IT Governance
Short Description
Download IT Governance...
Description
IT Governance: The Ultimate IT Weapon Shashank Mane
Patni White Paper
COPYRIGHT Copyright © Patni Computer Systems Ltd. All Rights Reserved. September 2005 Restricted Rights This document may not, in whole or in part, be copied photocopied, reproduced, translated, or reduced to any electronic medium or machine readable form without prior consent, in writing, from Patni Computer Systems Ltd. Information in this document is subject to change without notice and does not represent a commitment on the part of Patni. This document is provided "as is" without warranty of any kind including without limitation, any warranty of merchantability or fitness for a particular purpose. Further, Patni does not warrant, guarantee, or make any representations regarding the use, or the results of the use, of the written material in terms of correctness, accuracy, reliability, or otherwise. All other brand and product names are trademarks of their respective companies.
Patni Computer Systems Limited India
North America
UK & Europe
Japan
Akruti, MIDC Cross Road No.21 Andheri (E), Mumbai 400 093 Tel: +91 22 5693 0205 Fax: +91 22 5693 0211
One Broadway Cambridge MA 02142 Tel: +1 617-914-8000 Fax: +1 617-914-8200
Vistacentre, 50 Salisbury Road 4F, Yamaguchikensetsu No.1 Building, Hounslow, Middlesex, UK. TW4 6JQ 2-14-8, Akasaka, Minato-ku, Tokyo 107-0052, Japan Tel: +44 20 8538 0120 Tel: +81-3-5549-2200 Fax: +44 20 8538 0276 Fax: +81-3-5549-2261
Table of Contents
Background ...............................................................................................................................................2 What is IT Governance? ............................................................................................................................2 Where to Start? .........................................................................................................................................3 [I] Understand the Scope of IT Governance ........................................................................................ 4 [II] See Where You Are....................................................................................................................... 8 [III] Define Roles and Responsibilities for Your IT Governance Framework ......................................... 8 [IV] Identify the Right Implementation Spot ......................................................................................... 9 [V] Build a Continuous Improvement Plan........................................................................................... 9 Typical Challenges ....................................................................................................................................9 Proven Frameworks ................................................................................................................................10 Conclusion ..............................................................................................................................................12 References..............................................................................................................................................12 Patni’s IT Governance Practice................................................................................................................12 About the Author .....................................................................................................................................13 About Patni..............................................................................................................................................13
Copyright Patni Computer Systems Ltd., 2005. All rights reserved.
1
BACKGROUND Alignment of IT with business goals with control over IT costs has always been a top priority for CIOs. It has also become important for enterprises to show good results and strong governance not only from the overall business perspective but from the IT perspective as well. Today, IT has become an integral part of business and must be treated like a ‘business within a business’. But even as IT is evolving to meet demands of enterprises, new governance and compliance requirements are impacting enterprises. In a regulated environment, shareholders have become more demanding and are paying more attention to governance and compliance strategies of an enterprise. Organizations are required to provide an assurance to the accuracy and integrity of both financial reports and core business processes. Not surprisingly, organizations having good governance strategies in place are valued highly by shareholders and have good market capitalization. Today, good governance is crucial to drive more business value with less cost and maintain high service levels. With the vast majority of this information residing in IT systems, effective control and management of these systems has become essential – hence the current focus on IT Governance. IT Governance is a crucial weapon that every organization’s IT force should be armed with to meet these increasing demands. This paper highlights the best practices for implementing an effective IT Governance strategy and describes how IT Governance tools can help organizations streamline their IT strategy and execution with business goals.
WHAT IS IT GOVERNANCE? IT Governance in simple terms can be said to be a method for CIOs to manage IT strategy and execution by enabling a consolidated view of key governance functions such as project management, demand management, resource management, risk management and performance management. It is an integral part of enterprise governance and comprises the leadership, organizational structures, and processes that ensure that the IT strategy sustains and extends the organization’s strategies and objectives. The overall objective of IT Governance, therefore, is to understand the issues and the strategic importance of IT, so that the enterprise can sustain its operations and implement the strategies required to extend its activities into the future. The goal of IT governance is hence not just to formulate a plan, but to ensure that the policy or plan works as planned, and resources are used responsibly. It enables enterprises to match their expectations with reality. Effective IT Governance ensures that expectations for IT are met and IT risks are mitigated. It helps organizations in repeating the success and eliminating the failure.
Copyright Patni Computer Systems Ltd., 2005. All rights reserved
2
According to the IT Governance Institute, the key domains of effective and practical IT governance are:
§
Strategic Alignment which focuses on ensuring the linkage of business, IT plans and operations
§
Value Delivery which focuses on executing the value proposition and ensuring that IT delivers the promised benefits against the strategy
§
Resource Management which ensures optimal investments, and the proper management of critical IT resources namely processes, people, applications, infrastructure and information
§
Risk Management which provides transparency about the significant risks to the enterprise and embeds risk management responsibilities into the organization
§
Performance Measurement which tracks and monitors all other four domains and provides necessary scorecards for their effective management.
The benefits of IT Governance can be summarized as:
§
Alignment of IT with business needs
§
Transparency and better comprehension of IT activities and performance
§
Clearer understanding of objectives and expectations
§
Clearer visibility of issues and priorities
§ §
Joint responsibility for planning and executing IS/IT in the business
§
Optimized costs
§
Management of IT related risks
§
Improved quality of service.
Improved value delivery (operational and project)
WHERE TO START? Having understood the benefits of IT Governance, let us look at how organizations can start adopting IT Governance as a strategy. The following are the recommended steps that organizations should go through while planning an IT Governance strategy:
§
Understand the scope of IT Governance
§
See where you are
§ §
Define roles and responsibilities for your IT Governance framework
§
Build a continuous improvement plan.
Identify the right implementation spot
Copyright Patni Computer Systems Ltd., 2005. All rights reserved
3
[I] UNDERSTAND THE SCOPE OF IT GOVERNANCE IT governance addresses two main things:
§
IT’s value delivery to the business - Strategic alignment of IT with the business
§
Mitigation of IT risks – Embedding accountability into the enterprise.
These are considered as outcomes of IT Governance. There are three main drivers that drive these outcomes:
§
Strategic Alignment
§
Resource Management
§
Performance Measurement.
IT Governance focuses on these two outcomes and their growth drivers.
Figure 1: IT Governance Model Organizations should pay close attention to these five key domains to get the maximum benefits from an IT Governance implementations. However, to achieve these benefits, the organization must evaluate vendors and solutions to find the right combination. The following listing proves an insight into each of these five domains and also gives an idea of how different IT Governance tools in the market can help manage each one of these domains.
(i) Strategic Alignment With enterprises being heavily dependent on IT to meet their core business, it is extremely important for enterprises to be extremely selective in IT investments. Every investment needs to be scrutinized, monitored and measured continuously.
Copyright Patni Computer Systems Ltd., 2005. All rights reserved
4
This is the heart of an IT Governance implementation. “Everything that you do must contribute to the business objectives set by your organization”. Project Portfolio Management tools play a critical role in ensuring that IT investments are aligned to business needs. These tools allow organizations to make sure that their IT investments: ♦
Fit strategically
♦
Support business functional requirements
♦
Help in identifying opportunities for process improvement or synergies across the business
♦
Enable the marriage of underlying technology with the enterprise infrastructure
♦
Use existing resources and skills to maximize the chances of success
♦
Generate attractive returns.
IT Governance tools should also enable organizations to build what-if scenarios to verify investments based on these parameters. Strategic management, financial planning, budgeting, forecasting and analysis are some of the key features that organizations should look for while selecting the tool. These tools must help organizations understand whether they are on the right path. Further, organizations have to look at the ability of these tools to retrieve financial data from existing systems and populate the budgeting information automatically when existing financial systems are updated.
(ii) Value Delivery Value is delivered when critical projects are successfully completed on-time and within-budget. The interpretation of value delivery differs from people to people. For instance, individual business units may measure this in terms of cost involved in building a new application or time involved in implementing a solution. As organizations move up the value chain, the value measurement becomes more and more challenging. Senior management will be more interested in knowing the revenue growth that new IT systems have brought in or the percentage by which new IT systems are helping the business in achieving the business objectives set by an organization. IT should enable organizations to grow by delivering the expected business value. These tools must also help organizations evaluate and improve their methods of delivering value. IT Governance tools should support project, program management and provide early warnings as soon as exceptions, problems or opportunities are identified and should allow drilldown to find out the root cause of the issue. They should help you to spend less time in data collection and more in data analysis. Portfolio management provides a toolset to monitor new projects that are under development and assets that are generating returns on your previous investments. Almost all the tools will help you manage your projects, programs using Earned Value Analysis (EVA). While selecting the tool, make sure to check if the tool supports the Project Management framework designed by the Project Copyright Patni Computer Systems Ltd., 2005. All rights reserved
5
Management Institute. This framework supports an exhaustive set of processes that can be used as best-practices while doing Project Management.
(iii) Risk Management Risk Management plays a very critical role in IT investments especially with respect to the security, reliability and compliance areas. What is a risk? Everything and anything that threatens your aim of meeting your business objective is a risk. How do you deal with risks? To answer this question, enterprises should identify their appetite for risk management, whether they follow risk-taking or riskavoidance policies. Once the risks are defined, enterprises should have clear-cut strategies to manage risks before these risks get transformed into issues. Risk management strategies must be embedded in the operation of the enterprise. A risk management process should go through appropriate levels of management for making the right decision. It should also have a concrete escalation process to highlight critical risks. Depending upon the type of risk and its significance to the business, the management may choose to: ♦
Mitigate - Implement controls (e.g., acquire and deploy security technology to protect the IT infrastructure)
♦
Transfer - Share risk with partners or seek insurance coverage
♦
Accept - Formally acknowledge that the risk exists and monitor it.
At the minimum, risk should at least be analyzed, because even if no immediate action is taken, the awareness of risk will influence strategic decisions for the better. Often, the most damaging IT risks are those that are not well understood. IT Governance tools allow to attach risks or risk-value factors to new IT initiatives. These factors are then used to build what-if scenarios to compare new initiatives. All the risks are completely exposed before making a decision to implement any new idea or a proposal. However, it is important to understand that not all risks can be defined before starting a new project. Some risks appear during the execution of the project. IT Governance tools allow organizations to take care of such risks by letting them define the risk during the execution and attaching them to projects. Project dashboards take into account the risks attached to different projects and determine the health of the project accordingly.
(iv) Resource Management One of the key elements behind maximizing the business value of IT is to use the resources responsibly. Resources could be people, applications, technology, facilities or data. The senior management needs to address appropriate investments in infrastructure and capabilities by ensuring that: ♦
The responsibilities with respect to IT systems and services procurement are understood and applied
♦
Appropriate methods and adequate skills exist to manage and support IT projects and systems
Copyright Patni Computer Systems Ltd., 2005. All rights reserved
6
♦
Improved workforce planning and investments are made to ensure recruitment and retention of skilled IT staff
♦
IT education, training and development needs are fully identified and addressed for all staff
♦
Appropriate facilities are provided and time is available for staff to develop the skills they need.
Most IT Governance tools address human resource management needs effectively. They provide facilities to: ♦
Create skill sets
♦
Define a resource rate and a skill rate
♦
Attach skill sets to resources
♦
Create resource pools of available resources
♦
Create staffing profiles for future demands
♦
View resource utilization charts
♦
Perform resource comparison between different projects and programs
♦
Perform extensive searches for selecting the right resource.
(v) Performance Measurement Performance measurement is a cumulative measure of available resources, processes and outcomes of IT Governance. In other words, Performance Measurement measures the effectiveness of IT Governance in delivering four key objectives weighed by their importance to the enterprise. These are: ♦
Cost effective use of IT
♦
Effective use of IT for asset utilization
♦
Effective use of IT for growth
♦
Effective use of IT for business flexibility.
Performance measurement is focused on the following perspectives: ♦
Process Performance
♦
Financial Performance
♦
Organization Health
♦
Customer
♦
Learning.
Most IT Governance tools provide an exhaustive set of balanced scorecards for performance measurement. Some of the most important ones that organizations should look out for are project, program and portfolio scorecards. These scorecards provide visibility into project health, cost health and risks, and issues against it. Bad project or cost health should enable drill downs to point to the root cause of bad health. Bifurcation of spending of strategic initiatives against tactical initiatives, number of incidents, break downs, service level monitoring and preparedness for meeting the future demands are some of the important scorecards that IT Governance tools should be equipped with. Copyright Patni Computer Systems Ltd., 2005. All rights reserved
7
Some of the benefits of performance measurement are: ♦
Identifying problems before they arise
♦
Communicating the value
♦
Integrating compliance and risk initiatives
♦
Establishing effective alliances and partnerships.
[II] SEE W HERE YOU ARE To gauge the effectiveness of an organization’s IT Governance strategy in addressing real problems, organizations need to check their level of readiness by seeking answers to relevant questions. Some questions recommended by the IT Governance Institute include:
§
How critical is IT for sustaining the enterprise? How critical is IT for growing the enterprise?
§
How far should the enterprise go in risk mitigation and is the cost justified by the benefit?
§
Is IT a regular item on the agenda of the board and is it addressed in a structured manner?
§
Is the board regularly briefed on IT risks to which the enterprise is exposed?
§
Does the board articulate and communicate the business objectives for IT alignment?
§
Does the board have a clear view on the major IT investments from a risk and return perspective? Does the board obtain regular progress reports on major IT projects?
§
Is the board getting independent assurance on the achievement of IT objectives and the containment of IT risks?
§
Is the reporting level of the most senior IT manager commensurate with the importance of IT?
[III] DEFINE ROLES AND RESPONSIBILITIES FOR YOUR IT GOVERNANCE FRAMEWORK Define roles and responsibilities for each of the five IT Governance domains. Organizations have to assign accountability to all participants of the group responsible for IT Governance implementation. Efforts should also be made to establish committees (E.G. Steering Committee, Technology Council, IT Architecture Review Board) and define their responsibilities for every key IT Governance domain.
Copyright Patni Computer Systems Ltd., 2005. All rights reserved
8
While selecting the IT Governance tool, choose a tool that has the ability to load the organizational hierarchy data from the existing source. This will lessen the burden to manage the same data in two different systems and cut down on additional maintenance activities.
[IV] IDENTIFY THE RIGHT IMPLEMENTATION SPOT Decide the highest priority projects that will help improve the management and governance of significant areas. This decision should be based on identifying projects which promise the most potential benefits, are easy to implement, and have a strong focus on important IT processes and core competencies.
[V] BUILD A CONTINUOUS IMPROVEMENT PLAN In order to build a continuous improvement plan, enterprises must continuously assess the effectiveness of IT Governance in delivering value to the business. IT Governance implementation should be considered as a closed loop. For example, the business provides the direction that results in IT initiatives, or, activities that should generate the desired results to meet the business expectations. These results should be compared with the desired results to find out the performance. Any delta in the desired and actual results should drive changes in IT Governance implementation.
TYPICAL CHALLENGES One of the typical challenges seen in an IT Governance implementation is convincing people to use the system of accountability. The chances of failure increase when the gap between promises made by the organization and the results delivered by them increases. Leaders who fall victim to these gaps have frequently mentioned that the problem lies with accountability. People aren’t doing the things they’re supposed to do to implement a plan. The performance measures coming out of an IT Governance system are more evident to the senior management. It is very important to make people at all levels realize the importance of IT Governance. Unless this vision is shared, it will be difficult for people at the operational level to visualize the direction or the objectives that the higher management wants to achieve. Before considering IT Governance tools, a CIO must understand that IT Governance cannot be done in isolation. This is because IT Governance links together people, strategy and operations. Hence, the involvement of the top management is crucial in ensuring the success of IT Governance. Equally important is the involvement of every employee. Organizations will find it difficult to implement a strategic plan when the employees responsible for executing the day-to-day support activities are unaware of it. Organizations need people at all levels who ensure that reliability standards are mandatory and enforceable, with penalties for non-compliance. People driving this
Copyright Patni Computer Systems Ltd., 2005. All rights reserved
9
initiative should have a clear vision of keeping different things blended nicely under one umbrella. One understated factor for ensuring the success of IT Governance is the use of processes that are simple to execute and understand. Ideally, processes should demand necessary actions rather than letting system users think or decide on the actions to take.
PROVEN FRAMEWORKS To ensure an effective IT Governance strategy, organizations can adopt proven frameworks. One good way to start effortlessly is through understanding of frameworks such as CobiT (Control Objectives for Information and Related Technology). CobiT's purpose is to ensure IT resources are aligned with an enterprise's business objectives so that services and information, when delivered, meet quality, fiduciary and security needs. It is also intended to provide a mechanism to balance IT risks and returns. CobiT defines 34 significant processes, links 318 tasks and activities to them, and defines an internal control framework for all of them. CobiT focuses on what an enterprise needs to do, not how it needs to do it. This framework addresses the needs of auditors, senior business management and senior IT management.
Figure 2: CobiT framework Once CobiT is understood, one will exactly know what to do with one’s IT Governance implementation. The next big question one will have is how to do it? IT Infrastructure Library (ITIL) is the answer to this question.
Copyright Patni Computer Systems Ltd., 2005. All rights reserved
10
ITIL is based on defining best-practice processes for IT service delivery and support, rather than defining a broad-based control framework. It focuses on the method. ITIL has a much narrower scope than CobiT because of its focus on IT service management, but it defines a more comprehensive set of processes within that narrower field of service delivery and support. ITIL is more-prescriptive about the tasks involved in those processes and, as such, its primary target audience is IT and service management.
Figure 3: ITIL Framework CobiT and ITIL are not mutually exclusive and can be combined (as depicted in Figure 4) to provide a powerful IT Governance, control and best-practice framework in IT service management. Enterprises that want to put their ITIL program into the context of a wider control and governance framework should use CobiT.
Figure 4: Combined Framework
Copyright Patni Computer Systems Ltd., 2005. All rights reserved
11
CONCLUSION The success of an organization in the new economy will depend on its ability to execute planned strategies accurately. However, no organization can execute strategies consistently without having their people to follow standard operating processes designed using an accountability framework. To summarize, IT Governance must be considered as a core element of an organization’s culture as it can ensure strategic alignment, resource alignment, quality delivery, and compliance adherence – all factors which are key for leadership in an increasingly competitive world.
REFERENCES 1. Board Briefing on IT Governance, 2nd Edition http://www.isaca.org/Content/ContentGroups/ITGI3/Resources1/Board_Briefing_on_IT_Governance/ 26904_Board_Briefing_final.pdf
2. The CEO’s Guide to IT Value@Risk http://www.itgi.org/template_ITGI.cfm?template=/ContentManagement/ContentDisplay.cfm&ContentI D=20697
PATNI’S IT GOVERNANCE PRACTICE With its dedicated Center of Excellence in IT Governance, Patni has proven experience in the arena. Our numerous customer engagements, representing over 150 person-years of delivered effort, have helped us gain in-depth IT Governance expertise across industry verticals. Our vast amount of digitization and IT Governance experience, combined with skilled resources and varied range of service offerings, are our key differentiators. Patni’s CoE framework is well supported by a comprehensive knowledge base in the different areas of IT Governance product suites of leading vendors. Based on our experience in the area, we have devised a unique IT Governance model, which we have been using successfully for a majority of our customers’ IT Governance implementations. The model leverages industry-standard best practices and proven frameworks to better align business objectives with IT capabilities.
Copyright Patni Computer Systems Ltd., 2005. All rights reserved
12
ABOUT THE AUTHOR Shashank Mane leads the IT Governance focus group at Patni's IT Governance Center of Excellence. He holds a Bachelor's degree in Electronics Engineering from Mumbai University and has more than 8 years of IT experience. He has played a pivotal role in designing and developing for many software projects using various cutting-edge technologies in the IT industry. For the past 3 years he has been actively involved in IT Governance Implementations that have enabled various customers successfully shape their IT Governance Agenda.
ABOUT PATNI Patni Computer Systems Limited (BSE: PATNI COMPUT, NSE: PATNI) is a global IT Services provider servicing Global 2000 clients through its industry practices in Insurance, Financial Services, Manufacturing, Telecom, Retail, Media & Entertainment, Energy & Utilities, and Logistics & Transportation; and through its technology practices. With an employee strength of over 10,000; multiple offshore development facilities across eight cities; and 24 international offices across the Americas, Europe and Asia-Pacific; Patni has registered revenues of US$ 326.6 million for the year 2004. Patni's technology focus spans enterprise applications, embedded technologies, e-business, business intelligence & data warehousing, and RFID. Our service offerings include: application development, application management, business process outsourcing, infrastructure management, product engineering, verification & validation, process consulting, engineering services, and IT governance. Committed to quality, Patni adds value to its client's businesses through well-established and structured methodologies, tools and techniques. Patni is an ISO 9001:2000 certified and SEI-CMMI Level 5 organization, assessed enterprise wide at P-CMM Level 3. In keeping with its focus on continuous process improvements, Patni adopts Six Sigma practices as an integral part of its quality and process frameworks.
Copyright Patni Computer Systems Ltd., 2005. All rights reserved
13
View more...
Comments
