Dipping your toes into the ocean of IT governance, Part 1

By on August 16, 2010 in Ask the Service Assurance Expert

CA Technologies’ IT Governance Evangelist Steve Romero explains why most companies are only dealing with the tip of the iceberg when it comes to IT governance.

IT governance makes sense. Appoint decision-makers and create policies around the IT decision-making processes within any given business, doing so to better ensure that the projects IT undertakes best suit the business needs. But despite the simplicity behind its mission, implementing IT governance can become quite involved and often result in piecemeal approaches to bits and pieces of the overall effort, according to Steve Romero, CA Technologies’ IT governance Evangelist.

Check out Romero’s blog here: The Future of IT – What do you think?

IT and business leaders realize it would be remiss to not want to put in a safeguard of sorts to ensure that the technology investments, projects planned and enterprise architecture chosen were ideal for a company’s needs. But the hurdles with IT governance don’t emerge until the efforts are under way and stakeholders realize perhaps members of the group weren’t all on the same page, Romero says.

Steve Romero“Years ago, the view of IT governance was associated solely with risk control related to regulatory and legal requirements for compliance and governance for IT audit,” he explains. “More recently, there has been a chronic misunderstanding that IT governance is associated primarily with IT investment, or the investment decision-making aspect of IT, which is a great place to start, but still both of these areas are only a subset of IT governance as whole.”

Companies today are driven to institute IT governance for myriad reasons, including investment and risk management. For instance, the era of corporate fraud a few years back (think Enron and the like) made many realize the need to account for how budgets dollars were being spent across companies. And the economic recession most likely forced many to rethink IT projects and establish approvals for new investments while budget dollars were tight. And despite the use of IT in its terminology, Romero says IT governance should be overseen by business leaders with the participation from IT.

“For years, IT has been unfettered by any type of corporate oversight because frankly they didn’t understand technology. But that has changed,” Romero says. “IT has evolved with few controls and few processes in place – the ones that are there are hit and miss, with no overarching framework – and business leadership needs to take govern this to ensure that the technology is actually aligned with the business. IT never really had the business holding its feel to the fire.”

IT governance requires managing resources associated with people, infrastructure, applications, systems and processes. And it begins with five principles, Romero says, each of which should be taken into consideration by an IT governance committee made up of business leaders and IT stakeholders. Romero lists the five key principles upon which any IT governance effort should be based.

  • Ensure IT is aligned with the business
  • Ensure IT delivers value to the business
  • Ensure IT manages risk
  • Ensure IT manages resources
  • Ensure IT manages performance

The last bullet item explored means “tracking and monitoring strategy implementation, project success, resource usage, process performance and service delivery,” according to a presentation from Romero. This item relates to measuring and proving that the IT decisions made actually lived up to their potential. The type of information needed to validate that an IT governance group succeeds should be collected by the same group who initiated the decisions. Yet real world cases reflect the opposite, revealing that an IT governance committee passes off the validation part of the process off to management. Romero says that is counter-productive.

“If the oversight doesn’t take place during the planning, execution and measurement part of the process, then it is so reactive and after the fact that there is very little ability to influence it,” Romero explains. “In addition to the committee taking on responsibility of the decision, it should be just as accountable to have the mechanisms in place that can realize the decision and give them back the information to validate that it was indeed a good decision for IT and the business.”

More to come on the processes Romero says will help companies get closer to the goal of IT governance. Are you undertaking an IT governance project? What priorities have the business or IT laid out for the effort? Please leave a comment here or let me know directly via e-mail at Denise.Dubie@ca.com.

Do you Tweet? Follow Denise Dubie on Twitter here.

Denise Dubie

About Denise Dubie

Service Assurance Daily is managed by Denise Dubie, former senior editor of Network World. Denise's official title at CA is New Media Principal. Prior to coming to CA, Dubie spent 12 years of her career at Network World, an IDG company. Working as Copy Chief in the copy editing department for two years, Dubie made an internal move at Network World in 2000 to report and write about IT management technologies (from CA and competitors) as well as high-tech careers and vendors such as Cisco, HP, IBM and Microsoft. As Senior Editor at Network World, Dubie also authored the publication's twice-weekly Network and Systems Management Alert newsletter and contributed to the Web site's Microsoft Subnet blog. Before IDG, she served as Assistant Managing Editor at Application Development Trends, managing writers and the monthly publication's production process. And Dubie started her professional journalism career as a Staff Writer and Reporter at The Transcript, a small daily paper in Western Massachusetts. Dubie holds a B.A. degree in English Literature, with minors in journalism and political science, from Boston University.
View all posts by Denise Dubie
No comments yet.

Leave a Reply