Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner.Such approvals must be requested via e-mail: vendor.relations@gartner.com.Gartner is a registered trademark of Gartner, Inc. or its affiliates.

Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner.Such approvals must be requested via e-mail: vendor.relations@gartner.com.Gartner is a registered trademark of Gartner, Inc. or its affiliates.

Governing IT

Louis Boyle

Vice President

Gartner Executive Programs

Agenda

• Definitions & context

• IT Governance Framework- What – the decisions

- Who – the deciders

- How – the mechanisms

- Implementation – change management/communications

• Key Success Factors

• Case Study

• Q & A

High Governance Performers Have Sharper Strategies, Focus And Commitment*

• Characteristics of High IT Governance Performers- More focused strategies

• Greater differentiation between customer intimacy, product innovation, or operational excellence

- Clearer business objectives for IT investment• Greater differentiation between supporting new ways of doing

business, improving flexibility, or facilitating customer communication- High level executive participation in IT governance

• Greater involvement, impact of CEO, COO, Business Heads, Business Unit CIOs and CFO

• Who could accurately describe IT governance arrangements- Stable IT governance, fewer changes year to year - Well functioning formal exception processes- Formal communication methods

*Statistically significant relationship with governance performance

© 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc

Top Level IT Governance Addresses Three Major Components:

1. What decisions need to be made?. . . decisions about major IT domains

• IT Principles• IT Infrastructure Strategies• IT Architecture• Business Application Needs• IT Investment and Prioritization• External Relationships

2. Who has decision and input rights?. . . Rights are exercised in different governance styles

• Monarchy, Feudal, Federal, Duopoly, Anarchy

3. How are the decisions formed and enacted?. . . Multiple mechanisms make governance work

• Decision Making Councils (e.g., Office of CIO)• Business/IT Relationship Managers• Process Teams• Service-Level Agreements• Chargeback Arrangements

What is IT Governance and what does it address within an organization?

IT governance specifies decision rights and creates an accountability framework that encourages desirable behavior in the use of IT

Governance approaches should be based on the degree of enterprise commonality that exists, the urgency of required responses and the frenzy (and pressure) to perform. Consequently, Gartner recommends tailoring and balancing general-purpose management models to meet unique organizational needs.

Vision and Business Alignment

Funding, Budgetingand Pricing Staffing and Organization

• Reinvestment?• Application prioritization?

• Continuous migration? • Outside suppliers?

• Roles and responsibilities? • Process? • Compensation?• Retention?

• IT policy? • IT strategy? • Governance? • Shared services?

IT as a back-office utility overhead

IT as a business enabler and

competitive weapon

Balancing the IT Management Triad

Administrative Process Map: IT Governance Aligns these Processes

Political Agenda

Service Delivery

Project Management

IT Strategic Plan

Human Resources Acquisition

Strategic Sourcing

Budget

Corporate Performance Management

Desires

Decisions

Tactical Execution

Investment Prioritization

Business Strategic PlanBusiness Case Inputs

• Organizational Capacity

• Cost

• Time

• Risk

• Procurement

• Portfolio Performance

Cross-Agency Budget Cutting

What IT Governance Is:Collective decisions and guidance about:

How IT should be used in the business (policies, principles)

Who makes What decisions How (clear accountabilities)

Business cases and investments (priorities, ownership and benefits realization)

What IT Governance Is Not:

Internal IT operations IT people management IT contract management Internal IT organization Project management System testing Audits Procurement of hardware Facilities management Documentation and training Client satisfaction Benchmarking Capacity planning Resource management

IT Governance and Management Are Not the Same

What Are the Key Components that Make Up IT Governance?

An IT Governance framework usually comprises the following components: Structural Model

• Mission - Purpose and approach to managing the IT organization

• IT Organization - Structure, reporting relations and connections between resources and their counterparts across the IT organization

• Roles & Responsibilities - Definition of work requirements and the groups/individuals to perform them

Operational Model

• Processes - Pre-defined activity flow for necessary actions and creation of outcomes

• Measures - Accountability mechanisms at all levels

• Policies - Pre-defined decision on boundaries, standards, latitude

• Information and analysis to inform decisions

Customer / End User

Help Desk and Local/Peer Support

Shared Services

Infrastructure and Production Support

Systems - Network - Data - Applications Asset Management - Operations

CIOBU

ManagersFunctionalManagement

RelationshipManager

Office ofIntegration

BUCIO

Competency CentersNetwork and Data Design

Change Management “Exotics” (Multimedia, Intranet)

Support

Maintain

Proposal

Requirements

Test

Build/Buy

Design

Specification

Assessment

ProjectManager

ProjectOffice

ProjectManager

FunctionalAD team

DevelopmentServices

BU AD team

Process

Office of

Architecture,Standards &Planning

Office of the CIO

Top IT Governance Mechanisms Focus On Business And IT Relationships

Not Effectiveness Very

© 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc.

1 2 3 4 5

Chargeback arrangements

Web-based portals, intranets for IT

Formally tracking IT’s business value

Architecture committee

Capital approval committee

Service level agreements

Tracking of IT projects and resources

Process teams with IT members

Executive committee

IT council of business and IT executives

IT leadership committee

Business/IT relationship managers

IT Governance Mechanism Effectiveness % respondentsusing

85

87

71

89

86

96

89

56

67

62

79

62

The Three Components of IT Governance

1. What decisions need to be made?

2. Who makes them?

3. How are they made?

1. What Decisions Need To Be Made? . . Clarify Five Major IT Decision Domains

IT Infrastructure Strategies

IT Principles

IT Architecture

Business Application Needs

IT Investment and Prioritization

Strategies for the base foundation of budgeted-for IT capability (both technical and human), shared throughout the firm as reliable services, and centrally coordinated (e.g., network, help desk, shared data)

High level statements about how IT is used in the business

An integrated set of technical choices to guide the organization in satisfying business needs. The architecture is a set of policies and rules that govern the use of IT and plot a migration path to the way business will be done (includes data, technology, and applications)

Business applications to be acquired or built

Decisions about how much and where to invest in IT including project approvals and justification techniques

© 2002 MIT Sloan Center for Information Systems Research (CISR). This material is adapted from Weill & Woodham's work originally published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, "Don't Just Lead, Govern: Implementing Effective IT Governance," April 2002, and is used by Gartner with permission.

Defining IT Principles/Policies

• Characteristics of effective principles/policies- Actionable — facilitate decision making

- Succinct — express a focused point of view

- Appropriate specificity: not too general ("Motherhood and Apple Pie "); there must be a compelling alternative

- Clear implications — adhering or not adhering to the principle/policy should have consequences

- Relevant — address the specific business context of an enterprise (business trends, IT trends, corporate culture and values)

• Components of principles/policies- Principle statement

- Rationale

- Implications

2. Who Has Decision Rights And Inputs?. . Rights Exercised In Six Governance Styles

Note: Some Governance styles were inspired by Davenport, 1997.

C-level executives, as a group or individuals, including the CIO (but not acting independently)

C-level executives and at least one other group. (Equivalent to the center and states working together)

IT executives and one other group (eg CXO or BU leaders)

Business unit leaders or their delegates

Individuals or groups of IT executives

Each individual business process owner or end user

Business Monarchy

Federal

Duopoly

Feudal

IT Monarchy

Anarchy

© 2002 MIT Sloan Center for Information Systems Research (CISR). This material is adapted from Weill & Woodham's work originally published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, "Don't Just Lead, Govern: Implementing Effective IT Governance," April 2002, and is used by Gartner with permission.

Style Who Makes The Decisions?

3. How Can IT Governance Arrangements Be Represented?

IT Principles

IT Infra- structure

Strategies

IT Architecture

BusinessApplication

Needs

IT Investment

BusinessMonarchy

ITMonarchy

Feudal

Federal

Duopoly

Domain

Style

Anarchy

Don’t Know

© 2002 MIT Sloan Center for Information Systems Research (CISR). This framework is adapted from Weill & Woodham's work originally published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, "Don't Just Lead, Govern: Implementing Effective IT Governance," April 2002, and is used by Gartner with permission.

?

IT Governance — Example of Domains, Decision Rights and Styles

© 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc. drawing on the framework of Weill and Woodham, 2002.

Exec commBiz leaders

Exec commIT leadership

CIOIT leadership

Exec commBiz leaders

CIOIT leadership

Biz leadersBiz pro own

Biz/IT rel mgs

Exec commBiz leaders

Biz leadersBiz pro own

Cap appr comm

Biz leadersBiz pro own

• Business/IT relationship managers• Biz/IT rel mgs• CIO, CIO's office and biz unit CIOs• IT leadership

• Business process owners• Biz pro own• Business unit heads/presidents• Biz leaders

• Exec comm subgroup, includes CIO• Cap appr comm• Executive committee ("C" levels)• Exec comm

Input Decision

IT Principles

Input Decision

IT InfrastructureStrategies

Input Decision

IT Architecture

Input Decision

BusinessApplication Needs

Input Decision

IT Investment and Prioritization

BusinessMonarchy

ITMonarchy

Feudal

Federal

Duopoly

Governance Mechanisms

Domain

Style

Input rights Decision rights

Business And IT Executive Collaboration Mark High IT Governance Performers

© 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc, drawing on the framework of Weill and Woodham, 2002.

IT PrinciplesIT Infrastructure

StrategiesIT Architecture

BusinessApplication Needs

IT Investment and Prioritization

BusinessMonarchy

ITMonarchy

Feudal

Federal

Duopoly

Anarchy

Domain

Style

Top three patterns of high IT governance performers

1 2 3

Six Guiding IT Principles

1. IT will enable and provide strategic value to the business.

2. IT architecture & standards shall be governed at the enterprise level to ensure integrity, planned evolution, and periodic refresh in light of new technologies and business strategies.

3. Information is our business, so data is one of our most valuable assets. It must be accessible, managed and protected accordingly.

4. IT will reuse before it buys and buy before it builds.

5. As new applications are developed, we will strive to create reusable components and processes (in line with the architecture) to facilitate business reuse where appropriate.

6. IT will strive to reduce complexity in the the technology environment.

What IT decisions are made

Rationale IT Services and Solutions must meet business needs and help drive value.

Implications IT will be “students” of the business – to provide appropriate technical solutions and support, IT

must understand the business IT will manage appropriately within established budget IT will make provisions to ensure Business is an educated consumer of IT Products and Services IT Application Leadership will engage with Business in business strategy, planning, and

management IT will partner with Business Unit leadership to support enterprise requirements and business

solutions Business processes need to be optimized to obtain full benefits of technological solutions IT Business Relationship Managers will represent all facets of the IT function to the Business Units IT will provide business “consulting” services (alternatives, pros, cons, recommendations) as a

partner to its business clients IT will evaluate alternative technological and sourcing approaches to provide business solutions IT must be “easy to do business with” - make IT easy to navigate for business colleagues

IT Will Enable and Provide Strategic Value to the Business

Input Decision

Business App Needs

IT Monarchy

Feudal

Federal

Duopoly

Domain

Style

Input rights

Decision rights

Business Application Needs - Major Decisions Addressed• Rule of 7• Only those decisions that the governing

entity reserves clearly and completely for itself, with no delegation

- Mechanism• Input Forum• Decision Forum• Trigger: Regularly scheduled at xxx

interval, or reactive based on yyy • Sponsor

- Metrics• Minimum metrics to ensure successful

operation and compliance

- Compliance• “Loop-closing” mechanism• MUST fit the cultureRefer to Exception process for more

information

IT Governance MechanismsHow the Decisions Get Made

BusinessMonarchy

Anarchy

Exception Process

Exceptions to the IT Governance processes should be very rare and well-justified. In cases where an involved party has significant issues or concerns regarding a decision reached via the IT Governance processes, the following process should be followed:

- For Senior Management Team decisions- CEO makes final decision

- For Senior Management Team, CIO & ITLC decisions- Sr. Leader (or designee) approaches appropriate ITLC member with specific

circumstances

- CIO & Sr. Leader formally approve exception

- Escalate to CEO, if necessary

- For Business Unit Leaders decisions- Sr. Leader approaches Application Head with specific circumstances

- CIO & Sr. Leader must formally approve exception

- Escalate to CEO, if necessary

Sample IT Governance MechanismsHow the Decisions Get Made

Implementing IT Governance Communications/Change Management Components

• Executive (CEO leadership team meetings, COO leadership team meetings) socialization presentations, discussions

• Executive announcement ‘Elevator speech’ (COO to CEO & CEO direct reports)

• Executive summary slide deck

• BRM (business relationship manager) communication tools

- Slide deck

- Suggested talk track

- Suggested email announcement

- FAQs

• Core team continued availability during above

Key Success Factors for IT Governance

• The full buy-in of the CEO & direct reports is required

• Clear participation of the business (it’s all about governing IT)

- A willingness between Corporate and the business units as well as across business units to cooperate and to develop a solution that is supported by all is essential

• Existing organizational and decision making structures can’t be sacred cows as they will be questioned and likely modified

• The project can’t be treated as an IT project

• Formal change management needs to be part of the work

• Communicate, communicate, communicate

• Minimal “loop closing“ is required to ensure compliance

Typical Benefits of Implementing an IT Governance Framework

• Enhanced alignment between the Business and IT

• Improved IT decision-making & communications

- Overall clearer

- More efficient as decisions and communications are quicker and more cost-effective

- More effective as the right decisions get made

• Improved perception of value of IT

• More focused strategies

• Clearer business objectives for IT investment

• High level executive participation in IT governance

• Stable IT governance, fewer changes year to year

• Well functioning formal exception processes

• Formal communication methods

Typical Project Timeline

• The following presents a more or less typical timeline for projects of this nature:

• Depending on the specifics of the project, a more detailed timeline will have to be developed

Milestones

Project Planning

Governance Requirements Identification

Governance Design

Transition

Month 1 Month 2 Month 3

Example

• Summary of Case Study

Assess Your IT Governance EffectivenessShort Form Self-Assessment

6 or less (no effective IT governance)

10-13 (maturing IT governance)

IT Governance Effectiveness Indicators

DisagreeStrongly(Score 0)

DisagreeSomewhat (Score 1)

AgreeSomewhat (Score 2)

AgreeStrongly(Score 3)

Total

2. We have clear business objectives for evaluating every type of IT investment

3. Executives are engaged in IT governance and can describe these arrangements

1. We have strongly differentiated business strategies

5. We use well-defined, formal IT exception processes

4. Our IT governance is stable, with few major changes year-to-year

6. We use multiple formal communication methods to engage business leaders

7-9 (low-level IT governance)

14+ (top performer, guard against complacency)

1

1

1

1

1

1

0

0

0

0

0

0

2

2

2

2

2

2

3

3

3

3

3

3

© 2002 Gartner, Inc. and MIT Sloan Center for Information Systems Research (Weill)

Assess Your IT Governance EffectivenessLong Form Self-Assessment

Assess your current position on a journey into the future. For each area, rate these factors, where 1 means strongly disagree, 5 means strongly agree.

Decisions

1. Clarity about decision rights

2. Consistency

3. Strong business cases

4. Business roles clear

5. Appropriate committees

6. Optimized budgets

7. Architecture plan

Directions

1. Aligned strategies

2. IT strategy known

3. Defined IT principles

4. Risks assessed & managed

5. Business value understood

6. Performance metrics clear

Relationships

1. Clear links to corporate governance

2. Strong and trusted teamwork between business and IT

3.Strong and trusted teamwork within IT

Implementing IT Governance –General Project Approach

• Plan it, work it!

- Game plan, self-assessment, project plan

• Establish IT Governance Principles based on overall IT strategy

• Evaluate effectiveness of current IT Governance-like mechanisms, if any do exist either within Corporate or the business units

• Develop Governance processes as appropriate (structural and operational model)

• Establish clear relationship between the various IT Governance components

• Validate IT Governance framework and processes with Business Owners

• Implement new IT Governance framework

- Roll out to all of IT & Business

- Thorough communications & PR campaign

• Establish IT Governance oversight role to monitor processes, effectiveness, and compliance

Q & A

?

!

Appendix – Sample Deliverables

Example Topics for IT Principles/Policies

Governance Investment

Evaluation Criteria Investment Decision

Making Funding Cost Allocation Benefits Realization

Architecture Project Management Privacy Procurement Operational Risk Business Continuity Security Organizational

Development

Summary of Case Study

• List of 6 guiding principles

• Details - principle 1

• Details - principle 2

• Governance arrangements matrix

• Details for one IT governance mechanism

• Exception process

• Communications process

Sample of Six Guiding IT Principles

1. IT will enable and provide strategic value to the business.

2. IT architecture & standards shall be governed at the enterprise level to ensure integrity, planned evolution, and periodic refresh in light of new technologies and business strategies.

3. Information is our business, so data is one of our most valuable assets. It must be accessible, managed and protected accordingly.

4. IT will reuse before it buys and buy before it builds.

5. As new applications are developed, we will strive to create reusable components and processes (in line with the architecture) to facilitate business reuse where appropriate.

6. IT will strive to reduce complexity in the the technology environment.

What IT decisions are made

• IT will enable and provide strategic value to the business

- Rationale- IT Services and Solutions must meet business needs and help drive value

- Implications - IT will be “students” of the business – to provide appropriate technical solutions and support, IT must

understand the business

- IT will manage appropriately within established budget

- IT will make provisions to ensure Business is an educated consumer of IT Products and Services

- IT Application Leadership will engage with Business in business strategy, planning, and management

- IT will partner with Business Unit leadership to support enterprise requirements and business solutions

- Business processes need to be optimized to obtain full benefits of technological solutions

- IT Business Relationship Managers will represent all facets of the IT function to the Business Units

- IT will provide business “consulting” services (alternatives, pros, cons, recommendations) as a partner to its business clients

- IT will evaluate alternative technological and sourcing approaches to provide business solutions

- IT must be “easy to do business with” - make IT easy to navigate for business colleagues

Sample IT Principles - 1What IT decisions are made

• IT architecture & standards shall be governed at the enterprise level to ensure integrity, planned evolution, and, periodic refresh in light of new technologies and business strategies

- Rationale - A satisfactory control environment is dependent on meeting enterprise architecture and standards with the

aim of reducing permutations of technology and enforcing change management- Research and development into new technologies is a costly investment. Sharing the cost among enterprise

activities may permit more technology exploration and further the exploitation of promising technologies. Economies of scale can be realized by sharing architecture and standards as guidelines

- Only through local unit compliance with enterprise architecture and standards will we achieve the required integrity planned evolution and refresh of our technology base

- Implications - The creation of and adherence to standards are the joint responsibility of all IT organizations- We will strive for consistent and single standard IT processes including: change management, IT security

standards, disaster recovery, ID management, development methodology - Business specific architecture and IT architecture shall align with the Enterprise Architecture (EA). EA shall

be our architecture- Changes or modifications to the EA architecture will be governed at the greater enterprise-level- Enterprise views toward an architectural design or standard such as those effecting compliance and

regulatory needs (e.g., SOX, Privacy) must be considered when designing a technology solution- Only one IT project methodology shall exist- Continuing investment must be made to keep our infrastructure environment current- Infrastructure services are managed at an enterprise level

Sample IT Principles - 2What IT decisions are made

Sample IT Governance Arrangements Matrix

© 2002 Gartner, Inc. and MIT Sloan Center for Information Systems Research (Weill) drawing on the framework of Weill and Woodham, 2002.

Who makes the decisions

Input Decision

Overall IT Principles

Input Decision

IT InfrastructureStrategies

Input Decision

IT Architecture

Input Decision

Business App Needs

Input Decision

IT Investment /Prioritization

SeniorMgmt. Team

CIO / Ent IT

BU Leaders

ITLC

Senior Mgmt.CIO & ITLC

Domain

Style

IT Leadership Council (includes App Head)ITLC

Leaders from the Business Units BU Leaders

CIO / Ent IT Combined Corp Office and IT LeadershipSenior Mgmt & ITLC

Corporate office (CEO and Staff)Senior Mgmt Team

Input rights Decision rights

ExternalRelationship

Input Decision

CIO office and Enterprise IT

* CIO has “Veto” rights

*

Input Decision

Business App Needs

CIO / Ent IT

BU Leaders

ITLC

Senior Mgmt.CIO & ITLC

Domain

Style

Input rights

Decision rights

• Business Application Needs

• (Governed by each Business Unit / Function independently)- Major Decisions Addressed *

- Approve application strategy and direction

- Determine appropriate application resource allocation; resolve major resource conflicts

- Propose significant application initiatives and projects

- Approve and prioritize application initiatives and projects (within parameters established by Prioritization process)

- Sponsor major projects to the Prioritization process

- Provide oversight for significant initiatives and projects

- Approve business risk mitigation tactics and strategies (with app impact)

- Mechanism

- Input Forum: ITLC meetings or CIO staff meeting

- Decision Forum: Regularly scheduled business unit leadership meetings (one per Business Unit / Function)

- Trigger: Regularly scheduled (no less than quarterly)

- Sponsor: Application Head

*

* CIO has “Veto” rights

Refer to Exception process for more information

Sample IT Governance MechanismsHow the Decisions Get Made

Senior Mgmt.Team

Exception Process

Exceptions to the IT Governance processes should be very rare and well-justified. In cases where an involved party has significant issues or concerns regarding a decision reached via the IT Governance processes, the following process should be followed:

- For Senior Management Team decisions- CEO makes final decision

- For Senior Management Team, CIO & ITLC decisions- Sr. Leader (or designee) approaches appropriate ITLC member with specific

circumstances

- CIO & Sr. Leader formally approve exception

- Escalate to CEO, if necessary

- For Business Unit Leaders decisions- Sr. Leader approaches Application Head with specific circumstances

- CIO & Sr. Leader must formally approve exception

- Escalate to CEO, if necessary

Sample IT Governance MechanismsHow the Decisions Get Made

Sample IT Governance Communications Components

• Executive (CEO leadership team meetings, COO leadership team meetings) socialization presentations, discussions

• Executive announcement ‘Elevator speech’ (COO to CEO & CEO direct reports)

• Executive summary slide deck

• BRM (business relationship manager) communication tools

- Slide deck

- Suggested talk track

- Suggested email announcement

- FAQs

• Core team continued availability during above

Return

Sample IT Governance Design - Enterprise Architecture

IT Architecture

Domain Teams

IT ArchitectureIT Architecture

Domain TeamsDomain TeamsIC CIOsIC CIOs

IT BOGIT BOGIT BOG

XYZDirector

ICDirectors

ICDirectors

ICDirectors

FARBFARBFARB

ArchitectureReview Board

ArchitectureArchitectureReview BoardReview Board

ICDirectors

EA Updates for Approval

ExceptionEvaluations-major

Technical Advice forEA Funding or Appeals

Advice

ExceptionEvaluations-minor

Exception Requests

Advice for EA Funding

Advice

Guidance

Office of theChief IT Architect

Office of theOffice of theChief IT ArchitectChief IT Architect

Leadership

ProjectTeams

XYZ CIO

Example Mechanism, Roles, Process

ILLUSTRATIVE

Sample IT Governance Design - Clarifying Roles & Responsibilities• RACI analysis clearly defines who is Responsible, Accountable, Consulted, Informed on all decisions, activities, etc.

Organizational Function WCIT Services

CatalystGroup

OpsCenter

BusSupt Team

CentralService

TechSupt

TechEng.

ITPlaning

Client

ITMgmtTeam

Application Operations Support - no code changes R A R R C,I Application Maintenance - fix bugs R A R C,I Application enhancements R A R C,I Application Development – In-house development,purchased Apps., application integration

I R R C,I R R I A R

Local Application Development and support R A I C,I R I C,I R Level-1 Support Resolves common problems associated with

desktops, servers, Applications, etc. Hardware Break/Fix Is accountable for the problem resolution Change management coordination Security administration Central Help Desk Interfaces to 2nd level and Business Support Team

I R A R I C,I R

Level-2 Support Resolves more complex problems associated

with desktops, servers, others. Accountable to Level-1 Recommends new configuration.

I R R C,I A C,I C,I R

Formal Client Training (remedial, operational) I R C,I I I I A R Client Consulting Help client select new local software Provide consulting on IT foundation technology

and standards. Evaluate base cost increase to IT (if any)

I I A I C,I C,I I C,I R

ILLUSTRATIVE

IT Governance

Goals Domains Principles Decision Rights Styles

IT Governance Strategy

IT Governance Operations

SupplyGovernance

(How Should IT Do What It Does?)

IT Management Primary Responsibility

DemandGovernance

(What Should IT Work On?)

Business Management Primary Responsibility

Biz/IT StrategyValidation

Overall IT Investment &

Expense

Develop DemandGovernance Processes

Biz/IT Operational Planning

IT Investment Portfolios

(PPM)

Investment Evaluation

Criteria

Intra-/Inter-Enterprise

Prioritization

Demand Governance

Implementation

Board ITGovernance

IT GovEffectiveness(Metrics, etc.)

IT ValueAssessment

ITService

Chargeback

IT ServiceFunding

Spending/ProjectOversight

Councils/Committees

Issue Escalation/Resolution

BusinessBenefits

Realization

Business UnitPrioritization

Plan Implement Manage Monitor

Architecture

Plan Implement Manage Monitor Compliance

Security

Plan Implement Manage Monitor Compliance

CorporateCompliance

Plan Implement Manage Monitor Compliance

ProjectManagement

Plan Implement Manage Monitor Compliance

Sourcing

Plan Implement Manage Monitor Compliance

Procurement

Plan Implement Manage Monitor Compliance

Etc.

Plan Implement Manage Monitor Compliance

IT Supply Governance Domains

IT Governance Operations — Making It Work

Best Practices for Governance When Governance Isn’t GovernedBest Practices for Governance When Governance Isn’t Governed

• Use a stick: Threat of auditor, Sarbanes-Oxley, Basel II…

• Use a club: How would CFO look at these actions? Do they insert more risk and lower ROI? Under FOIA (Freedom of Information Act), does this pass the newspaper test?

• Use a carrot: Advertise the joint success of IT and SBU on a particular initiative and why it helped governance.

• Use chocolate: Make the advertised success addictive, and this is what we are looking forward to later ...

• Use secret sauce: CIOs can be slightly off-center (devious) by stating that service-level architecture or Web-based infrastructure requires greater transparency, much like FedEx allows customers to see where packages are and estimated times of arrival, which is why FedEx’s IT is bullet-proof.

More Symptoms of Good IT Governance• Decisions Score• Clarity There is clarity about who makes strategic decisions about IT —• Investment IT investments are evaluated and approved using consistent criteria —• Approval• Project IT projects deliver results consistently in accord with the business case —• Implementation• Business Business executives clearly understand their roles in IT decisions —• Roles• Committee Appropriate committees are in place, with clearly documented roles —• Structures• Budgets The IT budget process is aligned with business and IT strategies —• Enterprise Architecture exceptions have a defined process for approval —• Architecture

• Directions• Alignment There is clear alignment between business and IT strategies —• IT Strategy The IT strategy is clear to all affected stakeholders —• IT Principles There is a clear set of IT principles underlying decisions that are clear to all —• Risk IT risks are understood by all stakeholders and managed effectively —• Management• Business The business value of IT is tracked, understood and communicated —• Value• IT Metrics IT metrics highlight critical success factors for performance management —• Relationships• Corporate IT governance is clearly linked to corporate governance —

• Governance• Trust There are strong and trusted relationships between business and IT

IT Governance Maturity ChecklistIT Governance Maturity Checklist

• World-class- Life-cycle PfM- Business architecture- Market agility

• Advanced- Enterprise PMO- Project PfM- Info architecture

• Good- Project prioritization- Asset portfolio management (PfM)- Independent audit

• Basics- Review boards- Regular audits- Universal controls- Standards

Do you plan, build, and run as one body?Do you plan, build, and run as one body?

Bu

sin

ess P

erc

ep

tion

of

Its

Dep

en

den

cy o

n I

T

Govern

an

ce

EffectivenessEfficiency

Investm

en

tC

ost

RespectRespect

TransformationTransformation

Credibility of IT Governance

TrustTrust