Friday 22 January 2010

Board Briefing on IT Governance

Today I read an excellent document published by "The IT Governance Institute" on the topic of IT Governance. The document is titled as "Board Briefing on IT Governance". Written for Board members as target audience, this 63-page document provides an excellent introductory view of the IT Governance area. Following are my takeaways from reading this publication, in the form of Q&A:

  • What is IT Governance?
    • IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives.
  • Why is IT Governance important?
    • With IT now so intrinsic and pervasive within enterprises, governance needs to pay special attention to IT, reviewing how strongly the enterprise relies on IT and how critical IT is for the execution of the business strategy, since:
      • IT is critical in supporting and enabling enterprise goals.
      • IT is strategic to the business (growth and innovation).
      • Due diligence is increasingly required relative to the IT implications of mergers and acquisitions.
  • Whom does it concern?
    • IT governance, like most other governance activities, intensively engages both board and executive management in a cooperative manner. However, due to complexity and specialization, the board and executive must set direction and insist on control, while needing to rely on the lower layers in the enterprise to provide the information required in decision-making and evaluation activities.
  • What can they do about it?
    • Both Board and Management should engage in following activities:
      • Become informed of role and impact of IT on the enterprise
      • Assign responsibilities
      • Make transformation happen
      • Manage risk
    • Only Board should engage in following activities:
      • Set direction and expected return
      • Define constraints within which to operate
      • Measure performance
      • Obtain assurance
    • Only Management should engage in following activities:
      • Determine required capabilities and investments
      • Sustain current operations
      • Acquire and mobilize resources
  • What does IT Governance cover?
    • Strategic Alignment - focusing on aligning with the business and collaborative solutions
    • Value Delivery - concentrating on optimizing expenses and proving the value of IT
    • Risk Management - addressing the safeguarding of IT assets, disaster recovery and continuity of operations
    • Resource Management - optimizing knowledge and IT infrastructure
    • Performance Measurement - tracking project delivery and monitoring IT services
  • How does your organization compare?
    • The use of maturity model greatly simplifies this task and provides a pragmatic and structured approach for measuring how well developed an enterprise's processes are against a consistent and easy-to-understand scale. Following maturity scale could be useful:
      • 0 Nonexistent – Management processes are not applied at all
      • 1 Initial – Processes are ad hoc and disorganized
      • 2 Repeatable – Process follow a regular pattern
      • 3 Defined – Processes are documented and communicated
      • 4 Managed – Processes are monitored and measured
      • 5 Optimized – Best practices are followed and automated
  • What reference material exists?
    • COBIT (Control Objectives for Information and related Technology), issued by the IT Governance Institute
  • What is the ultimate message?
    • IT Governance should be integrated within Enterprise Governance.
    • IT Governance Roles and Responsibilities need to be defined.
    • IT Governance Implementation Plan is required.

No comments: