It governance 13 may20102


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

It governance 13 may20102

  1. 1. “ IT Governance” OC CIO Council 5/13/2010 Presented by: Carmella Cassetta
  2. 2. What is IT Governance? <ul><li>“ IT governance and associated issues have been reported as a top 10 CIO management problem area in the Gartner EXP annual CIO survey for at least the past five years” </li></ul><ul><li>Gartner 29 March 2010 ID:G00175053 </li></ul>
  3. 3. What is IT Governance? <ul><li>There are narrower and broader definitions of IT governance. </li></ul><ul><li>Weill and Ross focus on &quot; Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT. </li></ul><ul><ul><li>IT Governance, P. Weill & J. Ross, Harvard Press </li></ul></ul><ul><li>The IT Governance Institute expands the definition to include foundational mechanisms: &quot; … the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives. &quot; </li></ul><ul><ul><li>Wikipedia </li></ul></ul>
  4. 4. What is IT Governance? <ul><li>Gartner defines &quot;IT governance&quot; as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. </li></ul><ul><li>In one Gartner model, ITG addresses two main sets of issues: </li></ul><ul><ul><li>Demand governance is primarily a business management responsibility but one in which the CIO plays a major role as a business executive. </li></ul></ul><ul><ul><ul><li>What should IT work on? </li></ul></ul></ul><ul><ul><ul><li>Where should the organization's IT resources be invested to produce the greatest return? </li></ul></ul></ul><ul><ul><ul><li>How do we ensure that these returns are actually achieved? </li></ul></ul></ul><ul><ul><li>Supply governance is primarily a CIO responsibility. </li></ul></ul><ul><ul><ul><li>How should IT do what it does? </li></ul></ul></ul><ul><ul><ul><li>What are the constraints, policies, rules and standards that IT must comply with in delivering what the business needs? </li></ul></ul></ul><ul><li>Gartner 29 March 2010 ID:G00175053 </li></ul>
  5. 5. What is IT Governance? <ul><li>Weill and Ross further elaborate that an effective IT Governance model must address three basic questions: </li></ul><ul><li>What decisions must be made to ensure effective management and use of IT? </li></ul><ul><li>Who should make those decisions? </li></ul><ul><li>How will those decisions be made and monitored? </li></ul><ul><ul><li>IT Governance, P. Weill & J. Ross, Harvard Press </li></ul></ul>
  6. 6. <ul><li>Typically, includes: </li></ul><ul><li>IT Investment strategy </li></ul><ul><ul><li>Capability matrix </li></ul></ul><ul><ul><li>Investment targets </li></ul></ul><ul><li>Processes to foster business & IT alignment and ensure allocation of resources to priorities </li></ul><ul><ul><ul><li>Project intake and approval process </li></ul></ul></ul><ul><ul><ul><li>Priority management (Steering Committees) </li></ul></ul></ul><ul><ul><ul><li>Enterprise portfolio management </li></ul></ul></ul><ul><ul><ul><li>Engagement model </li></ul></ul></ul><ul><ul><ul><li>Application Portfolio Management (What do we own? What do we use? ) </li></ul></ul></ul><ul><li>Architectural principals & Technology Roadmap </li></ul><ul><ul><li>Business Application needs </li></ul></ul><ul><li>Processes and Controls </li></ul><ul><ul><li>Change Management, Project Management, SDLC, Resource management </li></ul></ul><ul><li>Oversight </li></ul><ul><ul><li>Benchmarks and Metrics/KPI’s & Reporting </li></ul></ul><ul><ul><li>Steering Committees </li></ul></ul>
  7. 7. Key IT Governance Decisions M.I.T. SLOAN CENTER FOR INFORMATION SYSTEMS RESEARCH IT Principles Decisions High-level statements about how IT is used in the business IT architecture decisions IT infrastructure decisions IT investment and prioritization Organizing logic for data, applications, and infrastructure captured in a set of policies, relationships, and technical choices to achieve desired business and technical standardization and integration Centrally coordinated, shared IT services that provide the foundation for the enterprise's IT capability Decisions about how much and where to invest in IT, including project approvals and justification techniques Business applications needs Specifying the business need for purchased or internally developed IT applications
  8. 8. Theoretical Process Framework for Building Strategic Business Alignment Vision Strategic Elements Business Process Architecture Application & Information Architecture Technology, Infrastructure & Organization Architecture Key Capabilities Operationalizing the Business Strategy IT Strategy Including Mission And Vision What we aspire to What will enable us to achieve the vision What is required to achieve strategies How work gets done What IT must provide How IT delivers Business Strategy
  9. 9. Governance – Iterative Process IT Initiative Request Approved Prioritized Initiative Initiative Portfolio Strategic Business Objectives Governance Application Portfolio IT Initiative Resource Schedule Scope Risk Key Business Capability Model
  10. 10. Source: Gartner 29 March 2010 ID:G00175053
  11. 11. Governance Arrangements Matrix M.I.T. SLOAN CENTER FOR INFORMATION SYSTEMS RESEARCH
  12. 12. Often starts with investment guidelines and capability assessment… <ul><li>Enterprise Portfolio Management goes beyond cataloging and prioritizing projects with alignment to strategic business goals. </li></ul><ul><li>Successful EPM includes the integration of enterprise architecture (assumes multi-layer views of business/process, applications, technology, data), resource planning, investment decisions, performance and execution management across the enterprise. </li></ul>
  13. 13. Key Capability Requirements Determine Our Business Capability Requirements to Achieve Our Corporate Strategy. We can’t optimize every function. This helps define our investment strategy. EXAMPLE
  14. 14. EPM FRAMEWORKS <ul><li>Asset Class Portfolio (MIT or Weill Model) . Under Peter Weill’s portfolio model, investments are placed in four categories with the percent of IT expenditures distributed across each class. </li></ul><ul><ul><li>Infrastructure . Investments that provide a shared and standardized base of capability for the enterprise and lead to greater business flexibility and integration. Infrastructure investments are moderately risky because of their technologies' long life-spans and technical uncertainty. </li></ul></ul><ul><ul><li>Transactional. IT initiatives that process and automate the basic transactions of a company. They are intended to reduce costs and boost productivity and boast an average internal rate of return of 25 percent to 40 percent. These investments have the least risk of the four classes. </li></ul></ul><ul><ul><li>Informational. Systems that provide information for managing a company. Payoff comes from shorter time-to-market, superior quality and the ability to set premium prices. They are moderately risky because companies often have difficulty acting on information to generate business value. </li></ul></ul><ul><ul><li>Strategic . These investments, almost always external-facing systems pay off in sales growth, competitive advantage and stronger market positioning. But they are the riskiest of the classes: 10 percent will produce spectacular results, but 50 percent will fail to break even. </li></ul></ul><ul><li>Investment proportions may differ based on cost-control, agility, or balanced. </li></ul><ul><li>M.I.T. SLOAN CENTER FOR INFORMATION SYSTEMS RESEARCH </li></ul>
  15. 15.
  16. 16. … And expands to include engagement & supporting processes
  17. 17. <ul><li>All IT investments will be managed by the IT organization </li></ul><ul><li>Projects are defined as >160 resource hours or >$10,000 capital </li></ul><ul><li>Small Enhancements are defined as <160 resource hours or <$10,000 capital </li></ul><ul><li>IT investment is defined as procurement of any IT hardware, software, consulting or service excluding standard, budgeted pc or server purchases completed by the Purchasing Dept. </li></ul><ul><li>IT Steering Committee (ITSC) will govern the approval of IT investments & projects >$75,000. </li></ul><ul><ul><li>The committee consists of CEO, CFO, COO, CIO & EVP Ops </li></ul></ul><ul><ul><li>The IT Steering Committee will evaluate for: </li></ul></ul><ul><ul><ul><li>Applicability across divisions, consistency with strategic initiatives, ROI, projects value, timing and cost </li></ul></ul></ul><ul><li>Projects $10,001-75,000 can be approved by the CFO, CIO and department head. </li></ul><ul><li>Small enhancements (SE’s) </li></ul><ul><ul><li>Business SE’s are approved by business steering committees </li></ul></ul><ul><ul><li>IT SE’s are approved by the CIO </li></ul></ul><ul><li>Scoping: Projects can be scopes (estimated) without prior approval from the ITSC but must be approved by the local steering committees </li></ul><ul><li>The preferred solution options will be off the shelf, vendor supported packages with minimal customization </li></ul>Technology Investment Governance Model
  18. 18. 1 2 3 5 6 4 7 The Business submits an ITER to IT with VP approval IT Project Lead accesses ITER as Project or Small Enhancement Steering Committee reviews, approves, prioritizes ITER ITER is approved as a Small Enhancement (SE) SE is prioritized and moved In Stream ITER is approved as a Project for Scoping Project is scoped and a *ROM is created Project is re-scoped as a Small Enhancement (SE) and 2 nd page of ITER is completed EXAMPLE: IT Project Intake and Approval Flow “Phase 0” See p. 4 ITER is put into the Pipeline >160 hrs <160 hrs <160 hrs
  19. 19. 8 9 10 11a 12 11b 14 13 ROM is approved by CIO and Business VP A *CER is created If project is capitalizable or requires external consulting, new hardware, and/or new software > $50K < $50K Business Steering Committee ITSC Approved projects are prioritized and moved In Stream Project is Active From p. 3 IT Project Intake and Approval Flow “Phase 0”
  20. 20. EXAMPLE: IT Project Process Flow | 5 working days | | 5 working days | project plan | 5 working days | 5 working days The determination is made whether or not North America wants to a) engage IT and b) invest its limited capital on this proposed project The business secures conditional approval to move forward The project receives final approval or is re-evaluated
  21. 21. 0. Scoping 1 . Elaboration 2. Architect & Design 3. Construct 4. Test 5. Deploy 6. Verify <ul><li>Align project request with CCi Strategic Objectives </li></ul><ul><li>Provide clear vision for project goals & objectives </li></ul><ul><li>Obtains VP or above approval on ITER </li></ul><ul><li>Submit ITER to appropriate IT staff </li></ul><ul><li>Attend Steering Committee to represent project, as required </li></ul><ul><li>Open Work Order in Altiris with ITER attached </li></ul><ul><li>Add project to Leader Board with a Requested status </li></ul><ul><li>Complete high level estimate </li></ul><ul><li>Present ITER at Steering Committee for prioritization (present to ITSC if > $25K) </li></ul><ul><li>Update Leader Board status to Approved, Pending Recourses, or Scoping based on Steering Committee </li></ul><ul><li>Generate a ROM & CER (if required) for all approved projects </li></ul><ul><li>Develop initial RAID </li></ul><ul><li>Develop Project Charter with Business Owner </li></ul><ul><li>Phase Gate Approval </li></ul><ul><li>Publish artifacts to the project folder on SharePoint </li></ul><ul><li>Verify appropriate levels of planning & controls are applied </li></ul><ul><li>Participate in Project Kickoff </li></ul><ul><li>Ensure project resources are allocated & engaged </li></ul><ul><li>Facilitate approval of Project Charter </li></ul><ul><li>Develop Resource Plan </li></ul><ul><li>Present project at the next IT Resource Planning Meeting </li></ul><ul><li>Plan & facilitate Project Kickoff </li></ul><ul><li>Facilitate approval of Project Charter </li></ul><ul><li>Conduct Project Kickoff </li></ul><ul><li>Generate Business Requirements Document </li></ul><ul><li>Generate Project Schedule </li></ul><ul><li>Establish budget </li></ul><ul><li>Develop Risk Management Plan </li></ul><ul><li>Create Roles & Responsibilities Matrix </li></ul><ul><li>Phase Gate Approval </li></ul><ul><li>Update RAID </li></ul><ul><li>Update Leader Board & SharePoint </li></ul><ul><li>Participate as necessary to ensure work is produced & performed well </li></ul><ul><li>Provide resources for test planning and the development of training materials </li></ul><ul><li>Act as escalation point for issues </li></ul><ul><li>Set priorities </li></ul><ul><li>Evaluate technical solutions </li></ul><ul><li>Create technical blueprint </li></ul><ul><li>Perform Technical Walkthroughs </li></ul><ul><li>Generate Technical Design Specification </li></ul><ul><li>Generate Test Plan </li></ul><ul><li>Generate training plan </li></ul><ul><li>Phase Gate Approval </li></ul><ul><li>Update RAID </li></ul><ul><li>Update Leader Board & SharePoint </li></ul><ul><li>Verify project objectives & deliverables are met </li></ul><ul><li>Ensure smooth transition to Operations </li></ul><ul><li>Participate in Project Closure Activities </li></ul><ul><li>Provide support for 30 day warranty period </li></ul><ul><li>Solicit formal Project Acceptance from Business Owner </li></ul><ul><li>Document Lessons Learned </li></ul><ul><li>Conduct Project Evaluation </li></ul><ul><li>Ensure smooth transition to operations </li></ul><ul><li>Complete project recognitions </li></ul><ul><li>Complete Phase Gate Approval </li></ul><ul><li>Archive all relevant project artifacts on SharePoint </li></ul><ul><li>Close project in Leader Board </li></ul><ul><li>Develop, upgrade, and/or install product </li></ul><ul><li>Conduct code reviews </li></ul><ul><li>Unit test code </li></ul><ul><li>Create system documentation </li></ul><ul><li>Continue development of Test Plan </li></ul><ul><li>Continue development of training plan </li></ul><ul><li>Phase Gate Approval </li></ul><ul><li>Update RAID </li></ul><ul><li>Update Leader Board & SharePoint </li></ul><ul><li>Provide resources for User Acceptance Testing (UAT) </li></ul><ul><li>Act as escalation point for issues </li></ul><ul><li>Set priorities </li></ul><ul><li>Execute Test Plan </li></ul><ul><li>Track and remediate issues found during test </li></ul><ul><li>Obtain user approval for UAT </li></ul><ul><li>Prepare environments for deployment </li></ul><ul><li>Generate Support Plan </li></ul><ul><li>Phase Gate Approval </li></ul><ul><li>Update RAID </li></ul><ul><li>Update Leader Board & SharePoint </li></ul><ul><li>Execute Training Plan </li></ul><ul><li>Place system into production </li></ul><ul><li>Provide user support </li></ul><ul><li>Phase Gate Approval </li></ul><ul><li>Update RAID </li></ul><ul><li>Update Leader Board & SharePoint </li></ul><ul><li>Ensure resources are available to receive training </li></ul><ul><li>Provide the resources necessary to </li></ul><ul><li>Act as escalation point for issues </li></ul><ul><li>Set priorities </li></ul>Business Owner Project Team Project Management Framework and SDLC COMPASS Elaborate Architect Construct Deploy Verify Scope Test Communication Change Management
  22. 22. Change Management Process Flow 1. The Business or IT initiates a project that requires a change to a CCi production environment 2. IT associate creates an online Production Migration Request 3. Testing is completed and approval signature is entered on the Production Migration Request form 4. The Business Owner (director or above) enters approval signature on the Production Migration Request form 8. IT Associate ensure migration is complete and updates status both on SharePoint and the Production Migration Request form 5. The IT Owner (director or above) enters approval signature on the Production Migration Request form Approved 6. IT associate ensures form is complete and all signatures are in place by 12pm PDT on Monday 7. The CCB reviews each migration request for approval
  23. 23. <ul><li>… and ARCHITECTURAL PRINCIPALS </li></ul><ul><ul><ul><li>How we build our systems </li></ul></ul></ul>
  24. 24. <ul><li>We will provide an efficient and effective IT platform that supports and enables the objectives of the business, at the best possible cost . </li></ul><ul><li>Total Cost of Ownership (TCO) Perspective. </li></ul><ul><ul><li>Cost matters </li></ul></ul><ul><ul><li>Right sized solutions at an appropriate cost level </li></ul></ul><ul><ul><li>Tiered solution options (low, med, high) </li></ul></ul><ul><li>Our approach </li></ul><ul><ul><li>Build, buy, assemble and/or provision (SaaS/ASP): </li></ul></ul><ul><ul><ul><li>Conduct analysis for all new applications, infrastructure or services. </li></ul></ul></ul><ul><ul><ul><li>Approach selected is based on a build/buy/provisions selection matrix </li></ul></ul></ul><ul><ul><li>Reuse or extend what we have first (technologies, infrastructure & applications) </li></ul></ul><ul><ul><li>Design for simplicity </li></ul></ul><ul><ul><li>Adoption of package solutions with strict limits on acceptable customization. Products will be off the shelf, vendor supported packages with minimal customization </li></ul></ul><ul><li>Our solutions will: </li></ul><ul><ul><li>Incorporate appropriate security </li></ul></ul><ul><ul><li>Adhere to published technology standards </li></ul></ul><ul><ul><li>Include proactive monitoring & management </li></ul></ul><ul><ul><li>Embrace open standards and non proprietary approaches/solutions </li></ul></ul><ul><ul><li>Incorporate appropriate levels of scalability & redundancy </li></ul></ul><ul><li>All inbound and outbound data exchanges will be via the IT Partner Gateway </li></ul><ul><li>Solutions must address both the US and Canada. </li></ul>Guiding IT Architectural Principals
  25. 25. Guiding IT Architectural Principals Build Buy SaaS Hybrid <ul><li>Core competency of the company </li></ul><ul><li>Solution/functionality provides competitive advantage </li></ul><ul><li>Technical expertise available </li></ul><ul><li>Transactional and custom to the business (ordering, manufacturing) </li></ul><ul><li>Functionality is available to purchase (COTS) </li></ul><ul><li>Vendor packages provide necessary capability </li></ul><ul><li>Time to market is key </li></ul><ul><li>Solution type: </li></ul><ul><li>Payroll </li></ul><ul><li>GL/Finance </li></ul><ul><li>HR </li></ul><ul><li>Operating systems </li></ul><ul><li>Email </li></ul><ul><li>Security tools </li></ul><ul><li>Analytical/Reporting </li></ul><ul><li>Productivity Tools </li></ul><ul><li>Collaboration Tools </li></ul><ul><li>Non – transaction </li></ul><ul><ul><li>(ie Altiris) </li></ul></ul><ul><li>WAN/LAN </li></ul><ul><li>LMS </li></ul><ul><li>Student Admin. </li></ul><ul><li>Time to market </li></ul><ul><li>Non critical </li></ul><ul><li>Data is not sensitive or private </li></ul><ul><li>Need to segregate from internal operations (eg student email) </li></ul><ul><li>Limited internal expertise </li></ul><ul><li>High volume </li></ul><ul><li>Cannot easily be supported by internal infrastructure </li></ul><ul><li>Outsourcing opportunity </li></ul><ul><li>Competitive advantage can be accomplished with tight integration to package solutions or back office systems: </li></ul><ul><li>E-commerce </li></ul><ul><li>Portals </li></ul><ul><li>ERP </li></ul><ul><li>Websites </li></ul><ul><li>intranets </li></ul>
  26. 26. Oversight and Metrics <ul><li>Oversight </li></ul><ul><ul><li>Steering Committees that approve and prioritize IT investment </li></ul></ul><ul><ul><li>Ensure alignment </li></ul></ul><ul><ul><li>Ensure appropriate resources and roles/responsibilities </li></ul></ul><ul><ul><li>Escalation and issue resolution </li></ul></ul><ul><ul><li>Visibility </li></ul></ul><ul><li>Metrics and KPIs </li></ul><ul><ul><li>Project Delivery </li></ul></ul><ul><ul><li>Resource Allocation </li></ul></ul><ul><ul><li>ROI measurements </li></ul></ul><ul><ul><li>Throughput </li></ul></ul><ul><li>Availability and SLA’s </li></ul>
  27. 27. FY10 Project Metrics FY10 Q3 YTD
  28. 28. Business Strategy Business Initiatives IT Initiative Request Portfolio Assessment Criteria Application Lifecycle Phase Investment Decision Update Application/ Initiative Portfolio Repeat Process Project Reporting <ul><li>Executive Committee </li></ul><ul><ul><li>Plan </li></ul></ul><ul><ul><li>Prioritize </li></ul></ul><ul><li>Project Life-cycle Cost </li></ul><ul><ul><li>Return on Investment </li></ul></ul><ul><ul><li>Payback Period </li></ul></ul><ul><li>Invest </li></ul><ul><li>Reduce/Maintain </li></ul><ul><li>Retire </li></ul><ul><li>Replace </li></ul><ul><li>Align with Business Objective </li></ul><ul><li>Business Case </li></ul><ul><li>Benefit Value versus Risk </li></ul><ul><li>Value </li></ul><ul><li>Efficiency </li></ul><ul><li>Cost </li></ul><ul><li>Risk </li></ul><ul><li>Profitable Growth </li></ul><ul><li>Best-in-class Op-ex/working capital </li></ul><ul><li>Customer Loyalty </li></ul><ul><li>Attract//retain best-in-class assoc </li></ul>Re-architecture Plan Technical Standards GOVERNANCE – ITERATIVE PROCESS