Professional Documents
Culture Documents
Information
Technology
Governance
Alan McSweeney
Practical Information Technology Governance
Contents
63% of organisations feel that IT is very important to the delivery of the overall
organisation strategy. Yet only 33% of general management within organisations see the
alignment between business and IT as being very good. The need to bridge this
disconnect between business and IT is one of the fundamental reasons for IT Governance.
Implementing IT Governance is good for both the organisation and for IT. It ensures
that IT delivers value and that the value of IT is understood. Appropriate IT Governance
can yield real business benefits. IT Governance imposes a standard that ensures IT is
aligned to business strategy and objectives.
Some “quick wins” from IT Governance can be achieved by implementing the following:
Page 2
Practical Information Technology Governance
IT Governance can be seen as one more non-value adding overhead that is part
How would you rate your
of the ever increasing compliance overhead imposed on organisations. There can
organisation’s maturity level on
be a real reluctance to considering IT Governance programmes because of
IT Governance?
“compliance fatigue” associated with the many compliance requirements that
have arisen in the past years. However the adoption of appropriate and relevant
IT Governance will yield real business benefits. Appropriate is the key word
here: there are no prizes for excessive controls.
Page 3
Practical Information Technology Governance
How would you describe the level There are two aspects to IT controls:
of engagement by business
management in the governance 1. IT must implement internal controls around how it operates
of IT-enabled business 2. The systems IT provides to the business and the underlying business
initiatives? processes these systems implement must be controlled – these are controls
external to IT
The twin drivers of increasing complexity and the need for greater cost controls
will exert continuous pressure on IT operations and make using best practice
Source: IT Governance Global frameworks to implementing governance solutions the only real answer
Status Report—2008 available.
Page 4
Practical Information Technology Governance
63% of organisations feel that IT is very important to the delivery of the overall
How would you describe the fit
organisation strategy. Yet only 33% of general management within
or alignment between your
organisations see the alignment between business and IT as being very good.
corporate governance practices
The need to bridge this disconnect between business and IT is one of the
and IT Governance practices?
fundamental reasons for IT Governance. The drivers of IT Governance include:
IT Governance is important for all organisations. Those without an IT Source: IT Governance Global
Governance strategy face risks; those with one perform better. Status Report—2008
Goals of IT Governance
1. IT Value Delivery: focus on optimising cost and the value of IT How important do you consider
2. Risk Management: focus on safeguarding IT assets, disaster IT to be to the successful
recovery and continuity of operations delivery of the business strategy
Means to Achieve IT Governance Goals or vision?
3. IT Strategic Alignment: focus on aligning IT with the business and
collaborative solutions
4. Performance Measurement: focus on tracking project delivery and
monitoring delivery of IT services.
Page 5
Practical Information Technology Governance
Page 6
Practical Information Technology Governance
Because COBIT has a detailed implementation framework, the project to Source: IT Governance Global
implement it and the associated time and cost can be defined more exactly. Status Report—2008
Page 7
On a scale from 1, not at all
serious, to 3, very serious, rate Practical Information Technology Governance
the severity of problems
experienced?
The framework can be customised and simplified to suit the requirements of the
organisation. In order to deliver and be seen to deliver quick wins from IT
Governance, the following areas should be given attention:
• Ensure that IT project and service priorities are based on business priorities
• Audit existing IT processes and modify to ensure they are effective
• Ensure that IT projects are lead by the business and strongly supported by
IT
• Develop an IT scorecard designed for a business audience that includes
details on how IT creates and delivers business value
• Implement a standard process for determining the business value (both
financial and non-financial) and risk of IT-enabled business investments
• Create an IT Strategy Committee with business involvement
COBIT has a broad coverage and a business focus. It seeks to ensure that IT
delivers what the business needs. COBIT focuses on the “what” rather than on
the “how”. It is a control and management framework, linking IT practices to
business requirements. COBIT is based on the principle that to provide the
information that the enterprise requires to achieve its objectives, the enterprise
needs to manage and control IT resources using a structured set of processes to
Source: IT Governance Global deliver the required information services.
Status Report—2008
COBIT is integrated with other standards and thus can become an umbrella
Has the situation regarding framework for IT Governance:
these problems deteriorated,
stayed the same or improved • It assists in understanding and managing the risks and benefits
during the past 12 months? associated with IT
• The process structure of COBIT and its business-oriented approach
provides an end-to-end view of IT
The COBIT process model of four domains contains processes that manage the
IT resources to deliver information to the business according to business and
governance requirements. Each of the processes contains a set of objectives.
The implementation of these COBIT processes within the toolset is divided into
four parts:
Page 9
Practical Information Technology Governance
Each process has three sets of goals measured by corresponding sets of metrics:
Goals Metrics
Delivery
Activity Goals Key Performance Indicators
Measured
Process Goals Process Key Goal Indicators
By
IT Goals IT Key Goal Indicators
How valuable do you think
In addition to the process-specific control objectives, COBIT includes a set of
COBIT is in your IT
generic process controls that are applied to all processes.
Governance efforts/initiatives?
Control Description
PC1 Process Assign an owner for each COBIT process such that
Owner responsibility is clear.
PC2 Define each COBIT process such that it is repeatable.
Repeatability
PC3 Goals and Establish clear goals and objectives for each COBIT process
Objectives for effective execution.
PC4 Roles and Define unambiguous roles, activities and responsibilities for
Responsibilities each COBIT process for efficient execution.
PC5 Process Measure the performance of each COBIT process against its
Performance goals.
Source: IT Governance Global PC6 Policy, Plans Document, review, keep up to date, sign off on and
Status Report—2008 and Procedures communicate to all involved parties any policy, plan or
procedure that drives a COBIT process.
COBIT includes a set of generic application control groups and detailed controls
that are applied to all processes:
Page 10
Practical Information Technology Governance
The lessons learned from implementing IT Governance relate to avoiding the all
too common problems associated with business and IT being disconnected: Source: IT Governance Global
Status Report—2008
• Management see a value from investments made in IT and see that IT is
an investment rather than a cost.
Which of the following measures
• IT is no longer seen as a barrier to implementing new strategies. IT
have you implemented, or are
becomes a strategic enabler rather than being seen as restricting the
you in the process of
ability of the business to respond to new opportunities.
implementing, to improve IT
• IT decision-making mechanism is open and transparent rather than management and governance?
slow, cumbersome and not apparent.
• Management understand and appreciate how IT is governed within the
organisation.
• IT projects are completed on time and on budget and deliver on the
committed benefits. Good project management is part of good IT
Governance.
alan@alanmcsweeney.com
Page 12