IT Governance Made EasyJerry Bishop

The Higher Ed CIO

Creative Commons Attribution-NoDerivs 3.0 Unported License.

Purpose

To outline the BASICS of IT Governance with illustrations for higher education that

can be used in setting up an initial IT Governance system.

Why View this Presentation

• Institutions are wasting scarce financial and human resources with low productivity because they do not have a formalized IT governance systems in place.

Why View this Presentation

Institutional leadership needs a better way to:• Direct IT in support of institutional strategies• Measure the real value provided by IT• Monitor the performance of IT• Manage and mitigate IT-related risks

Ask Yourself

Are wedoing

the rightthings?

Are we doing them

the rightway?

Are wegetting

them donewell?

Are wegetting

thebenefits?

Now Consider The Meanings

IT-CollegeAlignment

Are wedoing

the rightthings?

Standards& Methods

Are we doing them

the rightway?

Capability& Efficiency

Are wegetting

them donewell?

Return onInvestment

Are wegetting

thebenefits?

That’s IT Governance

• Alignment of priorities and resources• Right services, technologies, methods• Meeting the needs, performance levels, TCO• Delivering results – the ROI• Mitigating IT related risks

INSTITUTIONAL GOVERNANCEThe framework for IT Governance

Purpose of Governance

• Creates continuity of expectations• Creates consistency of management• Codifies decision making rights &

responsibilities• Strengthens compliance by reducing various

institutional risks

Institutional Governance

• Defines the decision making rights and responsibilities within the college

• Expressed through policies, procedures– Often includes standards

• Originates from the Board• Extended by executive Cabinet• Includes shared governance in higher education– Divisional and departmental roles– Committee and sub-committee roles– Faculty senates and unions

Policy-Based Governance

Defines and grants functional (Division or

Committee) roles, responsibilities and

authorizes standards

Defines institutional requirements and

delegations

Defines Board Operations

Delegates Authorities to Administration

Board P&P

College P&P

Divisional & Committee P&P plus Standards

SHARED GOVERNANCEThe common model in higher education

Organizing for Shared Governance

Department & Sub-Committee P&P and

Standards

Divisional & Committee P&P and Standards

College P&P

Board Policies & Procedures (P&P) Board

Executive Cabinet

Education Divisions

Academic Departments

Admin & Oper Divisions

Admin & Oper Departments

Institutional Committees

Sub-Committees

Shared IT Governance Illustrated

Board

Executive Cabinet

Marketing Committee

Web & Social Media

Committee

Education Council

Academic Technology Committee

eLearning Committee

IT Governance Committee

Project Steering

Committees

ERP Module Owners

Power User Group

Security Committee

Compliance Committee

Issues for Shared IT Governance

• Everyone is in charge, no one is in charge• Who advises, who informs, who decides• Possible trade-offs for agility & responsiveness• Traceability & accountability of decisions• Transparency vs. Opacity• Consensus vs. Re-Decisioning

IT GOVERNANCEThe essentials made simple

IT Governance Defined

"… the leadership and organisational structures and processes that ensure that the

organisation’s IT sustains and extends the organisation’s strategies and objectives.“ ITGI

What is IT Governance

• Subset of institutional governance• Fundamentally it is risk management ensuring:

– IT strategies are aligned to institutional priorities– Full value of IT investments can be realized– IT performance is measured and managed– IT resources are properly allocated – IT decision making is transparent– Formal procedures, standards and methods exist

• It’s an accountability system for IT results to its Service Owners, their customers and users

What it is NOT

• It’s not shared decision making on the How– Too many cooks spoil…

• It’s not about “Best Practice”– Governance is specific to institutional culture– Best practice is only what will work for you

• It’s not IT constraints it’s about controls

Illustration of Model

Departmental & Sub-Committee

Divisional & Committee

College

Board P&P Compliance Requirements

Risk Management Plan

IT Security Plan

Data Security Standards

Server Hardening

Vulnerability Management

Illustration Continued

Software version control…patch and

change management…

Security manual …requirements for all systems…exception

process…

CIO will establish P&P to provide for privacy

and security…data

Comply with laws and regulations…annually

present risk management plan

Board Policies

College Policy

Procedures & Standards

Procedures & Standards

WHERE TO STARTFirst things first

Where to Start

• Outline a possible model for your institution– Include policy and procedure framework

• Form an IT Governance Committee– Senior leadership to make institutional decisions– Draft a Charter

• Outline priorities of what to tackle first– Strategy, project & portfolio planning, budgets– Identify needed Policies and Procedures

• Communicate your plan and status

Do’s and Don’ts

DO• Obtain Cabinet sponsorship• Include cross-section of

stakeholders, students too• Keep it simple• Set realistic goals• Meet regularly to build

momentum• Rely on your IT team• Connect with a peer for

advice

DON’T• Do it yourself, stakeholders

need to be invested too• Be overly ambitious, change

is cultural and takes time• Leave it to the last minute• Forget to communicate• Forget to maintain healthy

boundaries on the HOW• Neglect the value of training

for you and your committee

Samples you can use

Check out the companion SAMPLE• IT Governance Committee Charter• IT Project Governance Summary

Governance Reference Models

Control Objectives for Information Technology (CobiT), ISACA

IT Governance Institute (ITGI)

ISO/IEC 20000-1 , International Organization for Standardization (ISO)

Information Technology Infrastructure Library (ITIL), OGC

QUESTIONS?Jerry BishopThe Higher Education CIO