In The buzz word IT Governance may not rate as highly on the familiarity scale as would the term Corporate Governance, but would definitely ring a bell amongst all IT Managers and CIOs. Corporate scandals such as WorldCom, Enron, Societe General, Tyco and our very own Satyam scandal in India, has seen the term Corporate Governance or Enterprise Governance splash all over the newspapers.
To start off, let us take a moment to analyse what exactly is Corporate Governance? Has the term IT Governance got anything to do with it?
The Enterprise Governance framework may be divided into two components. First, is Corporate Governance and second is Business Governance.
Corporate Governance, which relates to conformance, may be defined as the role of companys board of directors, which is primarily responsible for acting on behalf of the stakeholders, to oversee those who use the capital (i.e. the managers), in order to achieve business objectives. Business Governance on the other hand, relates to performance and focuses on strategy and value creation. It is important to realize that both Corporate and Business Governance are necessary, for an enterprises success. Hence, Enterprise Governance is about leadership and strategic direction, which leads to organizational objectives.
But what is IT Governance? ISACAs defines IT Governance as the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of leadership and organizational structures and processes that ensure that the organizations IT sustains and extends the organizations strategies and objectives.
IT Governance is very much an integral part of Enterprise Governance, because IT cannot exist on its own. IT exists for a reason and that is to enable the processes to achieve the objectives as laid down in the strategic vision of an organization.
Huge amounts of money are poured into IT projects each year by corporations throughout the world. In fact, in most organizations, investments in IT spending account for a major portion of costs and are second perhaps only to manpower costs. IT has always been considered a technical field and non-IT people, especially the executives, find it very difficult to comprehend what IT actually does. As a result, sadly, many organizations view this investment in IT as a black hole, where money goes in, but no values seems to be realized from it. IT has also become so complex, that executives fail to understand what IT does and translate this into a Business Case that IT Value provides. Governance of IT (the term governance refers to Transparency), and gauging the clarity in terms of value, is very difficult for executives to understand.
So what are the various aspects of IT Governance that ensures IT adds value to the organization?
Firstly, IT should be aligned with the business. This is referred to as Strategic Alignment. Business strategy should drive IT strategy and definitely not the other way round. Proper governance over strategic alignment of IT with the business requires leadership and commitment from the highest levels of the enterprise and engagement of the CEO and the board. The key question one should address is whether an enterprises investments in IT is in harmony with the businesss strategic objectives and thus, building the capabilities necessary to deliver value.
Secondly, the question needs to be asked, whether IT is actually delivering the value, that is, are the benefits actually being realized? Ensuring that value is obtained from investments made in IT, is an essential component for successful IT governance. To maximize the return on IT investments, techniques such as preparation of business case and application of financial metrics such as internal rate of return (IRR), net present value (NPV) and payback period, can be quite helpful.
Adoption of Enterprise Architecture can be very useful. Enterprise Architecture provides a framework that ensures enterprises goals, objectives and policies are properly and accurately reflected in decision making related to building, implementing or changing information systems. It (Enterprise Architecture) is the link between strategy, technology and processes and is one of the key IT contributions to the enterprise effort to implement strategy.
So you have the top management support along with the support of other stakeholders. Also, IT is aligned with the business objectives, and value is also being delivered. But at what Risk? Risk Management is a cornerstone of IT governance. Risk is not just about doing something incorrectly, but is also about failing to grasp an opportunity to use IT. The opportunity may be in the shade of improving your organizations competiveness or improving the operating efficiency. Of course, in order to manage risk, you must have a clear understanding of the enterprises culture and the enterprises appetite for risk. For IT Governance to be effective, senior management should review and approve the risk action plan and commit the necessary resources to execute the plan effectively. Boards must be made aware of any noteworthy unmitigated risk.
For IT Governance to be successful, optimal investment, use and allocation of resources to meet the business objectives is important. This aspect is referred to as Resource Management. It is important to ensure, that IT has sufficient, competent and capable resources to meet current and future strategic business objectives and to keep up with the ever-changing business demands by optimizing the investment, allocation and use of IT resources. The Human Resources department plays a very important role in partly addressing this aspect of IT Governance. Those companies that outsource their business processes, or are considering outsourcing their business processes, should pay particular attention to the Resource Management aspect of IT Governance.
We have all heard of the common adage that what is not measured does not get managed. Measuring IT performance is a key concern of business and IT executives, as this demonstrates the effectiveness and business value of IT. This last aspect of IT Governance is referred to as Performance Measurement. But how does one measure, or convey to the management, the intangible benefits that IT has to offer? Sure, quantitative methods such as ROI, NPV are easy to convey and understood by all, but there are intangible benefits such as improved customer service, which cannot be measured in quantitative or financial terms. Leveraging a system of Balanced Scorecard is the best way to convey intangible benefits that IT also has to offer. Of course, although it goes without saying, approval of measures by the stakeholders is critical, since a performance measurement system is only effective if it serves to communicate to all who need to know what is important and then motivates positive action and alignment to common objectives.
Although IT Governance is relatively new, just like any other important activity in the organization, it will not succeed without top management commitment and support.
*The author isSenior Manager IT, Tata Services Ltd.
Add new comment