2. Introduction
“The managerial functions cannot be performed without
information.”
Robert Murdoch & Joel Ross
Journal of System Management
1969
“Knowledge has become the central economic resource.”
Peter F. Drucker
A long time ago …
3. Introduction
“Without business intelligence, companies are swiftly
punished.”
Gary Cokins
Performance Management
2004
“The general lack of success in fully utilizing the
computerized information system is made even more
acute, and its resolution made even more imperative, by
the fact that some companies have achieved success. ”
John H. Burnett
Journal of Systems Management
1969
4. Introduction
“Our mission is to be the recognized global leader in
IT governance, control and assurance.”
ISACA
Michael P. Cangemi
Information System Control
Vol. 2, 2000
“...IT... is a cost of doing business that must be paid by all,
but provides distinction to none.”
Nicholas Carr
“IT Doesn’t Matter”
Howard Business Review
2003
5. Introduction
“Technicians – not management – are setting the goals for
computers.”
John Diebold
Harvard Business Review, 1969
Ron Hay
Ralph & Kacoo’s, 2004
6. What is IT Governance and what does
it address within an organization?
IT governance specifies decision rights and creates an
accountability framework that encourages desirable
behavior in the use of IT.
Governance approaches should be based on the degree
of enterprise commonality that exists, the urgency of
required responses and the frenzy (and pressure) to
perform.
Consequently, Gartner recommends tailoring and
balancing general-purpose management models to
meet unique organizational needs.
7. Top Level IT Governance
Top Level IT Governance Addresses Three Major
Components:
1. What decisions need to be made?
. . . decisions about major IT domains
• IT Principles
• IT Infrastructure Strategies
• IT Architecture
• Business Application Needs
• IT Investment and Prioritization
• External Relationships
2. Who has decision and input rights?
. . . Rights are exercised in different governance
8. Top Level IT Governance
3. How are the decisions formed and enacted?
. . . Multiple mechanisms make governance work
• Decision Making Councils (e.g., Office of CIO)
• Business/IT Relationship Managers
• Process Teams
• Service-Level Agreements
• Chargeback Arrangements
9. Balancing the IT Management Triad
Vision and
Business Alignment
Funding, Budgeting
and Pricing Staffing and Organization
• Reinvestment?
• Application prioritization?
• Continuous migration?
• Outside suppliers?
• Roles and responsibilities?
• Process?
• Compensation?
• Retention?
• IT policy?
• IT strategy?
• Governance?
• Shared services?
IT as a back-
office utility overhead
IT as a business
enabler and
competitive weapon
10. Administrative Process Map:
IT Governance Aligns these
Processes
Investment Prioritization
Business Strategic Plan
IT Strategic Plan
Budget
Strategic Sourcing
Human Resources Acquisition
Project Management
Service Delivery
Corporate Performance
Management
Political Agenda
Business Case Inputs
• Organizational Capacity
• Cost
• Time
• Risk
• Procurement
• Portfolio Performance
Desires
Decisions
Tactical
Execution
11. IT Governance vs Management
IT Governance and Management Are Not the
Same
What IT Governance Is:
Collective decisions and guidance about:
How IT should be used in the
business (policies, principles)
Who makes What decisions How
(clear accountabilities)
Business cases and investments
(priorities, ownership and benefits
realization)
12. What Are the Key Components that
Make Up IT Governance?
An IT Governance framework usually comprises the following
components:
Structural Model
Mission - Purpose and approach to managing the IT
organization
IT Organization - Structure, reporting relations and connections
between resources and their counterparts across the IT
organization
Roles & Responsibilities - Definition of work requirements and
the groups/individuals to perform them
Operational Model
• Processes - Pre-defined activity flow for necessary actions and
creation of outcomes
• Measures - Accountability mechanisms at all levels
• Policies - Pre-defined decision on boundaries, standards,
latitude
• Information and analysis to inform decisions
13. Components that Make Up IT
Governance
Customer / End User
Help Desk and Local/Peer Support
Shared Services
Infrastructure and Production Support
Systems - Network - Data - Applications Asset
Management - Operations
CIO
BU
Managers
Functional
Management
Relationship
Manager
Office of
Integration
BU
CIO
Competency Centers
Network and Data Design
Change Management
“Exotics” (Multimedia, Intranet)
Support
Maintain
Proposal
Requirements
Test
Build/Buy
Design
Specification
Assessment
Project
Manager
Project
Office
Project
Manager
Functional
AD team
Development
Services
BU
AD team
Process
Office of
Architecture,
Standards &
Planning
Office of the CIO
14. The Three Components of IT
Governance
1. What decisions need to be made?
2. Who makes them?
3. How are they made?
15. 1. What Decisions Need To Be Made?
. . Clarify Five Major IT Decision Domains
.
IT Infrastructure
Strategies
Business Application
Needs
IT Investment and
Prioritization
Strategies for the base foundation of budgeted-for IT capability
(both technical and human), shared throughout the firm as
reliable services, and centrally coordinated (e.g., network, help
desk, shared data)
High level statements about how IT is used in the business
An integrated set of technical choices to guide the organization in
satisfying business needs. The architecture is a set of policies
and rules that govern the use of IT and plot a migration path to
the way business will be done (includes data, technology, and
applications)
Decisions about how much and where to invest in IT including
project approvals and justification techniques
IT Principles
Business applications to be acquired or built
IT Investment and
Prioritization
Business Application
Needs
IT Architecture
IT Infrastructure
Strategies
16. Defining IT Principles/Policies
Characteristics of effective principles/policies
Actionable — facilitate decision making
Succinct — express a focused point of view
Appropriate specificity: not too general ("Motherhood and Apple Pie
"); there must be a compelling alternative
Clear implications — adhering or not adhering to the principle/policy
should have consequences
Relevant — address the specific business context of an enterprise
(business trends, IT trends, corporate culture and values)
Components of principles/policies
Principle statement
Rationale
Implications
17. 2. Who Has Decision Rights And Inputs?
. . Rights Exercised In Six Governance
Styles
.
C-level executives, as a group or individuals, including
the CIO (but not acting independently)
C-level executives and at least one other group.
(Equivalent to the center and states working together)
IT executives and one other group (eg CXO or BU leaders)
Business unit leaders or their delegates
Individuals or groups of IT executives
Each individual business process owner or end user
Business
Monarchy
Federal
Duopoly
Feudal
IT
Monarchy
Anarchy
Who Makes The Decisions?
18. 3. How Can IT Governance Arrangements
Be Represented?
IT
Principles
IT Infra-
structure
Strategies
IT
Architecture
Business
Application
Needs
IT
Investment
Business
Monarchy
IT
Monarchy
Feudal
Federal
Duopoly
Style
Don’t Know
Style
Domain
Anarchy
Anarchy
19. Top-10 Current IT Issues
1. Funding IT
2. Administrative/ERP/Information Systems
3. Security and Identity Management
4. Strategic Planning for IT
5. Faculty Development, Support, and
Training
6. Infrastructure Management for IT
20. Top-10 Current IT Issues
7. E-learning/Distributed Teaching and
Learning
8. Web Services/Web-Based Systems
8. Enterprise-Level Portals
10. Business Continuity/Disaster Recovery
10. Governance, Organization, and
Leadership for IT
21. Components of IT Governance
Strategic Alignment of IT with Business Objectives
Delivering Value
Defined and Measured
Performance Management
How Plans are Transferred into Results
“You cannot manage what you cannot measure.”
Managing Risks
IT Resource Management
22. Components of IT Governance
Worldwide Survey by ITGI
Have you implemented, are you considering
implementation, or are you in the process of
implementing:
Strategic Alignment 49%
Delivery Value 39%
Performance Management 34%
Managing Risks 34%
IT Resource Management ??
IT Governance Institute
2003
23. Components of IT Governance
“The mere presence of a high level steering committee is
not governance.”
S. Arantha Sayam
I.S. Control
Vol. 2, 2004
24. What is IT Governance?
Structure to help align IT strategy with
business strategy
According to ITGI, there are 5 areas of focus:
Strategic alignment
Value delivery
Resource management
Risk management
Performance measures
25. Why is IT Governance
important?
Compliance with regulations
Competitive advantage
Support of enterprise goals
Growth and innovation
Increase in intangible assets
Reduction of risk
26. Who is involved?
Team leaders
Managers
Executives
Board of Directors
Stakeholders
27. IT Governance Framework
(ITGI)
Set Objectives
v IT is aligned with the business
v IT enables the business and
maximizes benefits
v IT resources are used responsibly
v IT-related risks managed
appropriately
Provide
Direction
Compare
Measure
Performance
IT Activities
v Increase automation (make the
business effective)
v Decrease cost (make enterprise
efficient)
v Manage risks (security reliability
and compliance)
29. Aligning IT and Business
Strategy
Corporate Mission – Business Goals – IT
Strategy
Requires involvement from many levels and
activities within the enterprise.
Lack of alignment leads to adverse business
issues.
Strong IT Governance contributes toward
proper alignment.
31. Ensuring Value and
Effectiveness
IT issues are the least understood, despite
increasing reliance placed on IT.
Initiate IT governance structures with the right
level of executive involvement.
Board of Director’s require essential IT related
skills
32. IS Governance
Consists of leadership, organizational
structures and processes that safeguard
information.
Security over information assets.
Benefits of IS Governance.
IS -> is a top-down process.
33. Measuring IT Governance
Performance
Measuring IT performance is a key concern as
it demonstrates the effectiveness and added
business value of IT.
Commonly seen as the IT “Black Hole” – costs
continually rise without clear evidence of value
derived from the IT function.
Traditional performance measurement
methods require monetary values which are
hard to apply to IT systems.
35. IT Balanced Scorecard
One of the most effective means to aid an
organization in achieving IT and business
alignment.
Provides a systematic translation of the IT
strategy into tangible success factors and
metrics.
Gives a balanced view of the value added by
IT to the business.
Calculating the value of IT investments is a
business issue for which business managers
are ultimately responsible for.
36. Harley Davidson IT Governance
Case Study
Harley Davidson is the oldest producer of motorcycles and has
achieved 20 consecutive years of record growth. Until 2003, Harley
Davidson focused solely on manufacturing and selling high quality
motorcycles.
They realized that for continued growth, they must unite
management and the IT and Audit functions with a common
governance while maintaining their unique company culture.
They realized that for continued growth, they must unite
management and the IT and Audit functions with a common
governance while maintaining their unique company culture.