Maximizing Business Value Through Effective IT Governance


Published on

Holistic IT governance, aligned with corporate governance and designed to ensure successful IT implementation, yields strategic alignment, value delivery, risk management, resource management and performance management through the governance of architecture, projects and portfolios, application lifecycles, infrastructure and data, vendors and sourcing, service lifecycles and new age technology.

Published in: Business, Economy & Finance
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Maximizing Business Value Through Effective IT Governance

  1. 1. Maximizing Business Value ThroughEffective IT GovernanceImplementing a holistic IT governance model not only helps IT deliverbusiness value but also advances confidence with business.Executive SummaryBusiness is getting only more IT intensive, andIT is getting more complex. Some of the factorscontributing to this increased complexity include:expansion of business processes and modelsrequiring greater IT involvement, adoption ofemerging technologies such as the SMAC StackTM(social-mobile-analytics-cloud) to drive businessinnovation, coordination with multiple businessand technology partners across various geog-raphies and a greater focus on regulatory andaudit compliance to meet industry and corporatestandards.Maximizing value from IT investments has alwaysbeen an imperative for business. From ourexperience, more than 50% of today’s IT invest-ments are wasted or fail to deliver returns to thebusiness. With the increase in complexity, the costof IT failure has become all the more significant.For IT investments to deliver business value intoday’s complex landscape, IT must:• Be more tightly aligned with business objectivesthan ever before.• Carefully control risks, both strategic and oper-ational.• More effectively manage IT assets.• Continuously improve IT performance.Therefore, effective IT governance must be a topitem in the CIO agenda in order to maximize IT’scontribution to business value.Based on our experience with one of the largestU.S. insurers (see sidebar), the key benefits ofimplementing an IT governance model include:• Strategic alignment, resulting in increasedbusiness partner satisfaction in the order of15% to 20%.• Enhanced value delivery, driven by improvedproject prioritization, leading to reduction of ITbudget by 8% to 10%.• Improved performance and resource manage-ment, lowering the total cost of IT ownershipby 10% to 15%.• Better quality of IT output, resulting in areduction in IT control issues by 50%.Our experience of working with Fortune 1000clients suggests that CIOs need to focus on thefollowing five key imperatives while implementinga successful IT governance model (see Figure 1):1. Align IT governance with corporate governanceand business objectives.2. Define IT governance objectives1around strate-gic alignment, value delivery, risk management,resource management and performance man-agement.• Cognizant 20-20 Insightscognizant 20-20 insights | may 2013
  2. 2. 23. Establish holistic governance across disciplinesspanning the entire IT value chain: IT strategy,architecture, project and portfolio, applicationlifecycle, infrastructure and data, vendor andsourcing, service lifecycle and modern SMACtechnologies.4. Identify the appropriate IT governance controlpractices2to help achieve IT governanceobjectives.5. Establish continuous tracking, monitoring andimprovement of the IT governance model.Subsequently, this paper details the five keyimperatives for designing an IT governancemodel.Designing an IT Governance ModelThe five key imperatives that underscore aneffective IT governance model include:Align IT Governance with CorporateGovernance and Business ObjectivesCIOs should focus on this to improve transpar-ency for corporate management, and to ensurebusiness objectives are realized.For example, aligning IT risk management withcorporate risk management practices, and aligningIT security standards with corporate securitypolicies, drive consistency and compliance acrossthe organization. Similarly, IT governance alignedwith business objectives, such as achieving greaterreturn on investments and reducing businessrisks, helps deliver business benefits.Define IT Governance Objectives AroundStrategic Alignment, Value Delivery, RiskManagement, Resource Management andPerformance ManagementIT governance objectives should be defined alongthe following dimensions:• Strategic alignment: Align IT strategy withbusiness strategy, and ensure advancement ofbusiness priorities.• Value delivery: Maximize value of IT invest-ments.• Risk management: Identify and mitigate ITrisks in a timely manner.• Resource management: Ensure availability ofappropriate IT resources to meet current aswell as projected business demand.Figure 1Achieving Effective IT GovernanceCorporate GovernanceBusiness Strategies and ObjectivesIT Governance….12345Continuous ImprovementIT Governance DisciplinesIT Governance ObjectivesValue DeliveryIT Governance Control PracticesRisk andCompliance OfficeInformationSecurity OfficeStrategicAlignmentRiskManagementResourceManagementPerformanceManagementIT StrategyGovernanceArchitectureGovernanceProject andPortfolioGovernanceApplicationLifecycleGovernanceInfrastructure& DataGovernanceVendor andSourcingGovernanceServiceLifecycleGovernanceNew AgeTechnologyGovernanceGovernanceCommittee/BodyGovernanceInitiatives/MeetingsDocumentationControls/RepositoriesApprovals/Control ChecksAlign IT governance withcorporate governanceand business objectives.Define IT governance objectivesaround strategic alignment, valuedelivery, risk management,resource management andperformance management.Establish holistic governanceacross governance disci-plines spanning the entireIT value chain.Identify the appropriate ITgovernance control practices tohelp achieve the IT governanceobjective.Establish continuous tracking,monitoring and improvement ofthe IT governance model.ContinuousImprovementAlign StrategicallySet Directionecognizant 20-20 insights12
  3. 3. • Performance management: Monitor IT perfor-mance effectively.Inourexperience,theabove-mentionedobjectivesare relevant for all IT functions and disciplines.Establish Holistic Governance Across Disci-plines Spanning the Entire IT Value ChainThe IT governance model should focus on estab-lishing oversight and control across all key ITgovernance disciplines. Figure 2 illustrates thetypical benefits and impacts we have seen whenimplementing IT governance for clients acrossvarious industry sectors.Identify the Appropriate IT GovernanceControl Practices to Help AchieveIT Governance ObjectivesBased on our experience, in order to establishthe right level of governance, organizationsshould define measurable IT governance controlpractices aligned with the IT governance3cognizant 20-20 insightsNote: Indicated impacts are based on our experience with clients with a moderate level of organizational maturity.Figure 2Eight Disciplines for Effective IT GovernanceIT Governance Discipline Typical Benefits and Impacts1 IT Strategy Governance:Ensure alignment of IT investments withbusiness priorities, and tracking, monitoringand improvement of business-IT engage-ment.• Strategic Alignment: 10% to 15% improvement based on en-hanced perception of value from IT.• Value Delivery: Enhancement in overall value from IT throughbetter management of IT investments.2 Architecture Governance:Promote standardization in the applica-tion and technology portfolio and drivealignment of solution architecture to overalltechnology and reference architecture.• Performance Management and Resource Management: 15% to20% increase in level of architecture reuse.• Risk Management: 5% to 10% fewer risks through reuse of time-tested architectural components.3 Project & Portfolio Governance:Govern sequencing of the project portfolioto maximize operating efficiency, and en-able identification and mitigation of projectportfolio risks.• Strategic Alignment: 10% to 15% improvement based onenhanced value from the project portfolio.• Performance Management and Resource Management:»» 10% to 15% improvement in project quality through peer re-views, phase reviews and project review board governance.»» 15% to 20% improvement in on-budget delivery of projects.4 Application Lifecycle Governance:Control key facets of introduction, manage-ment and sunsetting of applications.• Performance Management and Resource Management: 10%to 15% cost avoidance through maintenance of an optimal ap-plication portfolio.5 Infrastructure and Data Governance:Optimize technology infrastructure costsand establish controls over organizationalinformation assets.• Performance Management and Resource Management: Reduc-tion in overall infrastructure costs and data/information securitycosts through improved controls.• Risk Management: 5% to 10% fewer risks through leverage ofstandardized infrastructure components.6 Vendor and Sourcing Governance:Ensure services provided by vendors deliveradequate business value, and reduce thebusiness risk associated with nonperformingvendors.• Performance Management: Improvement in quality of vendorservices through better measurement, tracking and driving upliftof vendor performance.• Resource Management: 20% to 25% reduction in averagevendor onboarding time and effort.• Risk Management: 10% to 20% reduction in vendor-relatedrisks.7 Service Lifecycle Governance:Minimize or eliminate unauthorized changesinto production environments, and maintainservice and operational levels that promotebusiness-IT alignment.• Performance Management: 20% to 35% reduction in numberof unauthorized changes in the production environment.8 New Age Technology Governance:Improve IT operating efficiency by adoptingnew age technologies, and minimize anyrisks associated with the same.• Performance Management and Resource Management: 20%to 25% improvement in operating efficiency post steady state.34
  4. 4. cognizant 20-20 insights 4objectives for each of the eight IT governancedisciplines (see Figure 3). They include:• Governance bodies/committees: Control bodyor committee to help mandate compliance withIT governance objectives (e.g., an architecturereview board).• Governance meetings and surveys: Formalmeetings/established surveys to monitor andtrack compliance with IT governance objectives(e.g., business satisfaction survey).• Documentation controls and repositories:Mandating documentation or storage in centralrepositories for establishing IT governancecontrols (e.g., a vendor information repository).• Approvals and control checks: Adequateapprovals and process checks to ensurecompliance with IT governance objectives (e.g.,UAT signoff before production implementation).Establish Continuous Tracking,Monitoring and Improvementof the IT Governance ModelIn order to derive maximum benefits from ITgovernance, organizations should treat it as anongoing priority (i.e., ensure continuous improve-Figure 3Illustrative IT Governance ModelITGovernanceDisciplineIT Governance ModelStrategicAlignmentValueDeliveryRiskManagementResourceManagementPerformanceManagementIT StrategyGovernancePeriodic businesspartner review.Investmentprioritizationcommittee.Formal businesscase for funding.Annual headcountplanning.Formal businesscase to measureproject success.ArchitectureGovernanceAnnual applicationportfolio planningand technologyroadmapdefinition.Promotearchitecturalcomponentreuse.ArchitectureReview Board(project-wisereview ofthe solutionarchitecture).Periodictechnologyroadmaprefresh leadingto applicationrationalization.Total cost ofownershipreporting.Project andPortfolioGovernanceProject changecontrol boardto review andapprove allchanges.Periodicportfoliosequencing.Independentproject riskreview.Weekly resourcechange controlmeetings.Periodic projectmetrics trackingand reporting.ApplicationLifecycleGovernanceBusinessrequirementsdocumentreviewed andsigned-off bycustomer.Lifecycletailoringcriteria forvarious workeffort types.Project ReviewBoard to approvephase exits.Project team tosupport operationsteam duringwarranty supportphase for allprojects.Peer reviewefficiencyreporting.Infrastructureand DataGovernanceAnnualinfrastructureplanning.Data qualitymanagementcenter ofexcellence.Periodic capacityand availabilityreporting.Capacity plans fedinto the annualbudget.Tool-basedinfrastructuremonitoring.Vendor andSourcingGovernanceAnnual site visitsfor strategicvendors.Semiannualvendorsatisfactionsurvey.Quarterlybusiness reviewwith strategicvendors.Contracted staffpolicies andprocedures.Semiannualvendorperformancereviews.ServiceLifecycleGovernanceServiceManagementOffice to trackand improve SLAadherence.Incidentresolutiontrendreporting.ChangeAdvisory Boardauthorizationof productionreleases.Periodic andplanned baselines/checkpointsestablished forconfigurationitems.Measure andreport customersatisfaction withservice desk.New AgeTechnologyGovernanceIndependent cloudrisk council.Tool-basedsocial mediapolicy.Mobility securityaudits.Application-centriccloud resourceaccounting.Big dataperformanceanalytics.GovernanceCommittee/BodyGovernanceMeeting/SurveyDocumentationControl/RepositoryApprovals/ControlChecks5
  5. 5. 5cognizant 20-20 insightsments in IT governance practices to adapt tochanging business and IT environments). Toensure success of the implemented IT governancemodel, organizations should focus on continuousplanning, monitoring and improvement of the ITgovernance model. In our experience, along withthe CIO and senior IT leadership team, the ITaudit and control team should drive continuousimprovements to IT governance models withappropriate participation from IT area owners.Looking AheadImplementing a successful IT governancemodel has never been easy. Typical challengesrange from facilitating organizational changemanagement for greater adoption, to developingprocesses and infrastructure to support thegovernance model.To realize benefits from implementing the ITgovernancemodel,theCIOandseniorITleadershipteam need to invest in instilling a deep-rooted ITgovernance culture through effective commu-nication, training sessions for continuous rein-forcement and appropriate incentives for bettercompliance. Additionally, CIOs should mandateIT functional owners to include IT governanceas an integral element of their processes, andleverage governance controls in decision-making.Organizations also need to continuously invest inimproving the IT governance model in response toever-changing business and IT needs.Quick TakeImplementing Effective IT Governance for a Leading U.S. InsurerChallengeThe IT group of one of the largest U.S.-basedinsurers was faced with several governanceissues such as suboptimal technology planning,inadequate return on IT investment, increase inthe external audit issues, etc. The new CIO wantedto establish an effective IT governance modelto alleviate the aforementioned IT risks/issues.Toward this objective, the CIO, along with thecorporate team, engaged our business consultingteam to leverage our expertise in setting up aneffective IT governance model.ModelOur business consulting team engaged with theclient’s business and IT stakeholders to recom-mend an optimal IT governance model. It included:• An IT governance framework that addressedvarious IT governance disciplines mentionedabove.>> Governance practices which called for adedicated business relationship manage-ment (BRM) function to conduct businesspartner reviews.>> A three-year technology roadmap to alignIT capabilities with business priorities.>> A project prioritization committee to helpprioritize IT investments.>> An architecture review board to provide ar-chitecture guidance.>> A project review board to govern projectphase exits.>> A service management office to track andimprove SLA adherence.>> An IT audit and control team to lead theimplementation of IT governance practicesand also drive continuous improvement.BenefitsThe benefits achieved by implementing a best-in-class IT governance model included:• Strategic alignment: Roughly a 15% to 20%increase in business partner satisfaction.• Value delivery: Approximately 8% to 10%decrease in the IT budget through effectiveproject prioritization, thereby increasing theoverall value of IT investments.• Performance management and resourcemanagement: About a 10% to 15% reductionin total cost of ownership through effectivetechnology planning.• Risk management: A 50% year-on-yearreduction in IT control issues.
  6. 6. About CognizantCognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process out-sourcing services, dedicated to helping the world’s leading companies build stronger businesses. Headquartered inTeaneck, New Jersey (U.S.), Cognizant combines a passion for client satisfaction, technology innovation, deep industryand business process expertise, and a global, collaborative workforce that embodies the future of work. With over 50delivery centers worldwide and approximately 156,700 employees as of December 31, 2012, Cognizant is a member ofthe NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500 and is ranked among the top performingand fastest growing companies in the world. Visit us online at or follow us on Twitter: Cognizant.World Headquarters500 Frank W. Burr Blvd.Teaneck, NJ 07666 USAPhone: +1 201 801 0233Fax: +1 201 801 0243Toll Free: +1 888 937 3277Email: inquiry@cognizant.comEuropean Headquarters1 Kingdom StreetPaddington CentralLondon W2 6BDPhone: +44 (0) 20 7297 7600Fax: +44 (0) 20 7121 0102Email: infouk@cognizant.comIndia Operations Headquarters#5/535, Old Mahabalipuram RoadOkkiyam Pettai, ThoraipakkamChennai, 600 096 IndiaPhone: +91 (0) 44 4209 6000Fax: +91 (0) 44 4209 6060Email:­­© Copyright 2013, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by anymeans, electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein issubject to change without notice. All other trademarks mentioned herein are the property of their respective owners.Footnotes1 IT governance objectives are the stated governance purposes to be achieved for an IT process.2 IT governance control practices are the actionable activities to achieve an IT governance objective.Reference• the AuthorsPhilippe Dintrans is the Vice President and Practice Leader of Cognizant Business Consulting’s StrategicServices Group for North America. He has led numerous consulting engagements on business transfor-mation, IT transformation and change management for marquee clients at Cognizant. Philippe holds amaster of science degree in engineering from the Massachusetts Institute of Technology (MIT) and anM.B.A. from INSEAD. He can be reached at Anand is a Director with Cognizant Business Consulting’s Strategic Services Practice. He has 12-plusyears of experience in leading and managing large IT transformation and governance implementationinitiatives for various clients. Amit holds a bachelor’s degree from IIT Delhi and an M.B.A. from the IndianSchool of Business, Hyderabad. He can be reached at Ponnuveetil is an Engagement Manager with Cognizant Business Consulting’s StrategicServices Practice. He has nine years of experience in leading IT performance and process improvementinitiatives, IT governance framework definition and implementation and change management. Madhuholds an M.B.A. from Asian Institute of Management, Philippines, and a bachelor’s degree in engineeringfrom MSRIT, India. He can be reached at Vijayakrishnan is a Senior Consultant with Cognizant Business Consulting’s Strategic ServicesPractice, with seven years of industry experience. His specific areas of expertise include IT performanceand process improvements, IT organization and operating model redesign and IT strategy development.Jayadevan holds a bachelor’s degree in computer science engineering and an M.B.A. from the IndianInstitute of Management, Bangalore. He can be reached at