Sign up today and access Information Management on the web!
Your FREE registration entitles you to:

FREE email newsletters

FREE access to all Information Management content

FREE access to web seminars, resource portals, our white paper library and more!

IT Governance: The Holy Grail or Wholly Possible?

Information Management Magazine, March 2008

Steven Romero

Since Sarbanes-Oxley has become a household name, the criticality of governance has been at the forefront of business strategy and priorities nation- and worldwide. While corporate governance is mandated in terms of adherence to a handful of industry and financial legislations, the general concept of governance for better control and assurance is still a work in progress in nonmandated arenas such as IT management.

Yet long before Sarbanes-Oxley, HIPAA and BASEL II, the IT community was interested in better controls and management. In 1998, industry association ISACA (Information Systems Audit and Control Association) tapped a six-year old audit tool, COBIT (Control Objectives for Information Related Technologies), to serve as the IT industry’s first governance framework. In concept, IT governance would be mandated by a company’s board of directors, helping enterprises ensure greater value for the IT organization by ensuring steps for business alignment and management of risk, resources and performance.

All of this sounded very utopian, but, it wasn’t really until after 9/11 and the nation’s urgent attention to security, coupled with growing awareness of corporate bankruptcies and fraud, that compliance really started driving rapid adoption and strategies for IT governance.

Bolstering the adoption were organizations like ISACA and the IT Governance Institute, consulting firms, technology analysts and academics. Among them, Peter Weill and Jeanne W. Ross of MIT’s Sloan School of Management literally wrote the book on how companies can best approach the complex - but business-changing - practice of IT governance. In their book, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Weill and Ross summarize the findings of interviews with 250 enterprises: Companies with strong IT governance perform 25 percent better than those without it.¹

Think of it this way: if 50 percent of a typical organization’s capital expenditure budget goes to IT, and 80 percent of that budget today goes to simply “keeping the lights on,” or treading water, who wouldn’t want to put in place a methodology and process to get more from less? Indeed, great IT governance can help organizations use existing resources and funding to not only maintain what they already have invested in, but also better balance the need for new product R&D and keep ahead of compliance. If the current reality is an 80/20 split of budget for “have to have” versus discretionary spend items, organizations with solid IT governance can help move that equation to more like 60/40—all to drive better business advantage and improve IT value to the organization.

To be clear, the goal of IT governance, however, is not about driving every IT organization from a utility or trusted supplier archetype to that of a value-added “partner” to the business. While this sounds good on paper, the reality is that it is not always appropriate in practice. And identifying the kind of IT archetype your business needs is one of the first, most crucial steps to then creating the appropriate governance processes. Following are the IT archetypes, as defined by Forrester Research, and supporting examples.²

Utility player: In a business not driven by IT, such as established manufacturing, where the business value comes from cost-effectively producing consumer goods.
Trusted supplier: Where IT can begin to transform how a business provides its service, such as the impact Harrah’s use of customer relationship management (CRM) technology had on transforming the customer’s gaming experience.
Partner player: Where information technology is the cornerstone of the business, such as for PayPal or Autobytel.

Regardless of the archetype, all IT organizations and their CIOs still have consistent barriers to being effective that IT governance can address, including: addressing unrealistic expectations, gaining sponsorship for new programs, ensuring project success, responding to service requests and outages, and proving their value to the business.

IT Governance in Action

Following are a few examples highlighted by Peter Weill and Jeanne Ross in MIT’s CISR Research, of companies that have used IT governance to improve return on their IT investment and achieve more value from IT.

Improve IT alignment to meet enterprise goals: State Street. State Street is a world leader in financial services, with more than 22,000 employees in 22 countries serving clients in more than 100 markets. State Street implemented a governance structure that encouraged desirable behaviors in IT. For example, project managers indicated that the architectural review process helped deliver solutions more quickly because technology issues surfaced before they negatively impacted projects. The shared infrastructure governance model has evolved to address the joint needs of businesses. The IT governance structure enabled consolidation of the IT infrastructure, resulting in significant cost savings and cost avoidance, while still enabling new offerings to clients.³

Page 1 of 3.

1 2 3 next