© 2009 IBM Corporation
Applying IT Governance to Enterprise Initiatives : ISACA Bangalore
Shrikant Patil – Senior Advisory Consultant, Strategy & Change
09 January 2009
© 2009 IBM Corporation2
Learning Objectives
Understand Basic IT Governance Concepts
Review Relevant Organizational Constructs and Best Practice Frameworks
Discuss Critical Role of IT Governance in Enterprise Initiatives
ISACA Bangalore : Applying IT Governance to Enterprise Initiatives
© 2009 IBM Corporation3
Agenda
IT Governance Concepts
IT Organization Design Principles
Applying IT Governance
Case Studies
Q&A
© 2009 IBM Corporation4
Governance Definition
“Governance is process of decision making in the exercise of authority for direction and control”
- G.E.P. Shailer
Implies that– Board knows the strategic direction of the company– Board is responsible for relevant actions and decisions– Board holds ultimate authority over the affairs of the organization– Board is should include oversight and control as part of governance
© 2009 IBM Corporation5
Components of Enterprise Governance
Doing the right things ?
Doing the right way ?
© 2009 IBM Corporation6
IT Governance Definitions
It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.
IT governance is the responsibility of the board of directors and executive management
Relationship Mechanisms (within business units) play catalytic role in implementation of Governance
Source : IT Governance Institute
The distribution of IT decision-making rights and responsibilities among enterprise stakeholders, and the procedures and mechanisms for making and monitoring strategic decisions regarding IT
— Source: Luftman and Brier, 1999; Sambamurthy and Zmud, 2000; Weill, 2004 CISR MIT Sloan
© 2009 IBM Corporation7
What needs to be addressed within IT Governance?
According to COBIT there are five IT governance focus areas that executive management needs to address to govern IT within their enterprises:
Strategic alignment
Value delivery
Risk management
Resource management
Performance measurementStr
ategic
Alignm
ent
Value Delivery
Ris
k M
anag
emen
t
Resource Management
Performance
Measurem
ent
IT IT GovernanceGovernance
DomainsDomains
Strate
gic
Alignm
ent
Value Delivery
Ris
k M
anag
emen
t
Resource Management
Performance
Measurem
ent
IT IT GovernanceGovernance
DomainsDomains
Source : IT Governance Institute
© 2009 IBM Corporation8
IT Governance is embedded within Enterprise Governance
Internal Environment– Value Statements : Core beliefs and philosophies that shape the organization’s vision
and mission– Guiding Principles : Durable statements that encapsulates the role IT will play and how
decisions will be driven in both business and IT organizations
Entrustment Framework– Accountability / authority framework across the organisation– Designated decision authorities : individuals or bodies– Organization constructs & functional interrelationships
Decision Model & Framework– Clear (transparent) assignment of decisions rights – Sequence of actions and decision path in decision processes
Source: Many faces of IT Governance by Nick Robinson CISA, ISACA Journal Volume 1 2007
© 2009 IBM Corporation9
3 Key Questions for IT Governance
1. What decisions must be made ?
2. Who should take these decisions ?
3. How these decisions are made and monitored ?
© 2009 IBM Corporation10
MIT CISR Arrangement Matrix The Governance Arrangements Matrix is used to describe, analyze and communicate an organization’s
IT governance
The framework uses a set of political governance archetypes for five principle decision domains
The matrix also identifies the set of mechanisms used to implement the governance arrangements (eg. committees, approval processes, relationships and organizational structures)
Five Key IT Decisions
IT Principles High level statements about how IT is used in the business
IT Infrastructure Strategies
Strategies for the base foundation of budgeted-for-IT capability (both technical and human), shared throughout the firm as reliable services and centrally coordinated
IT Architecture An integrated set of technical choices to guide the organization in satisfying business needs
Business Application Needs
Business applications to be acquired or built.
IT Investment and Prioritization
Decisions about how much and where to invest to IT including project approvals and justification techniques
IT Governance Archetypes
Business Monarchy
“C” level executives as a group or individuals
IT Monarchy Individuals or groups of IT executives.
Feudal Business unit leaders, Key Process owners, or their delegates
IT Duopoly IT executives and one other group
Federal Shared by “C” level executives and one other business group
Anarchy Each individual user
Source: MIT CISR
© 2009 IBM Corporation11
Governance and Alignment…”Six IT Decisions Your IT People Shouldn’t Make,” HBR – Ross and Weill
1. How much should we spend on IT?
2. Which business processes should receive IT dollars?
3. Which IT capabilities need to be companywide?
4. How good do our IT services really need to be?
5. What security and privacy risks will we accept?
6. Whom do we blame if an IT initiative fails?
© 2009 IBM Corporation12
For each organization type there are different possible IT decision making mechanisms („archetypes“).
Local IT Federal IT Central IT
Management
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
Management
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT
...
Management
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Business Monarchy IT Monarchy Federal IT Duopoly
Different archetypes ofIT decision rights*
Source: IT Governance, P. Weill, Jeanne W. Ross, Harvard Business School Press, 2004
Coordinated decision makingincluding all business units. ITmay be involved.
Bilateral agreements between IT and business units.
IT makes IT decisions.Business executivesmake IT decisions.
© 2009 IBM Corporation13
Allocation of IT Decision Making Authority across Business & IT Functions
Source: Weill & Boradbent 1998
© 2009 IBM Corporation14
In most organizations the decision rights are implemented differently, depending on the different IT domains.
Local IT Federal IT Central IT
Management
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
Management
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT
...
Management
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Local IT Federal IT Central IT
Management
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
Management
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT
...
Management
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Federal ITManagement
Business Line A
Business Line B
Business Line C
Business Line D
... .. ... ...
IT IT IT IT
IT
...
Business Monarchy IT Monarchy Federal IT duopoly
Source: based on MIT Sloan, Center for Information Systems Research (CISR)
IT Domains Good Practice1
Federal
IT Monarchy
IT Monarchy
Federal
Federal
Business Monarchy
IT Strategy
Application architecture
System architecture
Specialized architecture
IT investments
IT risk management
Often, each IT domain has itsown mechanisms to makedecisions
© 2009 IBM Corporation16
Summary : To set direction and make it stick across the organization
IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.
— Source: The IT Governance Institute
Term used to describe how those persons entrusted with governance of an entity will consider IT in their supervision, monitoring, control and direction. How IT is applied within the entity will have an immense impact on whether the entity will attain its vision, mission or strategic goals
— Source: Prof. Robert S. Roussey, University of Southern California
A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes.
— Source: Cobit Executive Summary
© 2009 IBM Corporation17
IT Governance Drivers
IT Principles & Policies
Performance Management
Value Management
Accountability Framework
Processes & Decision Models
Strategic Alignment, Risk and Resource Management
• Guiding Principles• Standards and procedures
• Organizational structures & functional interrelationships• Individuals or bodies .e.g. committees, boards, empowered to make IT
decisions
• Sequence of activities and decision paths• In line with the number and type of decision
• Demand mgmt : ensure alignment / manage portfolio and investments• Supply management : provisioning and supply of products and
services
• Outcome focused – Is IT Function meeting the objectives?• Process focused – Are the IT processes operating effectively
• Delivery of business value from IT investments
© 2009 IBM Corporation18
Program Management Office (PMO) types
Temporary PMO
– For achieving specific business benefits
– Decision of formation of PMO is taken based on size of the program (most economical for min 30 associates)
– Largely Administrative– PMO disbanded post program
retirement– E.g. ERP Rollout Program Office
Permanent PMO
– For continuous organizational improvement
– Decision is based on the criticality of the objectives
– Establishes the best practice framework and rolls out across the organization
– E.g. Corporate Program Office, Chairman’s Program Office, Office of the CIO (OCIO)
© 2009 IBM Corporation19
The Office of the CIO (OCIO)
OCIO is Permanent type of PMO
5 % of 2000 CIOs participating in Gartner’s Executive Program (EXP) have OCIO
OCIO acts as the mouth piece of centralized IT
Provides transparency of IT to business
Extremely important step towards Business – IT Alignment
Mostly popular in Governments & large distributed organizations
The US Departments of Commerce and Agricultural leverage the OCIO– Standardization of IT roles and responsibility execution– Processes application development to help desk support are developed and standardized – This consistency supports stronger and more accurate reporting
Strategy planning, lessons learned and financial IT performance are formally reviewed quarterly which is facilitated by the office of the CIO
— Zack Hicks, corporate manager at Toyota's office of the CIO Torrance, California
© 2009 IBM Corporation21
COBIT Framework - Activities and Responsibilities
CEO
CFO BusinessExecutive
CIO
BusinessSr Management
Head ofOperations
ChiefArchitect or CTO
Head ofDevelopment
Head ofIT Admin
HR, Fin, etc
CARS
PMO
CEO
CFO BusinessExecutive
CIO
BusinessSr Management
Head ofOperations
ChiefArchitect or CTO
Head ofDevelopment
Head ofIT Admin
HR, Fin, etc
CARS
PMO
Key Activities
RACI Chart
1 Link business goals to IT goals2 Identify critical dependencies and current performance3 Build IT strategic plan4 Build IT tactical plans5 Analyze and manage project and service portfolios
C I A/R R CC C R A/R C C C C C CA C C R I C C C C I CC I A C C C C C R IC I I A R R C R C C I
1 Link business goals to IT goals2 Identify critical dependencies and current performance3 Build IT strategic plan4 Build IT tactical plans5 Analyze and manage project and service portfolios
PO1PO1
CARS: Compliance, audit, risk and security (groups with control responsibilities who do not have operational IT responsibilities)
Source : ISACA, COBIT
© 2009 IBM Corporation27
“Top performing enterprises generate returns on their IT investments up to 40 percent greater than their competitors.”
they clarify business strategies and the role of IT in achieving them
they measure and manage the amount spent and value received
they assign accountability for changes and decisions required to benefit from IT capabilities
they become adept at sharing and reusing IT assets
- IT Governance, Peter Weill & Jeanne W. Ross, HBS Press
“Firms with above average IT governance combined with a specific business strategy (eg. customer intimacy) had >20% higher profits than firms pursuing the same strategy”
Why focus on IT Governance?
Source: 2005 MIT SeeIT/CISR survey (625 firms); Peter Weill & Stephanie Woerner
Investors have acknowledged their awareness of importance of governance, demonstrating a willingness to pay premium of up to 20 percent on shares of enterprises known to have a governance framework in place
- McKinsey Report 2000
© 2009 IBM Corporation28
Applying IT Governance to Enterprise Initiatives
Strategy Operationalization
IT Enabled Enterprise Transformation Program
Underlying Organizational Change Management
Portfolio / Investment Management
Framework Implementations e.g. COBIT, ITIL (IT Control Establishments)
Collaborative Innovation
© 2009 IBM Corporation29
Enterprise Initiatives Classification
Source : W. “RP” Raghupathi August 2007/Vol. 50, No. 8 COMMUNICATIONS OF THE ACM
© 2009 IBM Corporation30
Enterprise Initiatives Landscape
Source : W. “RP” Raghupathi August 2007/Vol. 50, No. 8 COMMUNICATIONS OF THE ACM
• Portfolio / Investment Management : Stage 1• Framework Implementations e.g. COBIT, ITIL (IT Control Establishments) : Stage 1 & 2• Collaborative Innovation : All Stages• Audits & Assessments : All Stages
• Strategy Operationalization : Stage 1 & 2 • IT Enabled Enterprise Transformation Program : All Stages• Underlying Organizational Change Management : All Stages
© 2009 IBM Corporation32
Case Study 1 : Manufacturing - Europe
Global organization with revenue of US$ 9 BN
First time in the life span started multi million dollar ERP program and did not succeed in 3 previous attempts
Integrations within applications growing out of hand
Program Office not established
Low awareness and practice of Project Management Methodology
Business frustrated due to consistent failures and not supportive of the initiative
Processes adequate for managing small project but not sustainable for large programs
a) Creation of program office b) Program Sponsor to undertake the OCM c) Revalidation of vendor commitment and customized framework for vendor and application evaluation
Operationalization plan of IT strategy objectives related to program
Mentoring the Program Manager
Creation / implementation of Business-IT alignment initiatives
Establishment of core processes such as risk and quality at the program level
Definition of process maturity framework
Problem Statement Solution Provided
© 2009 IBM Corporation33
Case Study 2 : How Org Context Affects the IT Governance
Source: Carol V Brown Graduate Business School Indiana University
© 2009 IBM Corporation34
How Leading firms behave differently
Greater top mgmt commitment to IT
More integrated business and IT planning
Less political turbulence
Higher user satisfaction with IT
More experience managing IT
© 2009 IBM Corporation35
Thank you
Contact
Shrikant Patil
Senior Advisory Consultant, IBM India
9620201083