Notes accompany this presentation. Please select Notes Page view.

These materials can be reproduced only with written approval from Gartner.
Such approvals must be requested via e-mail: vendor.relations@gartner.com.
Gartner is a registered trademark of Gartner, Inc. or its affiliates.
Notes accompany this presentation. Please select Notes Page view.
These materials can be reproduced only with written approval from Gartner.
Such approvals must be requested via e-mail: vendor.relations@gartner.com.
Gartner is a registered trademark of Gartner, Inc. or its affiliates.
Governing IT
Louis Boyle
Vice President
Gartner Executive Programs
Agenda

Definitions & context
IT Governance Framework
- What the decisions
- Who the deciders
- How the mechanisms
- Implementation change management/communications
Key Success Factors
Case Study
Q & A
High Governance Performers Have Sharper
Strategies, Focus And Commitment*
Characteristics of High IT Governance Performers
- More focused strategies
Greater differentiation between customer intimacy, product
innovation, or operational excellence
- Clearer business objectives for IT investment
Greater differentiation between supporting new ways of doing
business, improving flexibility, or facilitating customer
communication
- High level executive participation in IT governance
Greater involvement, impact of CEO, COO, Business Heads,
Business Unit CIOs and CFO
Who could accurately describe IT governance arrangements
- Stable IT governance, fewer changes year to year
- Well functioning formal exception processes
- Formal communication methods
*Statistically significant relationship
with governance performance
2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc
Top Level IT Governance Addresses Three Major Components:
1. What decisions need to be made?
. . . decisions about major IT domains
IT Principles
IT Infrastructure Strategies
IT Architecture
Business Application Needs
IT Investment and Prioritization
External Relationships
2. Who has decision and input rights?
. . . Rights are exercised in different governance styles
Monarchy, Feudal, Federal, Duopoly, Anarchy
3. How are the decisions formed and enacted?
. . . Multiple mechanisms make governance work
Decision Making Councils (e.g., Office of CIO)
Business/IT Relationship Managers
Process Teams
Service-Level Agreements
Chargeback Arrangements
What is IT Governance and what does it
address within an organization?
IT governance specifies decision rights and creates an accountability framework that encourages
desirable behavior in the use of IT
Governance approaches should be based on the degree of enterprise commonality that exists, the urgency of required responses
and the frenzy (and pressure) to perform. Consequently, Gartner recommends tailoring and balancing general-purpose
management models to meet unique organizational needs.
Vision and
Business Alignment
Funding, Budgeting
and Pricing
Staffing and Organization
Reinvestment?
Application prioritization?
Continuous migration?
Outside suppliers?
Roles and responsibilities?
Process?
Compensation?
Retention?
IT policy?
IT strategy?
Governance?
Shared services?
IT as a back-
office utility overhead
IT as a business
enabler and
competitive weapon
Balancing the IT Management Triad
Administrative Process Map:
IT Governance Aligns these Processes
Political Agenda
Service Delivery
Project Management
IT Strategic Plan
Human Resources Acquisition
Strategic Sourcing
Budget
Corporate
Performance
Management
Desires
Decisions
Tactical
Execution
Investment Prioritization
Business Strategic Plan
Business Case Inputs
Organizational Capacity
Cost
Time
Risk
Procurement
Portfolio Performance
Cross-Agency Budget Cutting
What IT Governance Is:
Collective decisions and guidance about:

How IT should be used in the
business (policies, principles)
Who makes What decisions How
(clear accountabilities)
Business cases and investments
(priorities, ownership and benefits
realization)
IT Governance and Management Are Not
the Same
What Are the Key Components that Make
Up IT Governance?
An IT Governance framework usually comprises the following components:
Structural Model
Mission - Purpose and approach to managing the IT organization
IT Organization - Structure, reporting relations and connections between resources
and their counterparts across the IT organization
Roles & Responsibilities - Definition of work requirements and the groups/individuals
to perform them
Operational Model
Processes - Pre-defined activity
flow for necessary actions and
creation of outcomes
Measures - Accountability
mechanisms at all levels
Policies - Pre-defined decision
on boundaries, standards,
latitude
Information and analysis to
inform decisions
Customer / End User
Help Desk and Local/Peer Support
Shared Services
Infrastructure and Production Support
Systems - Network - Data - Applications Asset
Management - Operations
CIO
BU
Managers
Functional
Management
Relationship
Manager
Office of
Integration
BU
CIO
Competency Centers
Network and Data Design
Change Management
Exotics (Multimedia, Intranet)
Support
Maintain
Proposal
Requirements
Test
Build/Buy
Design
Specification
Assessment
Project
Manager
Project
Office
Project
Manager
Functional
AD team
Development
Services
BU
AD team
Process
Office of
Architecture,
Standards &
Planning
Office of the CIO
Top IT Governance Mechanisms Focus
On Business And IT Relationships
Not Effectiveness Very
2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc.
1 2 3 4 5
Chargeback arrangements
Web-based portals, intranets for IT
Formally tracking ITs business value
Architecture committee
Capital approval committee
Service level agreements
Tracking of IT projects and resources
Process teams with IT members
Executive committee
IT council of business and IT executives
IT leadership committee
Business/IT relationship managers
IT Governance Mechanism Effectiveness
% respondents
using
85
87
71
89
86
96
89
56
67
62
79
62
The Three Components of IT Governance
1. What decisions need to be made?
2. Who makes them?
3. How are they made?
1. What Decisions Need To Be Made?
. . Clarify Five Major IT Decision Domains
IT Infrastructure
Strategies
IT Principles
IT Architecture
Business Application
Needs
IT Investment and
Prioritization
Strategies for the base foundation of budgeted-for IT capability
(both technical and human), shared throughout the firm as
reliable services, and centrally coordinated (e.g., network, help
desk, shared data)
High level statements about how IT is used in the business
An integrated set of technical choices to guide the organization in
satisfying business needs. The architecture is a set of policies
and rules that govern the use of IT and plot a migration path to
the way business will be done (includes data, technology, and
applications)
Business applications to be acquired or built
Decisions about how much and where to invest in IT including
project approvals and justification techniques
2002 MIT Sloan Center for Information Systems Research (CISR). This material is adapted from Weill & Woodham's work originally
published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, "Don't Just Lead, Govern: Implementing Effective IT
Governance," April 2002, and is used by Gartner with permission.
Defining IT Principles/Policies
Characteristics of effective principles/policies
- Actionable facilitate decision making
- Succinct express a focused point of view
- Appropriate specificity: not too general ("Motherhood and Apple Pie
"); there must be a compelling alternative
- Clear implications adhering or not adhering to the principle/policy
should have consequences
- Relevant address the specific business context of an enterprise
(business trends, IT trends, corporate culture and values)
Components of principles/policies
- Principle statement
- Rationale
- Implications
2. Who Has Decision Rights And Inputs?
. . Rights Exercised In Six Governance Styles

Note: Some Governance styles were inspired by Davenport, 1997.
C-level executives, as a group or individuals, including
the CIO (but not acting independently)
C-level executives and at least one other group.
(Equivalent to the center and states working together)
IT executives and one other group (eg CXO or BU leaders)

Business unit leaders or their delegates
Individuals or groups of IT executives
Each individual business process owner or end user
Business
Monarchy
Federal
Duopoly
Feudal
IT
Monarchy
Anarchy
2002 MIT Sloan Center for Information Systems Research (CISR). This material is adapted from Weill & Woodham's work originally
published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, "Don't Just Lead, Govern: Implementing Effective IT
Governance," April 2002, and is used by Gartner with permission.
Style Who Makes The Decisions?
3. How Can IT Governance Arrangements
Be Represented?
IT
Principles
IT Infra-
structure
Strategies
IT
Architecture
Business
Application
Needs
IT
Investment
Business
Monarchy
IT
Monarchy
Feudal
Federal
Duopoly
Domain
Style
Anarchy
Dont Know
2002 MIT Sloan Center for Information Systems Research (CISR). This framework is adapted from Weill & Woodham's
work originally published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, "Don't Just Lead, Govern:
Implementing Effective IT Governance," April 2002, and is used by Gartner with permission.
IT Governance Example of Domains,
Decision Rights and Styles
2002 MIT Sloan Center for Information Systems Research (Weill) and
Gartner, Inc. drawing on the framework of Weill and Woodham, 2002.
Exec comm
Biz leaders
Exec comm
IT leadership
CIO
IT leadership
Exec comm
Biz leaders
CIO
IT leadership
Biz leaders
Biz pro own
Biz/IT rel mgs
Exec comm
Biz leaders
Biz leaders
Biz pro own
Cap appr
comm
Biz leaders
Biz pro own
Business/IT relationship managers Biz/IT rel mgs CIO, CIO's office and biz unit CIOs IT leadership
Business process owners Biz pro own Business unit heads/presidents Biz leaders
Exec comm subgroup, includes CIO Cap appr comm Executive committee ("C" levels) Exec comm
Input Decision
IT Principles
Input Decision
IT Infrastructure
Strategies
Input Decision
IT Architecture
Input Decision
Business
Application Needs
Input Decision
IT Investment and
Prioritization
Business
Monarchy
IT
Monarchy
Feudal
Federal
Duopoly
Governance Mechanisms
Domain
Style
Input rights Decision rights
Business And IT Executive Collaboration
Mark High IT Governance Performers
2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc,
drawing on the framework of Weill and Woodham, 2002.
IT Principles
IT Infrastructure
Strategies
IT Architecture
Business
Application Needs
IT Investment and
Prioritization
Business
Monarchy
IT
Monarchy
Feudal
Federal
Duopoly
Anarchy
Domain
Style
Top three patterns of high IT governance performers
1
2
3
Six Guiding IT Principles
1. IT will enable and provide strategic value to the business.
2. IT architecture & standards shall be governed at the enterprise
level to ensure integrity, planned evolution, and periodic refresh in
light of new technologies and business strategies.
3. Information is our business, so data is one of our most valuable
assets. It must be accessible, managed and protected accordingly.
4. IT will reuse before it buys and buy before it builds.
5. As new applications are developed, we will strive to create
reusable components and processes (in line with the architecture)
to facilitate business reuse where appropriate.
6. IT will strive to reduce complexity in the the technology
environment.







What IT decisions are made

Rationale
IT Services and Solutions must meet business needs and help drive value.

Implications
IT will be students of the business to provide appropriate technical solutions and
support, IT must understand the business
IT will manage appropriately within established budget
IT will make provisions to ensure Business is an educated consumer of IT Products and
Services
IT Application Leadership will engage with Business in business strategy, planning, and
management
IT will partner with Business Unit leadership to support enterprise requirements and
business solutions
Business processes need to be optimized to obtain full benefits of technological solutions
IT Business Relationship Managers will represent all facets of the IT function to the
Business Units
IT will provide business consulting services (alternatives, pros, cons, recommendations)
as a partner to its business clients
IT will evaluate alternative technological and sourcing approaches to provide business
solutions
IT must be easy to do business with - make IT easy to navigate for business
colleagues


IT Will Enable and Provide
Strategic Value to the Business
Input Decision
Business
App Needs
IT Monarchy
Feudal
Federal
Duopoly
Domain
Style

Input rights
Decision rights
Business Application Needs
- Major Decisions Addressed
Rule of 7
Only those decisions that the governing
entity reserves clearly and completely
for itself, with no delegation

- Mechanism
Input Forum
Decision Forum
Trigger: Regularly scheduled at xxx
interval, or reactive based on yyy
Sponsor

- Metrics
Minimum metrics to ensure successful
operation and compliance

- Compliance
Loop-closing mechanism
MUST fit the culture
Refer to Exception process for more
information
IT Governance Mechanisms

How the Decisions Get Made
Business
Monarchy
Anarchy
Exception Process
Exceptions to the IT Governance processes should be very rare and well-justified. In cases
where an involved party has significant issues or concerns regarding a decision reached
via the IT Governance processes, the following process should be followed:
- For Senior Management Team decisions
- CEO makes final decision

- For Senior Management Team, CIO & ITLC decisions
- Sr. Leader (or designee) approaches appropriate ITLC member with specific
circumstances
- CIO & Sr. Leader formally approve exception
- Escalate to CEO, if necessary

- For Business Unit Leaders decisions
- Sr. Leader approaches Application Head with specific circumstances
- CIO & Sr. Leader must formally approve exception
- Escalate to CEO, if necessary
Sample IT Governance Mechanisms

How the Decisions Get Made
Implementing IT Governance
Communications/Change Management Components
Executive (CEO leadership team meetings, COO leadership team meetings)
socialization presentations, discussions
Executive announcement Elevator speech (COO to CEO & CEO direct reports)
Executive summary slide deck
BRM (business relationship manager) communication tools
- Slide deck
- Suggested talk track
- Suggested email announcement
- FAQs
Core team continued availability during above

Key Success Factors for IT Governance
The full buy-in of the CEO & direct reports is required
Clear participation of the business (its all about governing IT)
- A willingness between Corporate and the business units as well as
across business units to cooperate and to develop a solution that is
supported by all is essential
Existing organizational and decision making structures cant be
sacred cows as they will be questioned and likely modified
The project cant be treated as an IT project
Formal change management needs to be part of the work
Communicate, communicate, communicate
Minimal loop closing is required to ensure compliance
Typical Benefits of Implementing an IT
Governance Framework
Enhanced alignment between the Business and IT
Improved IT decision-making & communications
- Overall clearer
- More efficient as decisions and communications are quicker and more cost-
effective
- More effective as the right decisions get made
Improved perception of value of IT
More focused strategies
Clearer business objectives for IT investment
High level executive participation in IT governance
Stable IT governance, fewer changes year to year
Well functioning formal exception processes
Formal communication methods
Typical Project Timeline
The following presents a more or less typical timeline for projects of this nature:











Depending on the specifics of the project, a more detailed timeline will have to be
developed
Milestones
Project Planning
Governance Requirements
Identification
Governance Design
Transition

Month 1 Month 2 Month 3
Example
Summary of Case Study

Assess Your IT Governance Effectiveness
Short Form Self-Assessment
6 or less (no effective IT governance)
10-13 (maturing IT governance)
IT Governance Effectiveness Indicators
Disagree
Strongly
(Score 0)
Disagree
Somewhat
(Score 1)
Agree
Somewhat
(Score 2)
Agree
Strongly
(Score 3)
Total
2. We have clear business objectives for
evaluating every type of IT investment
3. Executives are engaged in IT governance
and can describe these arrangements
1. We have strongly differentiated business
strategies
5. We use well-defined, formal IT exception
processes
4. Our IT governance is stable, with few major
changes year-to-year
6. We use multiple formal communication
methods to engage business leaders
7-9 (low-level IT governance)
14+ (top performer, guard against complacency)
1
1
1
1
1
1
0
0
0
0
0
0
2
2
2
2
2
2
3
3
3
3
3
3
2002 Gartner, Inc. and MIT Sloan Center for Information Systems Research (Weill)
Assess Your IT Governance Effectiveness
Long Form Self-Assessment
Assess your current position on a journey into the future. For each area, rate
these factors, where 1 means strongly disagree, 5 means strongly agree.
Decisions
1. Clarity about decision rights
2. Consistency
3. Strong business cases
4. Business roles clear
5. Appropriate committees
6. Optimized budgets
7. Architecture plan
Directions
1. Aligned strategies
2. IT strategy known
3. Defined IT principles
4. Risks assessed & managed
5. Business value understood
6. Performance metrics clear
Relationships
1. Clear links to corporate governance
2. Strong and trusted teamwork between business and IT
3.Strong and trusted teamwork within IT
Implementing IT Governance
General Project Approach
Plan it, work it!
- Game plan, self-assessment, project plan
Establish IT Governance Principles based on overall IT strategy
Evaluate effectiveness of current IT Governance-like mechanisms, if any do
exist either within Corporate or the business units
Develop Governance processes as appropriate (structural and operational
model)
Establish clear relationship between the various IT Governance components
Validate IT Governance framework and processes with Business Owners
Implement new IT Governance framework
- Roll out to all of IT & Business
- Thorough communications & PR campaign
Establish IT Governance oversight role to monitor processes, effectiveness,
and compliance

Q & A
?

!
Appendix Sample
Deliverables
Example Topics for IT Principles/Policies
Governance
Investment
Evaluation Criteria
Investment Decision
Making
Funding
Cost Allocation
Benefits Realization
Architecture
Project Management
Privacy
Procurement
Operational Risk
Business Continuity
Security
Organizational
Development
Summary of Case Study
List of 6 guiding principles
Details - principle 1
Details - principle 2
Governance arrangements matrix
Details for one IT governance mechanism
Exception process
Communications process

Sample of Six Guiding IT Principles
1. IT will enable and provide strategic value to the business.
2. IT architecture & standards shall be governed at the enterprise
level to ensure integrity, planned evolution, and periodic refresh
in light of new technologies and business strategies.
3. Information is our business, so data is one of our most valuable
assets. It must be accessible, managed and protected
accordingly.
4. IT will reuse before it buys and buy before it builds.
5. As new applications are developed, we will strive to create
reusable components and processes (in line with the
architecture) to facilitate business reuse where appropriate.
6. IT will strive to reduce complexity in the the technology
environment.
What IT decisions are made
IT will enable and provide strategic value to the business
- Rationale
- IT Services and Solutions must meet business needs and help drive value
- Implications
- IT will be students of the business to provide appropriate technical solutions and support, IT
must understand the business
- IT will manage appropriately within established budget
- IT will make provisions to ensure Business is an educated consumer of IT Products and
Services
- IT Application Leadership will engage with Business in business strategy, planning, and
management
- IT will partner with Business Unit leadership to support enterprise requirements and business
solutions
- Business processes need to be optimized to obtain full benefits of technological solutions
- IT Business Relationship Managers will represent all facets of the IT function to the Business
Units
- IT will provide business consulting services (alternatives, pros, cons, recommendations) as a
partner to its business clients
- IT will evaluate alternative technological and sourcing approaches to provide business solutions
- IT must be easy to do business with - make IT easy to navigate for business colleagues
Sample IT Principles - 1
What IT decisions are made
IT architecture & standards shall be governed at the enterprise level to ensure
integrity, planned evolution, and, periodic refresh in light of new technologies
and business strategies
- Rationale
- A satisfactory control environment is dependent on meeting enterprise architecture and standards with the
aim of reducing permutations of technology and enforcing change management
- Research and development into new technologies is a costly investment. Sharing the cost among enterprise
activities may permit more technology exploration and further the exploitation of promising technologies.
Economies of scale can be realized by sharing architecture and standards as guidelines
- Only through local unit compliance with enterprise architecture and standards will we achieve the required
integrity planned evolution and refresh of our technology base
- Implications
- The creation of and adherence to standards are the joint responsibility of all IT organizations
- We will strive for consistent and single standard IT processes including: change management, IT security
standards, disaster recovery, ID management, development methodology
- Business specific architecture and IT architecture shall align with the Enterprise Architecture (EA). EA

shall be
our architecture
- Changes or modifications to the EA

architecture will be governed at the greater enterprise-level
- Enterprise views toward an architectural design or standard such as those effecting compliance and
regulatory needs (e.g., SOX, Privacy) must be considered when designing a technology solution
- Only one IT project methodology shall exist
- Continuing investment must be made to keep our infrastructure environment current
- Infrastructure services are managed at an enterprise level
Sample IT Principles - 2
What IT decisions are made
Sample IT Governance Arrangements Matrix

2002 Gartner, Inc. and MIT Sloan Center for Information Systems Research (Weill) drawing on
the framework of Weill and Woodham, 2002.
Who makes the decisions
Input Decision
Overall
IT Principles
Input Decision
IT Infrastructure
Strategies
Input Decision
IT
Architecture
Input Decision
Business
App Needs
Input Decision
IT Investment /
Prioritization
Senior
Mgmt. Team
CIO / Ent IT
BU Leaders
ITLC
Senior Mgmt.
CIO & ITLC
Domain
Style

IT Leadership Council (includes App Head) ITLC
Leaders from the Business Units BU Leaders
CIO / Ent IT Combined Corp Office and IT Leadership Senior Mgmt & ITLC
Corporate office (CEO and Staff) Senior Mgmt Team
Input rights Decision rights
External
Relationship
Input Decision
CIO office and Enterprise IT
* CIO has Veto rights
*
Input Decision
Business
App Needs
CIO / Ent IT
BU Leaders
ITLC
Senior Mgmt.
CIO & ITLC
Domain
Style

Input rights
Decision rights
Business Application Needs
(Governed by each Business Unit / Function independently)
- Major Decisions Addressed *
- Approve application strategy and direction
- Determine appropriate application resource allocation; resolve major resource
conflicts
- Propose significant application initiatives and projects
- Approve and prioritize application initiatives and projects (within parameters
established by Prioritization process)
- Sponsor major projects to the Prioritization process
- Provide oversight for significant initiatives and projects
- Approve business risk mitigation tactics and strategies (with app impact)

- Mechanism
- Input Forum: ITLC meetings or CIO staff meeting
- Decision Forum: Regularly scheduled business unit leadership meetings (one
per Business Unit / Function)
- Trigger: Regularly scheduled (no less than quarterly)
- Sponsor: Application Head
*
* CIO has Veto rights
Refer to Exception process for more information
Sample IT Governance Mechanisms

How the Decisions Get Made
Senior Mgmt.
Team
Exception Process
Exceptions to the IT Governance processes should be very rare and well-justified. In cases
where an involved party has significant issues or concerns regarding a decision reached
via the IT Governance processes, the following process should be followed:
- For Senior Management Team decisions
- CEO makes final decision

- For Senior Management Team, CIO & ITLC decisions
- Sr. Leader (or designee) approaches appropriate ITLC member with specific
circumstances
- CIO & Sr. Leader formally approve exception
- Escalate to CEO, if necessary

- For Business Unit Leaders decisions
- Sr. Leader approaches Application Head with specific circumstances
- CIO & Sr. Leader must formally approve exception
- Escalate to CEO, if necessary
Sample IT Governance Mechanisms

How the Decisions Get Made
Sample IT Governance Communications
Components
Executive (CEO leadership team meetings, COO leadership team meetings)
socialization presentations, discussions
Executive announcement Elevator speech (COO to CEO & CEO direct reports)
Executive summary slide deck
BRM (business relationship manager) communication tools
- Slide deck
- Suggested talk track
- Suggested email announcement
- FAQs
Core team continued availability during above

Return
Sample IT Governance Design -
Enterprise Architecture
IT Architecture
Domain Teams
IT Architecture IT Architecture
Domain Teams Domain Teams
IC CIOs
IC CIOs
IT BOG
IT BOG IT BOG
XYZ
Director
IC
Directors
IC
Directors
IC
Directors
FARB FARB FARB
Architecture
Review Board
Architecture Architecture
Review Board Review Board
IC
Directors
EA Updates for Approval
Exception
Evaluations-major
Technical Advice for
EA Funding or Appeals
Advice
Exception
Evaluations-minor
Exception Requests
Advice for EA Funding
Advice
Guidance
Office of the
Chief IT Architect
Office of the Office of the
Chief IT Architect Chief IT Architect
Leadership
Project
Teams
XYZ CIO
Example Mechanism, Roles, Process
Sample IT Governance Design -
Clarifying Roles & Responsibilities
RACI analysis clearly defines who is Responsible, Accountable, Consulted,
Informed on all decisions, activities, etc.
Organizational
Function
WCIT Services
Catalyst
Group
Ops
Center
Bus
Supt
Team
Central
Service
Tech
Supt
Tech
Eng.
IT
Plan
ing

Client
IT
Mgmt
Team
Application Operations Support - no code changes
R A R R C,I
Application Maintenance - fix bugs
R A R C,I
Application enhancements
R A R C,I
Application Development In-house development,
purchased Apps., application integration
I R R C,I R R I A R
Local Application Development and support
R A I C,I R I C,I R
Level-1 Support
Resolves common problems associated with
desktops, servers, Applications, etc.
Hardware Break/Fix
Is accountable for the problem resolution
Change management coordination
Security administration
Central Help Desk
Interfaces to 2
nd
level and Business Support Team
I R A R I C,I R
Level-2 Support
Resolves more complex problems associated
with desktops, servers, others.
Accountable to Level-1
Recommends new configuration.
I R R C,I A C,I C,I R
Formal Client Training (remedial, operational)
I R C,I I I I A R
Client Consulting
Help client select new local software
Provide consulting on IT foundation technology
and standards.
Evaluate base cost increase to IT (if any)



I I A I C,I C,I I C,I R
IT
Governance
Goals
Domains
Principles
Decision Rights
Styles
IT Governance Strategy
IT Governance Operations
Supply
Governance
(How Should IT Do What It Does?)
IT Management Primary Responsibility
Demand
Governance
(What Should IT Work On?)
Business Management Primary Responsibility
Biz/IT Strategy
Validation
Overall
IT Investment &
Expense
Develop Demand
Governance
Processes
Biz/IT Operational
Planning
IT Investment
Portfolios
(PPM)
Investment
Evaluation
Criteria
Intra-/Inter-
Enterprise
Prioritization
Demand
Governance
Implementation
Board IT
Governance
IT Gov
Effectiveness
(Metrics, etc.)
IT Value
Assessment
IT
Service
Chargeback
IT Service
Funding
Spending/Project
Oversight
Councils/
Committees
Issue Escalation/
Resolution
Business
Benefits
Realization
Business Unit
Prioritization
Plan Implement Manage Monitor
Architecture
Plan
Implement
Manage
Monitor Compliance
Security
Plan
Implement
Manage
Monitor Compliance
Corporate
Compliance
Plan
Implement
Manage
Monitor Compliance
Project
Management
Plan
Implement
Manage
Monitor Compliance
Sourcing
Plan
Implement
Manage
Monitor Compliance
Procurement
Plan
Implement
Manage
Monitor Compliance
Etc.
Plan
Implement
Manage
Monitor Compliance
IT Supply Governance Domains
IT Governance Operations Making It
Work
Best Practices for Governance When
Governance Isnt Governed
Use a stick: Threat of auditor, Sarbanes-Oxley, Basel II
Use a club: How would CFO look at these actions? Do they
insert more risk and lower ROI? Under FOIA (Freedom of
Information Act), does this pass the newspaper test?
Use a carrot: Advertise the joint success of IT and SBU on a
particular initiative and why it helped governance.
Use chocolate: Make the advertised success addictive, and this
is what we are looking forward to later ...
Use secret sauce: CIOs can be slightly off-center (devious) by
stating that service-level architecture or Web-based
infrastructure requires greater transparency, much like FedEx
allows customers to see where packages are and estimated
times of arrival, which is why FedExs IT is bullet-proof.
More Symptoms of Good IT Governance
Decisions Score
Clarity There is clarity about who makes strategic decisions about IT
Investment IT investments are evaluated and approved using consistent criteria
Approval
Project IT projects deliver results consistently in accord with the business case
Implementation
Business Business executives clearly understand their roles in IT decisions
Roles
Committee Appropriate committees are in place, with clearly documented roles
Structures
Budgets The IT budget process is aligned with business and IT strategies
Enterprise Architecture exceptions have a defined process for approval
Architecture
Directions
Alignment There is clear alignment between business and IT strategies
IT Strategy The IT strategy is clear to all affected stakeholders
IT Principles There is a clear set of IT principles underlying decisions that are clear to all
Risk IT risks are understood by all stakeholders and managed effectively
Management
Business The business value of IT is tracked, understood and communicated
Value
IT Metrics IT metrics highlight critical success factors for performance management
Relationships
Corporate IT governance is clearly linked to corporate governance
Governance
Trust There are strong and trusted relationships between business and IT

IT Governance Maturity Checklist
World-class
- Life-cycle PfM
- Business architecture
- Market agility
Advanced
- Enterprise PMO
- Project PfM
- Info architecture
Good
- Project prioritization
- Asset portfolio management (PfM)
- Independent audit
Basics
- Review boards
- Regular audits
- Universal controls
- Standards
Do you plan, build, and run as one body?
B
u
s
i
n
e
s
s

P
e
r
c
e
p
t
i
o
n

o
f

I
t
s

D
e
p
e
n
d
e
n
c
y

o
n

I
T

G
o
v
e
r
n
a
n
c
e

Effectiveness Efficiency
I
n
v
e
s
t
m
e
n
t

C
o
s
t

Respect
Transformation
Credibility of IT Governance
Trust