governance of the it function chapter 9. key learning objectives – understand the concepts of...
TRANSCRIPT
Governance of the IT Function
Chapter 9
2
Key Learning Objectives
–Understand the concepts of enterprise governance and IT governance, and the connection between the two–Understand the need for IT governance and the potential benefits of good IT governance–Recognize the primary domains of IT governance and learn about effective approaches for developing an IT governance framework
3
Governance of a business enterprise
• The process of structuring, operating, and controlling the organization
• With a view to achieving its long term strategic goals, serving the interests of its various stakeholders, and complying with legal and regulatory requirements
4
IT governance
• Same as management issues…– Resource allocation choices, risk and
return trade-offs, and alignment of goals
• Different in the level of these issues…– Overarching and integrated approach,
addressing broad themes
5
Agenda
• The essentials of enterprise governance
• The impetus for better IT governance
• Benefits of effective IT governance• The scope and practice of IT
governance• Designing IT governance: critical
success factors and good practices
6
The essentials of enterprise governance
• Agency problem– Physical separation between the owners of a
company and its managers (or agents) provides those managers the opportunity to act in ways that are advantageous to themselves but detrimental to the interests of the owners
• Conformance (control and monitor)– A board of directors intended to oversee
organizational strategies, structures, and system on behalf of the shareholders
– An external auditor who should offer insight into the reliability of the company’s financial statements
– Sufficient??
7
Governance is…
• The process of establishing lines of responsibility, authority, and communications
• As well as policies, standards, measurement, and internal control mechanisms that guide people in fulfilling their roles and responsibilities
• Can be implemented by management, through different kind of control systems, to maintain or alter patterns of organizational behaviour
8
Control system• Traditionally (one way)
– Used to measure critical performance variables– Focus on outcome
• Additional governance mechanisms– Value management systems
• Strengthen and sustain commitment to core organisational values
– Risk management system• Delineate the boundaries between acceptable and
unacceptable risks and standards of business conduct– Strategic control systems
• Focus on communicating and implementing the organisation’s strategy, while encouraging debate about that strategy intended to stimulate learning and growth
– Balance between innovation and control, and ensure the successful achievement of profit goals and strategies
9
The benefit of good enterprise governance
• Affect a company’s share price or its cost of raising capital– E.g. international start-up companies
apply robust governance requirements to go public aboard
– Private companies and non-profit organizations relies on external resources such as debt-financing or foundation support
10
Introducing IT governance
• The purpose– Ensure that the resources accorded to an
initiative are appropriate for the risk and return anticipated from that initiative and that the initiative aligns with organisational goals
• Ways to ensure the IT function supports and advances the strategies and objectives of the overall organization
• Procedures to involve relevant stakeholders in critical IT decision
11
The impetus for better IT governance
• Practice of more formally monitoring and measuring the use of IT assets is recent– The critical contributions of information and
IT to contemporary organizations have focused attention on ways to better manage potential risks and desire returns in this domain
– Companies seek to establish and improve general governance, risk management, and compliance practices(GRC), attention to the role of IT
12
• The business value of IT• A major goal of IT governance: ensure It creates
value for the organization– Often ill-prepared to explain how IT contribute to
strategic value and productivity gains• Different levels
– Measure day-to-day efficiency and effectiveness of IT
– Help achieve a central aspiration of many companies: greater alignment of IT with the business• Facilitating innovation, underpinning new
products and services or reaching new customers
• “decrease cost” and “improve business models” transition– Establish procedures and criteria for evaluating,
prioritizing and monitoring the major IT investments
13
• Recognition of IT impact
• No “black box” approaches• Involve IT, business customers, and
other corporate functions
14
• IT as an enabler of corporate governance and compliance
• Regulations – governing financial accountability,
financial risk management and recovery from disaster• Disclosure of business information• Financial reporting process
– Data retention– Information protection
• Anti-terrorism
15
Benefits of effective IT governance
• Generate better returns for their shareholders than equivalent organizations with ineffective IT governance– Cost reduction, improved customer
satisfaction, greater security, enhanced alignment between IT and business, revenues,
– profits, customer retention level
16
IT-related problems that can be addressed by better IT governance• A disconnect between IT strategy and business strategy• IT not meeting or supporting compliance requirements• High cost of IT with low or unproven return on investment
(ROI)• Serious IT operational incidents• IT service delivery problems• Insufficient number of staff• Staff with inadequate skills• Problems with outsourcers• Lack of agility/development problems• Problems with document content or knowledge management• Inadequate disaster recovery or business continuity measures• Electronic archiving or storage problems• Security and privacy incidents
17
The scope and practice of IT governance
• Elements of a governance system– Leadership roles, organizational structures, business
processes, standard, and measures of compliance to these standards
– Involve the whole organization
• Aim– Shape decisions concerning IT use in the organisation– Determine criteria by which to assess conformance to
these decisions– Define mechanisms by which these decisions can be
communicated, implemented, and enforced throughout the organization
18
• IT-business alignment
• IT strategy to be developed in parallel with business strategy, rather than in response to it
• IT steering committee/IT strategy committee– Both IT and business executives
19
• Investment Value
• Define processes to ensure the involvement of all relevant stakeholders, including IT manager, business unit leaders, functional representative, and the board
• The board may be directed to review IT budgets and plans on a regular basis
• Define standard procedure for determining the business worth and risk of IT-enabled business investments
20
• Project delivery
• Determining responsibilities sand accountability together with accompanying processes, standards, and measures to ensure that projects conform to architectural standards, meet business objectives, and deliver on their promised benefits in a cost-effective manner– Define standard project management– Identify critical project management skills– Establish levels of approval and project milestones to control
the disbursement of funding
• Balance between – Reduce project risk by reducing variance in the project
implementation process– Allows the right amount of flexibility that will yield more
effective results
21
• Service delivery
• Specifying structures, roles, and techniques for managing and controlling IT services– Cost transparency mechanisms– Service-level agreement
22
• Resource management
• How IT assets and resources, including staff, are utilized
• Define structure, criteria, and processes for making decisions regarding the outsourcing of particular skills, technologies, or IT capabilities
23
• Measurement of IT performance
• Designing and implementing structures and controls for measuring IT performance reliably and in terms that are valuable to the business and external stakeholders– Balanced scorecard technique• Different dimensions such as achievement
of business goals, user satisfaction, operational excellence, and support for learning and growth
24
Source: eetodorov.comAdapted from Robert S. Kaplan and David P. Norton, “Using the Balanced Scorecard as a Strategic Management System,” Harvard Business Review (January-February 1996): 76.
25
• Risk management
• IT risks– A lost of service, inappropriate access to
confidential or sensitive information, the risk that infrastructure is inadequate to meet the current and future needs of the business in a cost-effective and timely manner
• Risk management may involve– Identifying various possible sources of risk,
determining acceptable level of each type of risk, defining metrics for monitoring and measuring each type of risk, instituting internal processes and roles to address unacceptable changes in the level of each type of risk
26
Designing IT governance: critical success factors and good practices
• No single best model of IT governance
• Should account for the size, industry, strategic goals, organizational culture, and local environment of the enterprise
27
• Intentional but minimalist design– No overly complicated procedures or excessive monitoring
and reporting– Not meet all possible goals, focus on conflicting goals
• Board-level leadership– Only 12% had implemented board-level oversight
mechanisms for IT resources
• Broad-based executive involvement– C-level executives
• Clear ownership but broad participation– The board should be ultimately responsible for all
governance– Designate an individual/group to be accountable for the
design, implementation, and performance of IT governance (e.g. CIO, CEO or CFO)
28
• Enforce execution but accommodate exception– Transparent exception handling process
• Define benefits and target expectation– ROI metric is neither feasible nor justified– Indicators should be meaningful for both IT and the
business, and are linked to business and IT goal
• Aim for evolution not revolution in implementation– Link IT governance to key business objectives, such
as cost reduction, innovation, agility, simplification, customer satisfaction, and compliance