><li>Documentation and training </li></ul></ul><ul><ul><li>Client satisfaction </li></ul></ul><ul><ul><li>Benchmarking </li></ul></ul><ul><ul><li>Capacity planning </li></ul></ul><ul><ul><li>Resource management </li></ul></ul>
  8. 8. What Are the Key Components that Make Up IT Governance? <ul><li>An IT Governance framework usually comprises the following components: </li></ul><ul><ul><li>Structural Model </li></ul></ul><ul><ul><ul><li>Mission - Purpose and approach to managing the IT organization </li></ul></ul></ul><ul><ul><ul><li>IT Organization - Structure, reporting relations and connections between resources and their counterparts across the IT organization </li></ul></ul></ul><ul><ul><ul><li>Roles & Responsibilities - Definition of work requirements and the groups/individuals to perform them </li></ul></ul></ul><ul><ul><li>Operational Model </li></ul></ul><ul><ul><ul><li>Processes - Pre-defined activity flow for necessary actions and creation of outcomes </li></ul></ul></ul><ul><ul><ul><li>Measures - Accountability mechanisms at all levels </li></ul></ul></ul><ul><ul><ul><li>Policies - Pre-defined decision on boundaries, standards, latitude </li></ul></ul></ul><ul><ul><ul><li>Information and analysis to inform decisions </li></ul></ul></ul>Customer / End User Help Desk and Local/Peer Support Shared Services Infrastructure and Production Support Systems - Network - Data - Applications Asset Management - Operations CIO BU Managers Functional Management Relationship Manager Office of Integration BU CIO Competency Centers Network and Data Design Change Management “ Exotics” (Multimedia, Intranet) Support Maintain Proposal Requirements Test Build/Buy Design Specification Assessment Project Manager Project Office Project Manager Functional AD team Development Services BU AD team Process Office of Architecture, Standards & Planning Office of the CIO
  9. 9. Top IT Governance Mechanisms Focus On Business And IT Relationships Not Effectiveness Very © 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc. 1 2 3 4 5 Chargeback arrangements Web-based portals, intranets for IT Formally tracking IT’s business value Architecture committee Capital approval committee Service level agreements Tracking of IT projects and resources Process teams with IT members Executive committee IT council of business and IT executives IT leadership committee Business/IT relationship managers IT Governance Mechanism Effectiveness % respondents using 85 87 71 89 86 96 89 56 67 62 79 62
  10. 10. The Three Components of IT Governance <ul><li>What decisions need to be made? </li></ul><ul><li>Who makes them? </li></ul><ul><li>How are they made? </li></ul>
  11. 11. 1. What Decisions Need To Be Made? . . Clarify Five Major IT Decision Domains IT Infrastructure Strategies IT Principles IT Architecture Business Application Needs IT Investment and Prioritization Strategies for the base foundation of budgeted-for IT capability (both technical and human), shared throughout the firm as reliable services, and centrally coordinated (e.g., network, help desk, shared data) High level statements about how IT is used in the business An integrated set of technical choices to guide the organization in satisfying business needs. The architecture is a set of policies and rules that govern the use of IT and plot a migration path to the way business will be done (includes data, technology, and applications) Business applications to be acquired or built Decisions about how much and where to invest in IT including project approvals and justification techniques © 2002 MIT Sloan Center for Information Systems Research (CISR). This material is adapted from Weill & Woodham's work originally published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, &quot;Don't Just Lead, Govern: Implementing Effective IT Governance,&quot; April 2002, and is used by Gartner with permission.
  12. 12. Defining IT Principles/Policies <ul><li>Characteristics of effective principles/policies </li></ul><ul><ul><li>Actionable — facilitate decision making </li></ul></ul><ul><ul><li>Succinct — express a focused point of view </li></ul></ul><ul><ul><li>Appropriate specificity: not too general (&quot;Motherhood and Apple Pie &quot;); there must be a compelling alternative </li></ul></ul><ul><ul><li>Clear implications — adhering or not adhering to the principle/policy should have consequences </li></ul></ul><ul><ul><li>Relevant — address the specific business context of an enterprise (business trends, IT trends, corporate culture and values) </li></ul></ul><ul><li>Components of principles/policies </li></ul><ul><ul><li>Principle statement </li></ul></ul><ul><ul><li>Rationale </li></ul></ul><ul><ul><li>Implications </li></ul></ul>
  13. 13. 2. Who Has Decision Rights And Inputs? . . Rights Exercised In Six Governance Styles Note: Some Governance styles were inspired by Davenport, 1997. C-level executives, as a group or individuals, including the CIO (but not acting independently) C-level executives and at least one other group. (Equivalent to the center and states working together) IT executives and one other group (eg CXO or BU leaders) Business unit leaders or their delegates Individuals or groups of IT executives Each individual business process owner or end user Business Monarchy Federal Duopoly Feudal IT Monarchy Anarchy © 2002 MIT Sloan Center for Information Systems Research (CISR). This material is adapted from Weill & Woodham's work originally published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, &quot;Don't Just Lead, Govern: Implementing Effective IT Governance,&quot; April 2002, and is used by Gartner with permission. Style Who Makes The Decisions?
  14. 14. 3. How Can IT Governance Arrangements Be Represented? IT Principles IT Infra- structure Strategies IT Architecture Business Application Needs IT Investment Business Monarchy IT Monarchy Feudal Federal Duopoly Domain Style Anarchy Don’t Know © 2002 MIT Sloan Center for Information Systems Research (CISR). This framework is adapted from Weill & Woodham's work originally published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, &quot;Don't Just Lead, Govern: Implementing Effective IT Governance,&quot; April 2002, and is used by Gartner with permission. ?
  15. 15. IT Governance — Example of Domains, Decision Rights and Styles © 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc. drawing on the framework of Weill and Woodham, 2002. Exec comm Biz leaders Exec comm IT leadership CIO IT leadership Exec comm Biz leaders CIO IT leadership Biz leaders Biz pro own Biz/IT rel mgs Exec comm Biz leaders Biz leaders Biz pro own Cap appr comm Biz leaders Biz pro own <ul><li>Business/IT relationship managers </li></ul><ul><li>Biz/IT rel mgs </li></ul><ul><li>CIO, CIO's office and biz unit CIOs </li></ul><ul><li>IT leadership </li></ul><ul><li>Business process owners </li></ul><ul><li>Biz pro own </li></ul><ul><li>Business unit heads/presidents </li></ul><ul><li>Biz leaders </li></ul><ul><li>Exec comm subgroup, includes CIO </li></ul><ul><li>Cap appr comm </li></ul><ul><li>Executive committee (&quot;C&quot; levels ) </li></ul><ul><li>Exec comm </li></ul>Input Decision IT Principles Input Decision IT Infrastructure Strategies Input Decision IT Architecture Input Decision Business Application Needs Input Decision IT Investment and Prioritization Business Monarchy IT Monarchy Feudal Federal Duopoly Governance Mechanisms Domain Style Input rights Decision rights
  16. 16. Business And IT Executive Collaboration Mark High IT Governance Performers © 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc, drawing on the framework of Weill and Woodham, 2002. IT Principles IT Infrastructure Strategies IT Architecture Business Application Needs IT Investment and Prioritization Business Monarchy IT Monarchy Feudal Federal Duopoly Anarchy Domain Style Top three patterns of high IT governance performers 1 2 3
  17. 17. Six Guiding IT Principles <ul><li>IT will enable and provide strategic value to the business. </li></ul><ul><li>IT architecture & standards shall be governed at the enterprise level to ensure integrity, planned evolution, and periodic refresh in light of new technologies and business strategies. </li></ul><ul><li>Information is our business, so data is one of our most valuable assets. It must be accessible, managed and protected accordingly. </li></ul><ul><li>IT will reuse before it buys and buy before it builds. </li></ul><ul><li>As new applications are developed, we will strive to create reusable components and processes (in line with the architecture) to facilitate business reuse where appropriate. </li></ul><ul><li>IT will strive to reduce complexity in the the technology environment. </li></ul>What IT decisions are made
  18. 18. <ul><li>Rationale </li></ul><ul><ul><li>IT Services and Solutions must meet business needs and help drive value. </li></ul></ul><ul><li>Implications </li></ul><ul><ul><li>IT will be “students” of the business – to provide appropriate technical solutions and support, IT must understand the business </li></ul></ul><ul><ul><li>IT will manage appropriately within established budget </li></ul></ul><ul><ul><li>IT will make provisions to ensure Business is an educated consumer of IT Products and Services </li></ul></ul><ul><ul><li>IT Application Leadership will engage with Business in business strategy, planning, and management </li></ul></ul><ul><ul><li>IT will partner with Business Unit leadership to support enterprise requirements and business solutions </li></ul></ul><ul><ul><li>Business processes need to be optimized to obtain full benefits of technological solutions </li></ul></ul><ul><ul><li>IT Business Relationship Managers will represent all facets of the IT function to the Business Units </li></ul></ul><ul><ul><li>IT will provide business “consulting” services (alternatives, pros, cons, recommendations) as a partner to its business clients </li></ul></ul><ul><ul><li>IT will evaluate alternative technological and sourcing approaches to provide business solutions </li></ul></ul><ul><ul><li>IT must be “easy to do business with” - make IT easy to navigate for business colleagues </li></ul></ul>IT Will Enable and Provide Strategic Value to the Business
  19. 19. IT Governance Mechanisms Input Decision Business App Needs IT Monarchy Feudal Federal Duopoly Domain Style Business Application Needs <ul><ul><li>Major Decisions Addressed </li></ul></ul><ul><ul><ul><li>Rule of 7 </li></ul></ul></ul><ul><ul><ul><li>Only those decisions that the governing entity reserves clearly and completely for itself, with no delegation </li></ul></ul></ul><ul><ul><li>Mechanism </li></ul></ul><ul><ul><ul><li>Input Forum </li></ul></ul></ul><ul><ul><ul><li>Decision Forum </li></ul></ul></ul><ul><ul><ul><li>Trigger: Regularly scheduled at xxx interval, or reactive based on yyy </li></ul></ul></ul><ul><ul><ul><li>Sponsor </li></ul></ul></ul><ul><ul><li>Metrics </li></ul></ul><ul><ul><ul><li>Minimum metrics to ensure successful operation and compliance </li></ul></ul></ul><ul><ul><li>Compliance </li></ul></ul><ul><ul><ul><li>“ Loop-closing” mechanism </li></ul></ul></ul><ul><ul><ul><li>MUST fit the culture </li></ul></ul></ul><ul><ul><li>Refer to Exception process for more information </li></ul></ul>How the Decisions Get Made Business Monarchy Anarchy Input rights Decision rights
  20. 20. Sample IT Governance Mechanisms Exception Process Exceptions to the IT Governance processes should be very rare and well-justified. In cases where an involved party has significant issues or concerns regarding a decision reached via the IT Governance processes, the following process should be followed: <ul><ul><li>For Senior Management Team decisions </li></ul></ul><ul><ul><ul><li>CEO makes final decision </li></ul></ul></ul><ul><ul><li>For Senior Management Team, CIO & ITLC decisions </li></ul></ul><ul><ul><ul><li>Sr. Leader (or designee) approaches appropriate ITLC member with specific circumstances </li></ul></ul></ul><ul><ul><ul><li>CIO & Sr. Leader formally approve exception </li></ul></ul></ul><ul><ul><ul><li>Escalate to CEO, if necessary </li></ul></ul></ul><ul><ul><li>For Business Unit Leaders decisions </li></ul></ul><ul><ul><ul><li>Sr. Leader approaches Application Head with specific circumstances </li></ul></ul></ul><ul><ul><ul><li>CIO & Sr. Leader must formally approve exception </li></ul></ul></ul><ul><ul><ul><li>Escalate to CEO, if necessary </li></ul></ul></ul>How the Decisions Get Made
  21. 21. Implementing IT Governance Communications/Change Management Components <ul><li>Executive (CEO leadership team meetings, COO leadership team meetings) socialization presentations, discussions </li></ul><ul><li>Executive announcement ‘Elevator speech’ (COO to CEO & CEO direct reports) </li></ul><ul><li>Executive summary slide deck </li></ul><ul><li>BRM (business relationship manager) communication tools </li></ul><ul><ul><li>Slide deck </li></ul></ul><ul><ul><li>Suggested talk track </li></ul></ul><ul><ul><li>Suggested email announcement </li></ul></ul><ul><ul><li>FAQs </li></ul></ul><ul><li>Core team continued availability during above </li></ul>
  22. 22. Key Success Factors for IT Governance <ul><li>The full buy-in of the CEO & direct reports is required </li></ul><ul><li>Clear participation of the business (it’s all about governing IT) </li></ul><ul><ul><li>A willingness between Corporate and the business units as well as across business units to cooperate and to develop a solution that is supported by all is essential </li></ul></ul><ul><li>Existing organizational and decision making structures can’t be sacred cows as they will be questioned and likely modified </li></ul><ul><li>The project can’t be treated as an IT project </li></ul><ul><li>Formal change management needs to be part of the work </li></ul><ul><li>Communicate, communicate, communicate </li></ul><ul><li>Minimal “loop closing“ is required to ensure compliance </li></ul>
  23. 23. Typical Benefits of Implementing an IT Governance Framework <ul><li>Enhanced alignment between the Business and IT </li></ul><ul><li>Improved IT decision-making & communications </li></ul><ul><ul><li>Overall clearer </li></ul></ul><ul><ul><li>More efficient as decisions and communications are quicker and more cost-effective </li></ul></ul><ul><ul><li>More effective as the right decisions get made </li></ul></ul><ul><li>Improved perception of value of IT </li></ul><ul><li>More focused strategies </li></ul><ul><li>Clearer business objectives for IT investment </li></ul><ul><li>High level executive participation in IT governance </li></ul><ul><li>Stable IT governance, fewer changes year to year </li></ul><ul><li>Well functioning formal exception processes </li></ul><ul><li>Formal communication methods </li></ul>
  24. 24. Typical Project Timeline <ul><li>The following presents a more or less typical timeline for projects of this nature: </li></ul><ul><li>Depending on the specifics of the project, a more detailed timeline will have to be developed </li></ul>Milestones Project Planning Governance Requirements Identification Governance Design Transition Month 1 Month 2 Month 3
  25. 25. Example <ul><li>Summary of Case Study </li></ul>
  26. 26. Assess Your IT Governance Effectiveness Short Form Self-Assessment 6 or less (no effective IT governance) 10-13 (maturing IT governance) IT Governance Effectiveness Indicators Disagree Strongly (Score 0) Disagree Somewhat (Score 1) Agree Somewhat (Score 2) Agree Strongly (Score 3) Total 2. We have clear business objectives for evaluating every type of IT investment 3. Executives are engaged in IT governance and can describe these arrangements 1. We have strongly differentiated business strategies 5. We use well-defined, formal IT exception processes 4. Our IT governance is stable, with few major changes year-to-year 6. We use multiple formal communication methods to engage business leaders 7-9 (low-level IT governance) 14+ (top performer, guard against complacency) 1 1 1 1 1 1 0 0 0 0 0 0 2 2 2 2 2 2 3 3 3 3 3 3 © 2002 Gartner, Inc. and MIT Sloan Center for Information Systems Research (Weill)
  27. 27. Assess Your IT Governance Effectiveness Long Form Self-Assessment Assess your current position on a journey into the future. For each area, rate these factors, where 1 means strongly disagree, 5 means strongly agree. <ul><li>Decisions </li></ul><ul><li>Clarity about decision rights </li></ul><ul><li>Consistency </li></ul><ul><li>Strong business cases </li></ul><ul><li>Business roles clear </li></ul><ul><li>Appropriate committees </li></ul><ul><li>Optimized budgets </li></ul><ul><li>Architecture plan </li></ul><ul><li>Directions </li></ul><ul><li>Aligned strategies </li></ul><ul><li>IT strategy known </li></ul><ul><li>Defined IT principles </li></ul><ul><li>Risks assessed & managed </li></ul><ul><li>Business value understood </li></ul><ul><li>Performance metrics clear </li></ul><ul><li>Relationships </li></ul><ul><li>Clear links to corporate governance </li></ul><ul><li>Strong and trusted teamwork between business and IT </li></ul><ul><li>Strong and trusted teamwork within IT </li></ul>
  28. 28. Implementing IT Governance – General Project Approach <ul><li>Plan it, work it! </li></ul><ul><ul><li>Game plan, self-assessment, project plan </li></ul></ul><ul><li>Establish IT Governance Principles based on overall IT strategy </li></ul><ul><li>Evaluate effectiveness of current IT Governance-like mechanisms, if any do exist either within Corporate or the business units </li></ul><ul><li>Develop Governance processes as appropriate (structural and operational model) </li></ul><ul><li>Establish clear relationship between the various IT Governance components </li></ul><ul><li>Validate IT Governance framework and processes with Business Owners </li></ul><ul><li>Implement new IT Governance framework </li></ul><ul><ul><li>Roll out to all of IT & Business </li></ul></ul><ul><ul><li>Thorough communications & PR campaign </li></ul></ul><ul><li>Establish IT Governance oversight role to monitor processes, effectiveness, and compliance </li></ul>
  29. 29. Q & A <ul><li>? </li></ul><ul><li>! </li></ul>
  30. 30. Appendix – Sample Deliverables
  31. 31. Example Topics for IT Principles/Policies <ul><li>Governance </li></ul><ul><li>Investment Evaluation Criteria </li></ul><ul><li>Investment Decision Making </li></ul><ul><li>Funding </li></ul><ul><li>Cost Allocation </li></ul><ul><li>Benefits Realization </li></ul><ul><li>Architecture </li></ul><ul><li>Project Management </li></ul><ul><li>Privacy </li></ul><ul><li>Procurement </li></ul><ul><li>Operational Risk </li></ul><ul><li>Business Continuity </li></ul><ul><li>Security </li></ul><ul><li>Organizational Development </li></ul>
  32. 32. Summary of Case Study <ul><li>List of 6 guiding principles </li></ul><ul><li>Details - principle 1 </li></ul><ul><li>Details - principle 2 </li></ul><ul><li>Governance arrangements matrix </li></ul><ul><li>Details for one IT governance mechanism </li></ul><ul><li>Exception process </li></ul><ul><li>Communications process </li></ul>
  33. 33. Sample of Six Guiding IT Principles <ul><li>IT will enable and provide strategic value to the business. </li></ul><ul><li>IT architecture & standards shall be governed at the enterprise level to ensure integrity, planned evolution, and periodic refresh in light of new technologies and business strategies. </li></ul><ul><li>Information is our business, so data is one of our most valuable assets. It must be accessible, managed and protected accordingly. </li></ul><ul><li>IT will reuse before it buys and buy before it builds. </li></ul><ul><li>As new applications are developed, we will strive to create reusable components and processes (in line with the architecture) to facilitate business reuse where appropriate. </li></ul><ul><li>IT will strive to reduce complexity in the the technology environment. </li></ul>What IT decisions are made
  34. 34. <ul><li>IT will enable and provide strategic value to the business </li></ul><ul><ul><li>Rationale </li></ul></ul><ul><ul><ul><li>IT Services and Solutions must meet business needs and help drive value </li></ul></ul></ul><ul><ul><li>Implications </li></ul></ul><ul><ul><ul><li>IT will be “students” of the business – to provide appropriate technical solutions and support, IT must understand the business </li></ul></ul></ul><ul><ul><ul><li>IT will manage appropriately within established budget </li></ul></ul></ul><ul><ul><ul><li>IT will make provisions to ensure Business is an educated consumer of IT Products and Services </li></ul></ul></ul><ul><ul><ul><li>IT Application Leadership will engage with Business in business strategy, planning, and management </li></ul></ul></ul><ul><ul><ul><li>IT will partner with Business Unit leadership to support enterprise requirements and business solutions </li></ul></ul></ul><ul><ul><ul><li>Business processes need to be optimized to obtain full benefits of technological solutions </li></ul></ul></ul><ul><ul><ul><li>IT Business Relationship Managers will represent all facets of the IT function to the Business Units </li></ul></ul></ul><ul><ul><ul><li>IT will provide business “consulting” services (alternatives, pros, cons, recommendations) as a partner to its business clients </li></ul></ul></ul><ul><ul><ul><li>IT will evaluate alternative technological and sourcing approaches to provide business solutions </li></ul></ul></ul><ul><ul><ul><li>IT must be “easy to do business with” - make IT easy to navigate for business colleagues </li></ul></ul></ul>Sample IT Principles - 1 What IT decisions are made
  35. 35. <ul><li>IT architecture & standards shall be governed at the enterprise level to ensure integrity, planned evolution, and, periodic refresh in light of new technologies and business strategies </li></ul><ul><ul><li>Rationale </li></ul></ul><ul><ul><ul><li>A satisfactory control environment is dependent on meeting enterprise architecture and standards with the aim of reducing permutations of technology and enforcing change management </li></ul></ul></ul><ul><ul><ul><li>Research and development into new technologies is a costly investment. Sharing the cost among enterprise activities may permit more technology exploration and further the exploitation of promising technologies. Economies of scale can be realized by sharing architecture and standards as guidelines </li></ul></ul></ul><ul><ul><ul><li>Only through local unit compliance with enterprise architecture and standards will we achieve the required integrity planned evolution and refresh of our technology base </li></ul></ul></ul><ul><ul><li>Implications </li></ul></ul><ul><ul><ul><li>The creation of and adherence to standards are the joint responsibility of all IT organizations </li></ul></ul></ul><ul><ul><ul><li>We will strive for consistent and single standard IT processes including: change management, IT security standards, disaster recovery, ID management, development methodology </li></ul></ul></ul><ul><ul><ul><li>Business specific architecture and IT architecture shall align with the Enterprise Architecture (EA). EA shall be our architecture </li></ul></ul></ul><ul><ul><ul><li>Changes or modifications to the EA architecture will be governed at the greater enterprise-level </li></ul></ul></ul><ul><ul><ul><li>Enterprise views toward an architectural design or standard such as those effecting compliance and regulatory needs (e.g., SOX, Privacy) must be considered when designing a technology solution </li></ul></ul></ul><ul><ul><ul><li>Only one IT project methodology shall exist </li></ul></ul></ul><ul><ul><ul><li>Continuing investment must be made to keep our infrastructure environment current </li></ul></ul></ul><ul><ul><ul><li>Infrastructure services are managed at an enterprise level </li></ul></ul></ul>Sample IT Principles - 2 What IT decisions are made
  36. 36. Sample IT Governance Arrangements Matrix © 2002 Gartner, Inc. and MIT Sloan Center for Information Systems Research (Weill) drawing on the framework of Weill and Woodham, 2002. Who makes the decisions Input Decision Overall IT Principles Input Decision IT Infrastructure Strategies Input Decision IT Architecture Input Decision Business App Needs Input Decision IT Investment / Prioritization Senior Mgmt. Team CIO / Ent IT BU Leaders ITLC Senior Mgmt. CIO & ITLC Domain Style IT Leadership Council (includes App Head) ITLC Leaders from the Business Units BU Leaders CIO / Ent IT Combined Corp Office and IT Leadership Senior Mgmt & ITLC Corporate office (CEO and Staff) Senior Mgmt Team Input rights Decision rights External Relationship Input Decision CIO office and Enterprise IT * CIO has “Veto” rights *
  37. 37. Sample IT Governance Mechanisms Input Decision Business App Needs CIO / Ent IT BU Leaders ITLC Senior Mgmt. CIO & ITLC Domain Style Input rights Decision rights <ul><li>Business Application Needs </li></ul><ul><li>(Governed by each Business Unit / Function independently) </li></ul><ul><ul><li>Major Decisions Addressed * </li></ul></ul><ul><ul><ul><li>Approve application strategy and direction </li></ul></ul></ul><ul><ul><ul><li>Determine appropriate application resource allocation; resolve major resource conflicts </li></ul></ul></ul><ul><ul><ul><li>Propose significant application initiatives and projects </li></ul></ul></ul><ul><ul><ul><li>Approve and prioritize application initiatives and projects (within parameters established by Prioritization process) </li></ul></ul></ul><ul><ul><ul><li>Sponsor major projects to the Prioritization process </li></ul></ul></ul><ul><ul><ul><li>Provide oversight for significant initiatives and projects </li></ul></ul></ul><ul><ul><ul><li>Approve business risk mitigation tactics and strategies (with app impact) </li></ul></ul></ul><ul><ul><li>Mechanism </li></ul></ul><ul><ul><ul><li>Input Forum: ITLC meetings or CIO staff meeting </li></ul></ul></ul><ul><ul><ul><li>Decision Forum: Regularly scheduled business unit leadership meetings (one per Business Unit / Function) </li></ul></ul></ul><ul><ul><ul><li>Trigger: Regularly scheduled (no less than quarterly) </li></ul></ul></ul><ul><ul><ul><li>Sponsor: Application Head </li></ul></ul></ul>* * CIO has “Veto” rights <ul><ul><li>Refer to Exception process for more information </li></ul></ul>How the Decisions Get Made Senior Mgmt. Team
  38. 38. Sample IT Governance Mechanisms Exception Process Exceptions to the IT Governance processes should be very rare and well-justified. In cases where an involved party has significant issues or concerns regarding a decision reached via the IT Governance processes, the following process should be followed: <ul><ul><li>For Senior Management Team decisions </li></ul></ul><ul><ul><ul><li>CEO makes final decision </li></ul></ul></ul><ul><ul><li>For Senior Management Team, CIO & ITLC decisions </li></ul></ul><ul><ul><ul><li>Sr. Leader (or designee) approaches appropriate ITLC member with specific circumstances </li></ul></ul></ul><ul><ul><ul><li>CIO & Sr. Leader formally approve exception </li></ul></ul></ul><ul><ul><ul><li>Escalate to CEO, if necessary </li></ul></ul></ul><ul><ul><li>For Business Unit Leaders decisions </li></ul></ul><ul><ul><ul><li>Sr. Leader approaches Application Head with specific circumstances </li></ul></ul></ul><ul><ul><ul><li>CIO & Sr. Leader must formally approve exception </li></ul></ul></ul><ul><ul><ul><li>Escalate to CEO, if necessary </li></ul></ul></ul>How the Decisions Get Made
  39. 39. Sample IT Governance Communications Components <ul><li>Executive (CEO leadership team meetings, COO leadership team meetings) socialization presentations, discussions </li></ul><ul><li>Executive announcement ‘Elevator speech’ (COO to CEO & CEO direct reports) </li></ul><ul><li>Executive summary slide deck </li></ul><ul><li>BRM (business relationship manager) communication tools </li></ul><ul><ul><li>Slide deck </li></ul></ul><ul><ul><li>Suggested talk track </li></ul></ul><ul><ul><li>Suggested email announcement </li></ul></ul><ul><ul><li>FAQs </li></ul></ul><ul><li>Core team continued availability during above </li></ul>Return
  40. 40. Sample IT Governance Design - Enterprise Architecture Example Mechanism, Roles, Process ILLUSTRATIVE <ul><li>IT Architecture </li></ul><ul><li>Domain Teams </li></ul><ul><li>IT Architecture </li></ul><ul><li>IT Architecture </li></ul><ul><li>Domain Teams </li></ul><ul><li>Domain Teams </li></ul><ul><li>IC </li></ul><ul><li>CIOs </li></ul><ul><li>IC </li></ul><ul><li>CIOs </li></ul><ul><li>IT BOG </li></ul><ul><li>IT BOG </li></ul><ul><li>IT BOG </li></ul><ul><li>XYZ </li></ul><ul><li>Director </li></ul><ul><li>IC </li></ul><ul><li>Directors </li></ul><ul><li>IC </li></ul><ul><li>Directors </li></ul><ul><li>IC </li></ul><ul><li>Directors </li></ul><ul><li>FARB </li></ul><ul><li>FARB </li></ul><ul><li>FARB </li></ul><ul><li>Architecture </li></ul><ul><li>Review Board </li></ul><ul><li>Architecture </li></ul><ul><li>Architecture </li></ul><ul><li>Review Board </li></ul><ul><li>Review Board </li></ul><ul><li>IC </li></ul><ul><li>Directors </li></ul><ul><li>EA Updates for Approval </li></ul><ul><li>Exception </li></ul><ul><li>Evaluations-major </li></ul><ul><li>Technical Advice for </li></ul><ul><li>EA Funding or Appeals </li></ul><ul><li>Advice </li></ul><ul><li>Exception </li></ul><ul><li>Evaluations-minor </li></ul><ul><li>Exception Requests </li></ul><ul><li>Advice for EA Funding </li></ul><ul><li>Advice </li></ul><ul><li>Guidance </li></ul><ul><li>Office of the </li></ul><ul><li>Chief IT Architect </li></ul><ul><li>Office of the </li></ul><ul><li>Office of the </li></ul><ul><li>Chief IT Architect </li></ul><ul><li>Chief IT Architect </li></ul><ul><li>Leadership </li></ul><ul><li>Project </li></ul><ul><li>Teams </li></ul><ul><li>XYZ CIO </li></ul>
  41. 41. Sample IT Governance Design - Clarifying Roles & Responsibilities <ul><li>RACI analysis clearly defines who is Responsible, Accountable, Consulted, Informed on all decisions, activities, etc. </li></ul>ILLUSTRATIVE
  42. 42. IT Governance Operations — Making It Work IT Governance <ul><li>Goals </li></ul><ul><li>Domains </li></ul><ul><li>Principles </li></ul><ul><li>Decision Rights </li></ul><ul><li>Styles </li></ul>IT Governance Strategy IT Governance Operations Supply Governance (How Should IT Do What It Does?) IT Management Primary Responsibility Demand Governance (What Should IT Work On?) Business Management Primary Responsibility Biz/IT Strategy Validation Overall IT Investment & Expense Develop Demand Governance Processes Biz/IT Operational Planning IT Investment Portfolios (PPM) Investment Evaluation Criteria Intra-/Inter- Enterprise Prioritization Demand Governance Implementation Board IT Governance IT Gov Effectiveness (Metrics, etc.) IT Value Assessment IT Service Chargeback IT Service Funding Spending/Project Oversight Councils/ Committees Issue Escalation/ Resolution Business Benefits Realization Business Unit Prioritization Plan Implement Manage Monitor Architecture <ul><li>Plan </li></ul><ul><li>Implement </li></ul><ul><li>Manage </li></ul><ul><li>Monitor Compliance </li></ul>Security <ul><li>Plan </li></ul><ul><li>Implement </li></ul><ul><li>Manage </li></ul><ul><li>Monitor Compliance </li></ul>Corporate Compliance <ul><li>Plan </li></ul><ul><li>Implement </li></ul><ul><li>Manage </li></ul><ul><li>Monitor Compliance </li></ul>Project Management <ul><li>Plan </li></ul><ul><li>Implement </li></ul><ul><li>Manage </li></ul><ul><li>Monitor Compliance </li></ul>Sourcing <ul><li>Plan </li></ul><ul><li>Implement </li></ul><ul><li>Manage </li></ul><ul><li>Monitor Compliance </li></ul>Procurement <ul><li>Plan </li></ul><ul><li>Implement </li></ul><ul><li>Manage </li></ul><ul><li>Monitor Compliance </li></ul>Etc. <ul><li>Plan </li></ul><ul><li>Implement </li></ul><ul><li>Manage </li></ul><ul><li>Monitor Compliance </li></ul>IT Supply Governance Domains
  43. 43. Best Practices for Governance When Governance Isn’t Governed <ul><li>Use a stick: Threat of auditor, Sarbanes-Oxley, Basel II… </li></ul><ul><li>Use a club: How would CFO look at these actions? Do they insert more risk and lower ROI? Under FOIA (Freedom of Information Act), does this pass the newspaper test? </li></ul><ul><li>Use a carrot: Advertise the joint success of IT and SBU on a particular initiative and why it helped governance. </li></ul><ul><li>Use chocolate: Make the advertised success addictive, and this is what we are looking forward to later ... </li></ul><ul><li>Use secret sauce: CIOs can be slightly off-center (devious) by stating that service-level architecture or Web-based infrastructure requires greater transparency, much like FedEx allows customers to see where packages are and estimated times of arrival, which is why FedEx’s IT is bullet-proof. </li></ul>
  44. 44. More Symptoms of Good IT Governance <ul><li>Decisions Score </li></ul><ul><li>Clarity There is clarity about who makes strategic decisions about IT — </li></ul><ul><li>Investment IT investments are evaluated and approved using consistent criteria — </li></ul><ul><li>Approval </li></ul><ul><li>Project IT projects deliver results consistently in accord with the business case — </li></ul><ul><li>Implementation </li></ul><ul><li>Business Business executives clearly understand their roles in IT decisions — </li></ul><ul><li>Roles </li></ul><ul><li>Committee Appropriate committees are in place, with clearly documented roles — </li></ul><ul><li>Structures </li></ul><ul><li>Budgets The IT budget process is aligned with business and IT strategies — </li></ul><ul><li>Enterprise Architecture exceptions have a defined process for approval — </li></ul><ul><li>Architecture </li></ul><ul><li>Directions </li></ul><ul><li>Alignment There is clear alignment between business and IT strategies — </li></ul><ul><li>IT Strategy The IT strategy is clear to all affected stakeholders — </li></ul><ul><li>IT Principles There is a clear set of IT principles underlying decisions that are clear to all — </li></ul><ul><li>Risk IT risks are understood by all stakeholders and managed effectively — </li></ul><ul><li>Management </li></ul><ul><li>Business The business value of IT is tracked, understood and communicated — </li></ul><ul><li>Value </li></ul><ul><li>IT Metrics IT metrics highlight critical success factors for performance management — </li></ul><ul><li>Relationships </li></ul><ul><li>Corporate IT governance is clearly linked to corporate governance — </li></ul><ul><li>Governance </li></ul><ul><li>Trust There are strong and trusted relationships between business and IT </li></ul>
  45. 45. IT Governance Maturity Checklist <ul><li>World-class </li></ul><ul><ul><li>Life-cycle PfM </li></ul></ul><ul><ul><li>Business architecture </li></ul></ul><ul><ul><li>Market agility </li></ul></ul><ul><li>Advanced </li></ul><ul><ul><li>Enterprise PMO </li></ul></ul><ul><ul><li>Project PfM </li></ul></ul><ul><ul><li>Info architecture </li></ul></ul><ul><li>Good </li></ul><ul><ul><li>Project prioritization </li></ul></ul><ul><ul><li>Asset portfolio management (PfM) </li></ul></ul><ul><ul><li>Independent audit </li></ul></ul><ul><li>Basics </li></ul><ul><ul><li>Review boards </li></ul></ul><ul><ul><li>Regular audits </li></ul></ul><ul><ul><li>Universal controls </li></ul></ul><ul><ul><li>Standards </li></ul></ul>Do you plan, build, and run as one body? Business Perception of Its Dependency on IT Governance Effectiveness Efficiency Investment Cost Respect Transformation Credibility of IT Governance Trust

×