Holistic IT governance, aligned with corporate governance and designed to ensure successful IT implementation, yields strategic alignment, value delivery, risk management, resource management and performance management through the governance of architecture, projects and portfolios, application lifecycles, infrastructure and data, vendors and sourcing, service lifecycles and new age technology.
Maximizing Business Value Through Effective IT Governance
1. Maximizing Business Value Through
Effective IT Governance
Implementing a holistic IT governance model not only helps IT deliver
business value but also advances confidence with business.
Executive Summary
Business is getting only more IT intensive, and
IT is getting more complex. Some of the factors
contributing to this increased complexity include:
expansion of business processes and models
requiring greater IT involvement, adoption of
emerging technologies such as the SMAC StackTM
(social-mobile-analytics-cloud) to drive business
innovation, coordination with multiple business
and technology partners across various geog-
raphies and a greater focus on regulatory and
audit compliance to meet industry and corporate
standards.
Maximizing value from IT investments has always
been an imperative for business. From our
experience, more than 50% of today’s IT invest-
ments are wasted or fail to deliver returns to the
business. With the increase in complexity, the cost
of IT failure has become all the more significant.
For IT investments to deliver business value in
today’s complex landscape, IT must:
• Be more tightly aligned with business objectives
than ever before.
• Carefully control risks, both strategic and oper-
ational.
• More effectively manage IT assets.
• Continuously improve IT performance.
Therefore, effective IT governance must be a top
item in the CIO agenda in order to maximize IT’s
contribution to business value.
Based on our experience with one of the largest
U.S. insurers (see sidebar), the key benefits of
implementing an IT governance model include:
• Strategic alignment, resulting in increased
business partner satisfaction in the order of
15% to 20%.
• Enhanced value delivery, driven by improved
project prioritization, leading to reduction of IT
budget by 8% to 10%.
• Improved performance and resource manage-
ment, lowering the total cost of IT ownership
by 10% to 15%.
• Better quality of IT output, resulting in a
reduction in IT control issues by 50%.
Our experience of working with Fortune 1000
clients suggests that CIOs need to focus on the
following five key imperatives while implementing
a successful IT governance model (see Figure 1):
1. Align IT governance with corporate governance
and business objectives.
2. Define IT governance objectives1
around strate-
gic alignment, value delivery, risk management,
resource management and performance man-
agement.
• Cognizant 20-20 Insights
cognizant 20-20 insights | may 2013
2. 2
3. Establish holistic governance across disciplines
spanning the entire IT value chain: IT strategy,
architecture, project and portfolio, application
lifecycle, infrastructure and data, vendor and
sourcing, service lifecycle and modern SMAC
technologies.
4. Identify the appropriate IT governance control
practices2
to help achieve IT governance
objectives.
5. Establish continuous tracking, monitoring and
improvement of the IT governance model.
Subsequently, this paper details the five key
imperatives for designing an IT governance
model.
Designing an IT Governance Model
The five key imperatives that underscore an
effective IT governance model include:
Align IT Governance with Corporate
Governance and Business Objectives
CIOs should focus on this to improve transpar-
ency for corporate management, and to ensure
business objectives are realized.
For example, aligning IT risk management with
corporate risk management practices, and aligning
IT security standards with corporate security
policies, drive consistency and compliance across
the organization. Similarly, IT governance aligned
with business objectives, such as achieving greater
return on investments and reducing business
risks, helps deliver business benefits.
Define IT Governance Objectives Around
Strategic Alignment, Value Delivery, Risk
Management, Resource Management and
Performance Management
IT governance objectives should be defined along
the following dimensions:
• Strategic alignment: Align IT strategy with
business strategy, and ensure advancement of
business priorities.
• Value delivery: Maximize value of IT invest-
ments.
• Risk management: Identify and mitigate IT
risks in a timely manner.
• Resource management: Ensure availability of
appropriate IT resources to meet current as
well as projected business demand.
Figure 1
Achieving Effective IT Governance
Corporate Governance
Business Strategies and Objectives
IT Governance
….
1
2
3
4
5
Continuous Improvement
IT Governance Disciplines
IT Governance Objectives
Value Delivery
IT Governance Control Practices
Risk and
Compliance Office
Information
Security Office
Strategic
Alignment
Risk
Management
Resource
Management
Performance
Management
IT Strategy
Governance
Architecture
Governance
Project and
Portfolio
Governance
Application
Lifecycle
Governance
Infrastructure
& Data
Governance
Vendor and
Sourcing
Governance
Service
Lifecycle
Governance
New Age
Technology
Governance
Governance
Committee/Body
Governance
Initiatives/
Meetings
Documentation
Controls/
Repositories
Approvals/
Control Checks
Align IT governance with
corporate governance
and business objectives.
Define IT governance objectives
around strategic alignment, value
delivery, risk management,
resource management and
performance management.
Establish holistic governance
across governance disci-
plines spanning the entire
IT value chain.
Identify the appropriate IT
governance control practices to
help achieve the IT governance
objective.
Establish continuous tracking,
monitoring and improvement of
the IT governance model.
ContinuousImprovement
Align StrategicallySet Direction
e
cognizant 20-20 insights
1
2
3. • Performance management: Monitor IT perfor-
mance effectively.
Inourexperience,theabove-mentionedobjectives
are relevant for all IT functions and disciplines.
Establish Holistic Governance Across Disci-
plines Spanning the Entire IT Value Chain
The IT governance model should focus on estab-
lishing oversight and control across all key IT
governance disciplines. Figure 2 illustrates the
typical benefits and impacts we have seen when
implementing IT governance for clients across
various industry sectors.
Identify the Appropriate IT Governance
Control Practices to Help Achieve
IT Governance Objectives
Based on our experience, in order to establish
the right level of governance, organizations
should define measurable IT governance control
practices aligned with the IT governance
3cognizant 20-20 insights
Note: Indicated impacts are based on our experience with clients with a moderate level of organizational maturity.
Figure 2
Eight Disciplines for Effective IT Governance
IT Governance Discipline Typical Benefits and Impacts
1 IT Strategy Governance:
Ensure alignment of IT investments with
business priorities, and tracking, monitoring
and improvement of business-IT engage-
ment.
• Strategic Alignment: 10% to 15% improvement based on en-
hanced perception of value from IT.
• Value Delivery: Enhancement in overall value from IT through
better management of IT investments.
2 Architecture Governance:
Promote standardization in the applica-
tion and technology portfolio and drive
alignment of solution architecture to overall
technology and reference architecture.
• Performance Management and Resource Management: 15% to
20% increase in level of architecture reuse.
• Risk Management: 5% to 10% fewer risks through reuse of time-
tested architectural components.
3 Project & Portfolio Governance:
Govern sequencing of the project portfolio
to maximize operating efficiency, and en-
able identification and mitigation of project
portfolio risks.
• Strategic Alignment: 10% to 15% improvement based on
enhanced value from the project portfolio.
• Performance Management and Resource Management:
»» 10% to 15% improvement in project quality through peer re-
views, phase reviews and project review board governance.
»» 15% to 20% improvement in on-budget delivery of projects.
4 Application Lifecycle Governance:
Control key facets of introduction, manage-
ment and sunsetting of applications.
• Performance Management and Resource Management: 10%
to 15% cost avoidance through maintenance of an optimal ap-
plication portfolio.
5 Infrastructure and Data Governance:
Optimize technology infrastructure costs
and establish controls over organizational
information assets.
• Performance Management and Resource Management: Reduc-
tion in overall infrastructure costs and data/information security
costs through improved controls.
• Risk Management: 5% to 10% fewer risks through leverage of
standardized infrastructure components.
6 Vendor and Sourcing Governance:
Ensure services provided by vendors deliver
adequate business value, and reduce the
business risk associated with nonperforming
vendors.
• Performance Management: Improvement in quality of vendor
services through better measurement, tracking and driving uplift
of vendor performance.
• Resource Management: 20% to 25% reduction in average
vendor onboarding time and effort.
• Risk Management: 10% to 20% reduction in vendor-related
risks.
7 Service Lifecycle Governance:
Minimize or eliminate unauthorized changes
into production environments, and maintain
service and operational levels that promote
business-IT alignment.
• Performance Management: 20% to 35% reduction in number
of unauthorized changes in the production environment.
8 New Age Technology Governance:
Improve IT operating efficiency by adopting
new age technologies, and minimize any
risks associated with the same.
• Performance Management and Resource Management: 20%
to 25% improvement in operating efficiency post steady state.
3
4
4. cognizant 20-20 insights 4
objectives for each of the eight IT governance
disciplines (see Figure 3). They include:
• Governance bodies/committees: Control body
or committee to help mandate compliance with
IT governance objectives (e.g., an architecture
review board).
• Governance meetings and surveys: Formal
meetings/established surveys to monitor and
track compliance with IT governance objectives
(e.g., business satisfaction survey).
• Documentation controls and repositories:
Mandating documentation or storage in central
repositories for establishing IT governance
controls (e.g., a vendor information repository).
• Approvals and control checks: Adequate
approvals and process checks to ensure
compliance with IT governance objectives (e.g.,
UAT signoff before production implementation).
Establish Continuous Tracking,
Monitoring and Improvement
of the IT Governance Model
In order to derive maximum benefits from IT
governance, organizations should treat it as an
ongoing priority (i.e., ensure continuous improve-
Figure 3
Illustrative IT Governance Model
IT
Governance
Discipline
IT Governance Model
Strategic
Alignment
Value
Delivery
Risk
Management
Resource
Management
Performance
Management
IT Strategy
Governance
Periodic business
partner review.
Investment
prioritization
committee.
Formal business
case for funding.
Annual headcount
planning.
Formal business
case to measure
project success.
Architecture
Governance
Annual application
portfolio planning
and technology
roadmap
definition.
Promote
architectural
component
reuse.
Architecture
Review Board
(project-wise
review of
the solution
architecture).
Periodic
technology
roadmap
refresh leading
to application
rationalization.
Total cost of
ownership
reporting.
Project and
Portfolio
Governance
Project change
control board
to review and
approve all
changes.
Periodic
portfolio
sequencing.
Independent
project risk
review.
Weekly resource
change control
meetings.
Periodic project
metrics tracking
and reporting.
Application
Lifecycle
Governance
Business
requirements
document
reviewed and
signed-off by
customer.
Lifecycle
tailoring
criteria for
various work
effort types.
Project Review
Board to approve
phase exits.
Project team to
support operations
team during
warranty support
phase for all
projects.
Peer review
efficiency
reporting.
Infrastructure
and Data
Governance
Annual
infrastructure
planning.
Data quality
management
center of
excellence.
Periodic capacity
and availability
reporting.
Capacity plans fed
into the annual
budget.
Tool-based
infrastructure
monitoring.
Vendor and
Sourcing
Governance
Annual site visits
for strategic
vendors.
Semiannual
vendor
satisfaction
survey.
Quarterly
business review
with strategic
vendors.
Contracted staff
policies and
procedures.
Semiannual
vendor
performance
reviews.
Service
Lifecycle
Governance
Service
Management
Office to track
and improve SLA
adherence.
Incident
resolution
trend
reporting.
Change
Advisory Board
authorization
of production
releases.
Periodic and
planned baselines/
checkpoints
established for
configuration
items.
Measure and
report customer
satisfaction with
service desk.
New Age
Technology
Governance
Independent cloud
risk council.
Tool-based
social media
policy.
Mobility security
audits.
Application-centric
cloud resource
accounting.
Big data
performance
analytics.
Governance
Committee/Body
Governance
Meeting/Survey
Documentation
Control/Repository
Approvals/Control
Checks
5
5. 5cognizant 20-20 insights
ments in IT governance practices to adapt to
changing business and IT environments). To
ensure success of the implemented IT governance
model, organizations should focus on continuous
planning, monitoring and improvement of the IT
governance model. In our experience, along with
the CIO and senior IT leadership team, the IT
audit and control team should drive continuous
improvements to IT governance models with
appropriate participation from IT area owners.
Looking Ahead
Implementing a successful IT governance
model has never been easy. Typical challenges
range from facilitating organizational change
management for greater adoption, to developing
processes and infrastructure to support the
governance model.
To realize benefits from implementing the IT
governancemodel,theCIOandseniorITleadership
team need to invest in instilling a deep-rooted IT
governance culture through effective commu-
nication, training sessions for continuous rein-
forcement and appropriate incentives for better
compliance. Additionally, CIOs should mandate
IT functional owners to include IT governance
as an integral element of their processes, and
leverage governance controls in decision-making.
Organizations also need to continuously invest in
improving the IT governance model in response to
ever-changing business and IT needs.
Quick Take
Implementing Effective IT Governance for a Leading U.S. Insurer
Challenge
The IT group of one of the largest U.S.-based
insurers was faced with several governance
issues such as suboptimal technology planning,
inadequate return on IT investment, increase in
the external audit issues, etc. The new CIO wanted
to establish an effective IT governance model
to alleviate the aforementioned IT risks/issues.
Toward this objective, the CIO, along with the
corporate team, engaged our business consulting
team to leverage our expertise in setting up an
effective IT governance model.
Model
Our business consulting team engaged with the
client’s business and IT stakeholders to recom-
mend an optimal IT governance model. It included:
• An IT governance framework that addressed
various IT governance disciplines mentioned
above.
>> Governance practices which called for a
dedicated business relationship manage-
ment (BRM) function to conduct business
partner reviews.
>> A three-year technology roadmap to align
IT capabilities with business priorities.
>> A project prioritization committee to help
prioritize IT investments.
>> An architecture review board to provide ar-
chitecture guidance.
>> A project review board to govern project
phase exits.
>> A service management office to track and
improve SLA adherence.
>> An IT audit and control team to lead the
implementation of IT governance practices
and also drive continuous improvement.
Benefits
The benefits achieved by implementing a best-in-
class IT governance model included:
• Strategic alignment: Roughly a 15% to 20%
increase in business partner satisfaction.
• Value delivery: Approximately 8% to 10%
decrease in the IT budget through effective
project prioritization, thereby increasing the
overall value of IT investments.
• Performance management and resource
management: About a 10% to 15% reduction
in total cost of ownership through effective
technology planning.
• Risk management: A 50% year-on-year
reduction in IT control issues.