For some organizations, IT governance is just another set of standards that is stated yet with few (or no) compliance expectations, little actual verification occurring, few or no metrics to indicate compliance, and even less use of the results by senior management to run their organization. Without support for standards, including practices, policy, verification, metrics and management’s commitment to use the results to manage the organization, IT governance, like any other standard, will only be perceived as yet another item that has little management support and is lacking value in the organization.
While having IT governance standards and framework for support is important, it is more important that the business objectives drive IT governance that improve organizational
efficiency and competitive advantage. Cost cutting can also be a driver, but if you are cost cutting without gaining efficiency or competitive advantage, then this may actually hurt an organization since the wrong areas are unknowingly cut.
Strategies for Linking Business Value to IT Governance
Often times, organizations look at IT and IT governance as simply managing the computers in the workplace. It is basic administration where costs must be managed. This is a very small part of the true value of IT and IT governance. It can often be challenging to identify how to link business value to IT governance.
It takes an IT savvy CIO to understand how IT can be used to expand business, bring additional value to the organization, and make an organization more competitive in this highly IT structured world. It is the way that IT is being used that will ultimately determine its value to the organization. So where to begin? An organization should consider strategies that integrate business objectives with IT. Since initiating IT Governance can be challenging, then strategies should introduced at the level the organization is able. Some strategies include:
Prototyping and Piloting
An early IT governance strategy can be introducing the notion of IT prototypes and pilots. This helps evaluate the solution utilizing a very small investment to determine if it meets the established business objectives. While prototyping and piloting are not new concepts, they may not always be conducted in support of business objectives.
Therefore, prior to introducing a new technology, consider prototyping the possible solution. Prototyping validates or allows testing of the idea prior to investing larger amounts of money into the business idea. A prototype can allow internal people to get their hands onto the idea. This allows people to better estimate if the idea is worth the cost.
If the prototype is successful, then a pilot can be conducted to further investigate the value of the new technology to the company. Piloting applies additional, but limited capital to the idea for establishing a working model to assess the performance of the design without actually going into full production mode. People external to the organization may participate in evaluating the idea to further determine if the idea is worth the cost and further to determine if external people see enough value and a willingness to pay for the business idea in practice.
Common Architecture Framework
As an organization grows and more products are built, it can be of great advantage to establish an architecture framework that IT can align with. Because having products work together is critical, establishing an IT governance strategy to ensure easy integration, reduced maintenance, solid performance, while assuring data integrity are key aspects of architecture. One aspect is to identify common and reusable components in certain areas that all or most applications within an organization can use.
An example is to establish a high security single sign-on login component which all applications can plug into their application architecture. This reduces or eliminates complex integrations for login across application suites and decreases maintenance. Another step is to establish an overall architecture framework such as following tiers and layers to understand whether the application is in the front-end or back-end and its technology stack. When business objectives are defined moving forward, this framework is helpful to determine if there are already products within a given space that meet some or most of those business objectives. This may reduce the need to develop completely new products and instead, use existing products or components therein.
IT Decision Making
In order for IT governance to work, first the basics need to be in place. This includes the standards, practices, policies, compliance verification, and metrics. Second and most important, is that management must use these elements to manage their organization. The implication is that management must establish a decision-making model to guide them in making IT decisions that align with the direction of their organization. Decision making should be based on the business objectives that the organization finds valuable that lead to a competitive edge.
Then the business must execute on other elements of making a standard work (e.g., practice, policy), and using the compliance verification and metrics as a result to guide their organization to ensure the business results are aligning with the business objectives or adjust the IT standards until business objectives are met.
Evaluating IT Vendors
Another strategy for IT governance is to establish a process for evaluating IT products and the vendors that build them. Does the vendor product have a roadmap of development over the next couple of years? Does the IT vendor have an IT governance strategy or does it have a set of technology standards that it follows? Does the technology that vendor builds align with the business objectives? This can help an organization understand the direction of the vendor product line and see if the technologies used align (or not) with the organization. While request for proposals (RfPs) used to assess a vendors, they typically do not include information on the vendor's technology roadmap or current technology stack. This is why a more thorough strategy of evaluating a vendor's IT roadmap or technology stack is needed.
Finally, there are IT governance strategies that are more formal. Two such formal approaches are the common objectives for information and related technology (otherwise known as COBIT) and the information technology iInfrastructure library (otherwise known as ITIL). COBIT provides an overall IT governance framework, enables policy development and the establishment of practices for IT control throughout organizations. COBIT emphasizes regulatory compliance and helps organizations to increase the value attained from IT. A minimal form of COBIT that can be used is called COBIT Quickstart.
ITIL grew out of the British government's desire to develop a common framework for auditing the IT function of its many agencies. Formal frameworks may be a lot for many organizations to implement all at once but there are parts that can be implemented in an incremental manner.
When embarking on IT governance, it is important to start with identifying the business objectives and drivers within the organization. The IT governance strategy should be based on the objectives and then periodically assessed to ensure the objectives are being met. Ultimately for any IT governance to take solid hold in an organization, senior management must truly understand the strength of IT, integrate it into the business plan, establish IT governance, and be committed to ensure it works.
Finally, the IT governance strategy must ultimately be strong enough to survive the political wars in most organizations so that IT governance principals do not change except when the business objectives change. This will help the business realize the true value of IT and allow them to put IT to work for them for both the short and the long run.
1. "IT Governance: How Top Performers Manage IT Decision Rights for Superior Results", by Peter Weill and Jeanne Ross, published by Harvard Business School Press, 2004.
2. "How to Tap IT's Hidden Potential", by Amit Basu and Chip Jarnagin, published in the Wall Street Journal, Mar 10, 2008.
3."Framework for Evaluating and Implementing Standards", by Mario Moreira, Feb 08, published at CM Crossroads (www.cmcrossroads.com).