Presentation is loading. Please wait.

Presentation is loading. Please wait.

Louis Boyle Vice President Gartner Executive Programs

Published byAnnabelle Cayton Modified over 9 years ago

Similar presentations

Presentation on theme: "Louis Boyle Vice President Gartner Executive Programs"— Presentation transcript:

1 Louis Boyle Vice President Gartner Executive Programs
Governing IT Presentation Title Louis Boyle Vice President Gartner Executive Programs Conference Name Presenter Name Date Location City, State These materials can be reproduced only with Gartner's written approval. Such approvals must be requested via —

2 Agenda Definitions & context IT Governance Framework
What – the decisions Who – the deciders How – the mechanisms Implementation – change management/communications Key Success Factors Case Study Q & A

3 Effective IT Governance Is Critical, But Difficult To Achieve
IT governance should be thoughtfully designed to encourage desirable enterprise behaviors. But too often, business and IT governance just happen. Smart IT governance helps enterprises deal with complexity But both business and IT governance are poorly understood top level IT governance just happens IT governance is ‘the assignment of decision rights and the accountability framework to encourage desirable behavior in the use of IT’ (Weill, 2001; Broadbent & Weill, 1998) Defining desirable behaviors takes time, effort, focus cost savings, innovation, growth, reuse, sharing Effective IT governance is not ‘one size fits all’ differs by business objectives, behavior sought IT business value directly results from effective IT governance . . .Firms with superior IT governance have at least 20% higher profits (ROA) than firms with poor governance given the same strategic objectives. Source: MIT Sloan CISR and Gartner EXP Research What is IT governance and why is it critical? Enterprises achieving above average returns from IT investments deal with the increased complexity by clarifying who is able to make critical decisions and who is accountable. That is, they have thoughtfully designed their IT governance, rather than focusing only on how IT is managed. IT governance specifies the decision rights and accountability framework to encourage desirable behavior in the use of IT (Weill 2001; Broadbent & Weill, 1998). It is not about IT management and the detail of particular IT decisions and their implementation. Rather, it is about the arrangements for who makes critical decisions and who is accountable. IT governance applies principles similar to financial governance to IT, such as who is authorized to commit the enterprise to a contract or authorize a payment. However, business and IT governance are poorly understood. IT governance “just happens” in many enterprises. IT governance is not actively designed to achieve business objectives and desirable behaviors. Defining desirable behaviors and harmonizing IT governance with business objectives takes time, effort and a clear focus. To be effective, IT governance must be purposefully designed. Action Item: Business and IT executives need to take a thoughtful and deliberate approach to IT governance, understanding that its purpose is to encourage desirable behaviors in the use of IT. © 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc.

4 High Governance Performers Have Sharper Strategies, Focus And Commitment*
High governance performance enterprises have both business strategies and IT investments strategies which were more focussed and differentiated. Characteristics of High IT Governance Performers More focused strategies Greater differentiation between customer intimacy, product innovation, or operational excellence Clearer business objectives for IT investment Greater differentiation between supporting new ways of doing business, improving flexibility, or facilitating customer communication High level executive participation in IT governance Greater involvement, impact of CEO, COO, Business Heads, Business Unit CIOs and CFO Who could accurately describe IT governance arrangements Stable IT governance, fewer changes year to year Well functioning formal exception processes Formal communication methods Source: MIT Sloan CISR and Gartner EXP Research When and where are different types of IT governance arrangements effective? Enterprises with higher governance performance have more-focused strategies. They clearly differentiated between the three value disciplines – customer intimacy, product/service innovation or operational excellence – and were not trying to optimize on all three of these. On average, these enterprises had greater differentiation between different objectives for their IT investment. They were not expecting IT investments to excel in delivering on multiple objectives. Rather, they had specific focus on smaller number of objectives for their IT investment – whether it was lowering cost, supporting new ways of doing business, greater flexibility or facilitating customer communication. Senior business leaders were more heavily involved in IT governance and there was a higher level of impact from the CEO, COO, business unit leaders, business unit CIOs and the CFO. More managers in leadership positions could accurately describe governance arrangements and there were fewer changes in IT governance, year on year. Exception processes functioned more effectively in enterprises with higher governance performance. They were seen as more transparent and fair and there were fewer nonsanctioned exceptions. *Statistically significant relationship with governance performance © 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc

5 What is IT Governance and what does it address within an organization?
Effective IT governance arrangements thoughtfully and purposefully combine decision making about major IT domains, by the right group of people, using appropriate mechanisms. What is IT Governance and what does it address within an organization? IT governance specifies decision rights and creates an accountability framework that encourages desirable behavior in the use of IT Governance approaches should be based on the degree of enterprise commonality that exists, the urgency of required responses and the frenzy (and pressure) to perform. Consequently, Gartner recommends tailoring and balancing general-purpose management models to meet unique organizational needs. Top Level IT Governance Addresses Three Major Components: What decisions need to be made? decisions about major IT domains IT Principles IT Infrastructure Strategies IT Architecture Business Application Needs IT Investment and Prioritization External Relationships Who has decision and input rights? Rights are exercised in different governance styles Monarchy, Feudal, Federal, Duopoly, Anarchy How are the decisions formed and enacted? Multiple mechanisms make governance work Decision Making Councils (e.g., Office of CIO) Business/IT Relationship Managers Process Teams Service-Level Agreements Chargeback Arrangements Balancing the IT Management Triad Vision and Business Alignment Funding, Budgeting and Pricing Staffing and Organization • Reinvestment? • Application prioritization? • Continuous migration? • Outside suppliers? • Roles and responsibilities? • Process? • Compensation? • Retention? • IT policy? • IT strategy? • Governance? • Shared services? IT as a back- office utility overhead IT as a business enabler and competitive weapon Source: MIT Sloan CISR What are the components of top-level IT governance? Governance processes involve decisions about major IT domains, that is, those areas, such as IT investment, IT principles or maxims. They balance decision rights between multiple constituencies, such as “C-level” executives (including the CIO), business unit leaders and IT executives. Their purpose is to encourage desirable behavior so the enterprise achieves its goals. IT governance is formed and enacted by multiple mechanisms – formal mechanisms, such as the executive committee and the IT council, and informal mechanisms, such as talking with colleagues. IT governance is going through a time of considerable change. Research from the MIT Sloan/Gartner EXP study shows that governance is dynamic with enterprises making regular changes.

6 Administrative Process Map: IT Governance Aligns these Processes
Tactical Guideline: Governments must create a process map for decision making and ensure that the various elements complement each other rather than act as stand-alone processes. Political Agenda Investment Prioritization Business Strategic Plan Corporate Performance Management Business Case Inputs Organizational Capacity Cost Time Risk Procurement Portfolio Performance Desires IT Strategic Plan Cross-Agency Budget Cutting Budget Decisions Human Resources Acquisition Strategic Sourcing Tactical Execution Government is largely driven by two fundamental elements: the political agenda and the resulting budget process. These are accepted everywhere as the key processes that drive government behavior and activity. However, government is very process-driven. To help put flesh on the skeleton of the political agenda and budget process, government has created a variety of processes to provide input into the decision making and execution processes. Although each process adds value, most are created independently of one another, thus creating a lot of unnecessary effort and resource requirements to satisfy the needs of these processes. If government were to link all of these processes together, then it would discover that they all require the collection of various bits of data and inputs that can be used to build on each other, thus reducing the amount of effort required for each process. To accomplish this, however, policy makers and process owners must explicitly seek to integrate these processes to form a coherent road map for government agencies to follow. Regrettably, this seldom occurs. Action item: Align key management processes of government. Link data collected and information generated to relevant decisions. And, while planning this alignment, be clear who the participants are in the process and that they understand the link they provide in the overall governance process. Project Management Service Delivery

7 IT Governance and Management Are Not the Same
What IT Governance Is: Collective decisions and guidance about: How IT should be used in the business (policies, principles) Who makes What decisions How (clear accountabilities) Business cases and investments (priorities, ownership and benefits realization) What IT Governance Is Not: Internal IT operations IT people management IT contract management Internal IT organization Project management System testing Audits Procurement of hardware Facilities management Documentation and training Client satisfaction Benchmarking Capacity planning Resource management Governance processes involve decisions about major IT domains, that is, areas such as IT investment and principles. They balance decision rights between multiple constituencies, such as "C-level" executives (including the CIO), business unit leaders and IT executives. Their purpose is to encourage desirable behavior so the enterprise achieves its goals. IT governance is formed and enacted by multiple mechanisms: formal mechanisms such as the executive committee and the IT council, and informal mechanisms such as talking with colleagues. IT governance involves decisions about five major domains: 1) IT principles are high-level statements about how IT will be used to create business value. 2) IT infrastructure strategies describe the approach to building shared and standard services across the enterprise. 3) IT architecture is about the set of technical choices that guide the enterprise in satisfying business needs. 4) Business application needs refer to applications that need to be acquired or built. 5) IT investment and prioritization covers the process of IT investment, including where it should be focused and the procedures for progressing initiatives, their justification, approval and accountability. (Adapted from Weill and Woodham, 2002.) Action Item: Create a charter for IT governance that specifies how major decisions are made.

8 What Are the Key Components that Make Up IT Governance?
An IT Governance framework usually comprises the following components: Structural Model Mission - Purpose and approach to managing the IT organization IT Organization - Structure, reporting relations and connections between resources and their counterparts across the IT organization Roles & Responsibilities - Definition of work requirements and the groups/individuals to perform them Customer / End User Help Desk and Local/Peer Support Shared Services Infrastructure and Production Support Systems - Network - Data - Applications Asset Management - Operations CIO BU Managers Functional Management Relationship Manager Office of Integration Competency Centers Network and Data Design Change Management “Exotics” (Multimedia, Intranet) Support Maintain Proposal Requirements Test Build/Buy Design Specification Assessment Project Office AD team Development Services Process Architecture, Standards & Planning Office of the CIO Operational Model Processes - Pre-defined activity flow for necessary actions and creation of outcomes Measures - Accountability mechanisms at all levels Policies - Pre-defined decision on boundaries, standards, latitude Information and analysis to inform decisions

9 Top IT Governance Mechanisms Focus On Business And IT Relationships
Enterprises need to carefully monitor the nature and effectiveness of their IT governance mechanisms. IT Governance Mechanism Effectiveness % respondents using Business/IT relationship managers 85 87 71 89 86 96 56 67 62 79 IT leadership committee IT council of business and IT executives Executive committee Process teams with IT members Tracking of IT projects and resources Service level agreements Capital approval committee Architecture committee Source: MIT Sloan CISR and Gartner EXP Research Formally tracking IT’s business value When and where are different types of IT governance arrangements effective? The governance mechanisms used by high governance performers are much more effective than those in the lower performing group. The top three mechanisms in terms of impact were heavily focused on the business-IT relationship. Executive committees (including business and technology executives) had the most positive impact followed by Formal tracking of the business value of IT and Business/IT relationship managers. Mechanisms around the IT organization itself were still effective, but less so generally than real interlocking of business and technology executives and managers, plus the discipline of tracking IT’s business value. Two mechanisms in particular were seen as ineffective by high governance performance respondents: Chargeback arrangements and Architecture committees. The message here is that it’s very difficult to implement these mechanisms effectively. Chargeback arrangements must be carefully linked back to desired behaviors. Architecture committees need business input but clear decision rights and transparent exception processes. Action Item: Ensure that IT governance mechanisms focus on the interlinking of business and IT and the discipline of tracking IT’s business value, projects and resources. Web-based portals, intranets for IT Chargeback arrangements 1 2 3 4 5 Not Effectiveness Very © 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc.

10 The Three Components of IT Governance
What decisions need to be made? Who makes them? How are they made?

11 1. What Decisions Need To Be Made
1. What Decisions Need To Be Made? Clarify Five Major IT Decision Domains IT governance is about clarifying the decision and input rights for five major IT domains. IT Principles High level statements about how IT is used in the business IT Infrastructure Strategies Strategies for the base foundation of budgeted-for IT capability (both technical and human), shared throughout the firm as reliable services, and centrally coordinated (e.g., network, help desk, shared data) IT Architecture An integrated set of technical choices to guide the organization in satisfying business needs. The architecture is a set of policies and rules that govern the use of IT and plot a migration path to the way business will be done (includes data, technology, and applications) Business Application Needs Business applications to be acquired or built Source: MIT Sloan CISR What are the components of top-level IT governance? IT governance involves decisions about five major IT domains: 1) IT principles (or maxims) are high-level statements about how IT will be used to create business value. They should be informed by the enterprise business maxims. 2) IT infrastructure strategies describes the approach to building shared and standard IT services across the enterprise. 3) IT architecture is about the set of technical choices that guide the enterprise in satisfying business needs. In case of J&J, this means development of some agreed components of data architecture so that customer information can be meaningfully shared, together with selected standards to support the agreed architectural approach. 4) Business applications needs refer to applications that need to be acquired or built. 5) IT investment and prioritization covers the process of IT investment, including where they should be focused and the procedures for progressing initiatives, their justification, approval and accountability. (Adapted from Weill and Woodham 2002.) Action Item: Articulate and clarify the five major IT domains that provide the foundation and guidance for IT-enablement across the enterprise. IT Investment and Prioritization Decisions about how much and where to invest in IT including project approvals and justification techniques © 2002 MIT Sloan Center for Information Systems Research (CISR). This material is adapted from Weill & Woodham's work originally published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, "Don't Just Lead, Govern: Implementing Effective IT Governance," April 2002, and is used by Gartner with permission.

12 Defining IT Principles/Policies
Strategic Imperative: IT governance is not a substitute for leadership. Use principles to build agreement about the role of IT. Characteristics of effective principles/policies Actionable — facilitate decision making Succinct — express a focused point of view Appropriate specificity: not too general ("Motherhood and Apple Pie "); there must be a compelling alternative Clear implications — adhering or not adhering to the principle/policy should have consequences Relevant — address the specific business context of an enterprise (business trends, IT trends, corporate culture and values) Components of principles/policies Principle statement Rationale Implications Key Issue: What are best practices for IT governance implementation? IT principles and policies define the role of IT in the organization. Policies spell out what desirable behavior is in the usage of IT and policies are the rules required to be followed to reach a similar goal. They are the fundamental building blocks of IT governance. Organizations that can secure agreement about the role of IT generally require simpler and more efficient governance mechanisms. Principles and policies are not platitudes — such as IT being customer-centric, delivering reliable solutions, maintaining cost-effectiveness and so on. For a good test to determine if something is a principle or policy rather than a platitude, try turning it into a "not statement." If the "not statement" is not viable, then you have a platitude. For example, IT will deliver reliable applications has the untenable not statement of IT will not deliver reliable applications. Action Item: Principles and policies already exist, at least implicitly, in your organization. Document them and state their implications. Determine if your business leaders (and IT leaders) agree with them.

13 Who Makes The Decisions?
2. Who Has Decision Rights And Inputs? . . Rights Exercised In Six Governance Styles Corporate governance and the language of information politics are useful lenses for depicting the major players and approaches in enterprise IT governance. Style Who Makes The Decisions? Business Monarchy C-level executives, as a group or individuals, including the CIO (but not acting independently) IT Monarchy Individuals or groups of IT executives Feudal Business unit leaders or their delegates Federal C-level executives and at least one other group. (Equivalent to the center and states working together) Duopoly Source: MIT Sloan CISR IT executives and one other group (eg CXO or BU leaders) What are the components of top level IT governance? IT governance defines who has input and who makes the decisions. There are six styles of corporate governance and information politics: 1) Business monarchy where the executive leadership has decision rights. These are often exercised through an executive committee or IT Council comprising a combination of business and IT executives. 2) IT monarchy where IT executives have the decision rights. These are often exercised through an IT Leadership Council or CIO office. 3) Feudal where business unit leaders or their delegates have the decision rights and authority is localized. This style is found in enterprises with relatively autonomous business units and can be useful in delivering local responsiveness. 4) Federal where governance rights are shared by C level executives and at least one other group. Equivalent to the center and states working together. This style is often used for inputs to decisions rather than the group which actually takes the decisions. 5) Duopoly where rights are shared by IT executives and one other group (eg CXO or BU leaders) 6) Anarchy where individual process owners or end users have decision rights and there are usually no formal mechanisms for exercising rights. Decisions are made ad-hoc and locally. Different styles can be used for each of the five IT domains. (Adapted from Weill and Woodham 2002) Action Item: Use the lens of corporate governance and information politics to depict key governance styles and the locus of decision rights. Anarchy Each individual business process owner or end user Note: Some Governance styles were inspired by Davenport, 1997. © 2002 MIT Sloan Center for Information Systems Research (CISR). This material is adapted from Weill & Woodham's work originally published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, "Don't Just Lead, Govern: Implementing Effective IT Governance," April 2002, and is used by Gartner with permission.

14 3. How Can IT Governance Arrangements Be Represented?
IT governance can be represented using an IT Governance Arrangements Matrix. Domain IT Principles IT Infra- structure Strategies IT Architecture Business Application Needs IT Investment Style ? Business Monarchy IT Monarchy Feudal Federal Duopoly Source: MIT Sloan CISR Anarchy How can enterprise IT governance patterns be represented? A matrix can be used to depict governance arrangements by listing the six governance styles on the vertical axis and mapping them to the five IT domains on the horizontal axis. The MIT Sloan CISR and Gartner EXP study identified how 250 enterprises made major decisions regarding who had decision rights and who had input about each of the five IT domains. Don’t Know © 2002 MIT Sloan Center for Information Systems Research (CISR). This framework is adapted from Weill & Woodham's work originally published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, "Don't Just Lead, Govern: Implementing Effective IT Governance," April 2002, and is used by Gartner with permission.

15 IT Governance — Example of Domains, Decision Rights and Styles
© 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc. drawing on the framework of Weill and Woodham, 2002. Exec comm Biz leaders IT leadership CIO Biz pro own Biz/IT rel mgs Cap appr comm Business/IT relationship managers CIO, CIO's office and biz unit CIOs Business process owners Business unit heads/presidents Exec comm subgroup, includes CIO Cap appr comm Executive committee ("C" levels) Input Decision IT Principles IT Infrastructure Strategies IT Architecture Business Application Needs IT Investment and Prioritization Monarchy IT Feudal Federal Duopoly Governance Mechanisms Domain Style Input rights Decision rights Source: MIT Sloan CISR and Gartner EXP Research Key Issue: How do you make IT governance a more practical challenge to solve? Patterns of high IT governance performers can provide input into examples of effective IT governance arrangements and their structure. In the example used illustratively above, IT governance arrangements provide for federal input, joint decision rights between business and IT leadership in IT principles and business application needs, top-level business executive decision rights for IT investment and prioritization, and IT monarchy decision rights for IT infrastructure strategies and IT architecture. The graphic matrix illustrates these arrangements. Business and IT executives together hold the decisions rights for IT principles and business application needs. Top-level executives (including the CIO) hold decision rights for IT investment and prioritization. The IT leadership holds the decision rights for IT infrastructure strategies and IT architecture.

16 Business And IT Executive Collaboration Mark High IT Governance Performers
Effective IT governance arrangements involve top level business and IT executives working closely together. Domain IT Principles IT Infrastructure Strategies IT Architecture Business Application Needs IT Investment and Prioritization Style Business Monarchy IT Monarchy Feudal Federal Duopoly Anarchy Source: MIT Sloan CISR and Gartner EXP Research 1 2 3 When and where are different types of IT governance arrangements effective? IT governance performance was assessed by measuring its influence on four outcomes: cost effective use of IT; effective use of IT for asset utilization; effective use of IT for growth; effective use of IT for business flexibility. These outcomes were weighted according to their importance to each enterprise. On a scale of (minimum to maximum), the average score was 69%. Seventeen percent of enterprises scored above 80%. Some IT governance arrangements are clearly more effective than others. These arrangements involve: Collaborative and tightly -controlled decision making (duopoly or business monarchy) between business and IT executives for IT principles and IT investment and prioritization IT executive leadership for making IT infrastructure strategies and IT architecture decisions High-level business unit involvement for determining business application needs Federal input to all domains Arrangements which don’t work well include: Federal decision rights for all but business application needs Feudal decision rights for business application needs Governance performance is higher in “for-profit” enterprises when compared to “not-for-profit” enterprises, partly because the latter use the federal style much more for decision rights. Top three patterns of high IT governance performers © 2002 MIT Sloan Center for Information Systems Research (Weill) and Gartner, Inc, drawing on the framework of Weill and Woodham, 2002.

17 Six Guiding IT Principles
What IT decisions are made IT will enable and provide strategic value to the business. IT architecture & standards shall be governed at the enterprise level to ensure integrity, planned evolution, and periodic refresh in light of new technologies and business strategies. Information is our business, so data is one of our most valuable assets. It must be accessible, managed and protected accordingly. IT will reuse before it buys and buy before it builds. As new applications are developed, we will strive to create reusable components and processes (in line with the architecture) to facilitate business reuse where appropriate. IT will strive to reduce complexity in the the technology environment.

18 IT Will Enable and Provide Strategic Value to the Business
Rationale IT Services and Solutions must meet business needs and help drive value. Implications IT will be “students” of the business – to provide appropriate technical solutions and support, IT must understand the business IT will manage appropriately within established budget IT will make provisions to ensure Business is an educated consumer of IT Products and Services IT Application Leadership will engage with Business in business strategy, planning, and management IT will partner with Business Unit leadership to support enterprise requirements and business solutions Business processes need to be optimized to obtain full benefits of technological solutions IT Business Relationship Managers will represent all facets of the IT function to the Business Units IT will provide business “consulting” services (alternatives, pros, cons, recommendations) as a partner to its business clients IT will evaluate alternative technological and sourcing approaches to provide business solutions IT must be “easy to do business with” - make IT easy to navigate for business colleagues

19 IT Governance Mechanisms
The ‘IT Governance Arrangement Matrix’ can be used to illustrate how governance styles, IT domains and governance mechanisms inter-relate. How the Decisions Get Made Business Application Needs Major Decisions Addressed Rule of 7 Only those decisions that the governing entity reserves clearly and completely for itself, with no delegation Mechanism Input Forum Decision Forum Trigger: Regularly scheduled at xxx interval, or reactive based on yyy Sponsor Metrics Minimum metrics to ensure successful operation and compliance Compliance “Loop-closing” mechanism MUST fit the culture Domain Business App Needs Style Input Decision Business Monarchy IT Monarchy Feudal Federal Duopoly Source: MIT Sloan CISR and Gartner EXP Research Anarchy Input rights Decision rights Refer to Exception process for more information

20 Sample IT Governance Mechanisms
The ‘IT Governance Arrangement Matrix’ can be used to illustrate how governance styles, IT domains and governance mechanisms inter-relate. How the Decisions Get Made Exception Process Exceptions to the IT Governance processes should be very rare and well-justified. In cases where an involved party has significant issues or concerns regarding a decision reached via the IT Governance processes, the following process should be followed: For Senior Management Team decisions CEO makes final decision For Senior Management Team, CIO & ITLC decisions Sr. Leader (or designee) approaches appropriate ITLC member with specific circumstances CIO & Sr. Leader formally approve exception Escalate to CEO, if necessary For Business Unit Leaders decisions Sr. Leader approaches Application Head with specific circumstances CIO & Sr. Leader must formally approve exception Source: MIT Sloan CISR and Gartner EXP Research

21 Implementing IT Governance Communications/Change Management Components
Executive (CEO leadership team meetings, COO leadership team meetings) socialization presentations, discussions Executive announcement ‘Elevator speech’ (COO to CEO & CEO direct reports) Executive summary slide deck BRM (business relationship manager) communication tools Slide deck Suggested talk track Suggested announcement FAQs Core team continued availability during above

22 Key Success Factors for IT Governance
High governance performance enterprises have both business strategies and IT investments strategies which were more focussed and differentiated. The full buy-in of the CEO & direct reports is required Clear participation of the business (it’s all about governing IT) A willingness between Corporate and the business units as well as across business units to cooperate and to develop a solution that is supported by all is essential Existing organizational and decision making structures can’t be sacred cows as they will be questioned and likely modified The project can’t be treated as an IT project Formal change management needs to be part of the work Communicate, communicate, communicate Minimal “loop closing“ is required to ensure compliance Source: MIT Sloan CISR and Gartner EXP Research

23 Typical Benefits of Implementing an IT Governance Framework
High governance performance enterprises have both business strategies and IT investments strategies which were more focussed and differentiated. Typical Benefits of Implementing an IT Governance Framework Enhanced alignment between the Business and IT Improved IT decision-making & communications Overall clearer More efficient as decisions and communications are quicker and more cost-effective More effective as the right decisions get made Improved perception of value of IT More focused strategies Clearer business objectives for IT investment High level executive participation in IT governance Stable IT governance, fewer changes year to year Well functioning formal exception processes Formal communication methods Source: MIT Sloan CISR and Gartner EXP Research

24 Typical Project Timeline
High governance performance enterprises have both business strategies and IT investments strategies which were more focussed and differentiated. The following presents a more or less typical timeline for projects of this nature: Depending on the specifics of the project, a more detailed timeline will have to be developed Milestones Month Month Month 3 Project Planning Governance Requirements Identification Governance Design Transition Source: MIT Sloan CISR and Gartner EXP Research

25 Example Summary of Case Study

26 Assess Your IT Governance Effectiveness Short Form Self-Assessment
There are six leading indicators for effective IT governance and these provide the basis of a self-assessment to know where you stand today. Disagree Strongly (Score 0) Disagree Somewhat (Score 1) Agree Somewhat (Score 2) Agree Strongly (Score 3) IT Governance Effectiveness Indicators 1. We have strongly differentiated business strategies 1 2 3 2. We have clear business objectives for evaluating every type of IT investment 1 2 3 3. Executives are engaged in IT governance and can describe these arrangements 1 2 3 4. Our IT governance is stable, with few major changes year-to-year 1 2 3 5. We use well-defined, formal IT exception processes 1 2 3 Source: Gartner EXP Research 6. We use multiple formal communication methods to engage business leaders 1 2 3 How can you improve your IT governance? You can assess your likely IT governance effectiveness using the IT Governance Self-Assessment. This is based on the six characteristics of high IT-governance performers. Executive management can also use this assessment to measure current status and to spot areas needing improvement. Scoring of the indicators is as follows: 6 or less No effective IT governance Low level IT governance Maturing IT governance Top performer, watch for complacency Action Item: Score your enterprise IT governance indicators. Identify and work on areas where you are currently weak. 6 or less (no effective IT governance) 10-13 (maturing IT governance) 7-9 (low-level IT governance) 14+ (top performer, guard against complacency) Total © 2002 Gartner, Inc. and MIT Sloan Center for Information Systems Research (Weill)

27 Assess Your IT Governance Effectiveness Long Form Self-Assessment
Assess your current position on a journey into the future. For each area, rate these factors, where 1 means strongly disagree, 5 means strongly agree. Decisions Clarity about decision rights Consistency Strong business cases Business roles clear Appropriate committees Optimized budgets Architecture plan Directions Aligned strategies IT strategy known Defined IT principles Risks assessed & managed Business value understood Performance metrics clear Relationships Clear links to corporate governance Strong and trusted teamwork between business and IT Strong and trusted teamwork within IT Gartner's self-assessment tool can be used effectively as the basis for an IT governance workshop. This facilitated workshop should include key stakeholders of IT governance, and its outcome should be a prioritized list of areas for improvement. As part of the workshop, assess where you are today using the statements in the assessment. Rate the degree of agreement on a scale from 1 = strongly disagree, to 5 = strongly agree. Get a broad range of stakeholders to make their own assessments, and then collate the results. Business and IT executives will have varying perceptions of the problem. An understanding of these issues will be enhanced by an evaluation, followed by a discussion. The benefit of the workshop resides in the discussion. Most groups will provide scores in the range of 2 to 4 for each area. Based on conversations with many organizations, Gartner believes that aggregate scores greater than 55 indicate robust and effective governance. Scores between 40 and 55 indicate that the basics of governance are in place but must be evolved to increase effectiveness. Scores below 40 indicate the need to "start over." Documenting the assessment results will enable the assessment to be revisited in six months to see if progress has been achieved. Reference: "Assessing the Effectiveness of IT Governance": G

28 Implementing IT Governance – General Project Approach
High governance performance enterprises have both business strategies and IT investments strategies which were more focussed and differentiated. Plan it, work it! Game plan, self-assessment, project plan Establish IT Governance Principles based on overall IT strategy Evaluate effectiveness of current IT Governance-like mechanisms, if any do exist either within Corporate or the business units Develop Governance processes as appropriate (structural and operational model) Establish clear relationship between the various IT Governance components Validate IT Governance framework and processes with Business Owners Implement new IT Governance framework Roll out to all of IT & Business Thorough communications & PR campaign Establish IT Governance oversight role to monitor processes, effectiveness, and compliance Source: MIT Sloan CISR and Gartner EXP Research

29 High governance performance enterprises have both business strategies and IT investments strategies which were more focussed and differentiated. Q & A ? ! Source: MIT Sloan CISR and Gartner EXP Research

30 Appendix – Sample Deliverables

31 Example Topics for IT Principles/Policies
Governance Investment Evaluation Criteria Investment Decision Making Funding Cost Allocation Benefits Realization Architecture Project Management Privacy Procurement Operational Risk Business Continuity Security Organizational Development Key Issue: What are best practices for IT governance implementation? Principles/policies will change over time as the business changes — and as new challenges emerge for IT. Principles/policies do not need to cover the organization's corporate governance per se — they already are instituted as "rules." The principles/policies should represent the "guardrails" upon which decisions are made. However, the implications of the principles/policies must be clear enough so that clients understand what they are approving when they decide on the acceptability of a principle/policy. The "statement of implication" specificity will vary by target audience. Action Item: Determine where there are significant gaps in principles/policies in your organization. Begin crafting relevant principles/policies and securing approval for them.

32 Summary of Case Study List of 6 guiding principles
Details - principle 1 Details - principle 2 Governance arrangements matrix Details for one IT governance mechanism Exception process Communications process

33 Sample of Six Guiding IT Principles
What IT decisions are made IT will enable and provide strategic value to the business. IT architecture & standards shall be governed at the enterprise level to ensure integrity, planned evolution, and periodic refresh in light of new technologies and business strategies. Information is our business, so data is one of our most valuable assets. It must be accessible, managed and protected accordingly. IT will reuse before it buys and buy before it builds. As new applications are developed, we will strive to create reusable components and processes (in line with the architecture) to facilitate business reuse where appropriate. IT will strive to reduce complexity in the the technology environment.

34 What IT decisions are made
Sample IT Principles - 1 What IT decisions are made IT will enable and provide strategic value to the business Rationale IT Services and Solutions must meet business needs and help drive value Implications IT will be “students” of the business – to provide appropriate technical solutions and support, IT must understand the business IT will manage appropriately within established budget IT will make provisions to ensure Business is an educated consumer of IT Products and Services IT Application Leadership will engage with Business in business strategy, planning, and management IT will partner with Business Unit leadership to support enterprise requirements and business solutions Business processes need to be optimized to obtain full benefits of technological solutions IT Business Relationship Managers will represent all facets of the IT function to the Business Units IT will provide business “consulting” services (alternatives, pros, cons, recommendations) as a partner to its business clients IT will evaluate alternative technological and sourcing approaches to provide business solutions IT must be “easy to do business with” - make IT easy to navigate for business colleagues

35 What IT decisions are made
Sample IT Principles - 2 What IT decisions are made IT architecture & standards shall be governed at the enterprise level to ensure integrity, planned evolution, and, periodic refresh in light of new technologies and business strategies Rationale A satisfactory control environment is dependent on meeting enterprise architecture and standards with the aim of reducing permutations of technology and enforcing change management Research and development into new technologies is a costly investment. Sharing the cost among enterprise activities may permit more technology exploration and further the exploitation of promising technologies. Economies of scale can be realized by sharing architecture and standards as guidelines Only through local unit compliance with enterprise architecture and standards will we achieve the required integrity planned evolution and refresh of our technology base Implications The creation of and adherence to standards are the joint responsibility of all IT organizations We will strive for consistent and single standard IT processes including: change management, IT security standards, disaster recovery, ID management, development methodology Business specific architecture and IT architecture shall align with the Enterprise Architecture (EA). EA shall be our architecture Changes or modifications to the EA architecture will be governed at the greater enterprise-level Enterprise views toward an architectural design or standard such as those effecting compliance and regulatory needs (e.g., SOX, Privacy) must be considered when designing a technology solution Only one IT project methodology shall exist Continuing investment must be made to keep our infrastructure environment current Infrastructure services are managed at an enterprise level

36 Sample IT Governance Arrangements Matrix
The ‘IT Governance Arrangement Matrix’ can be used to illustrate how governance styles, IT domains and governance mechanisms inter-relate. Who makes the decisions Domain Overall IT Principles IT Infrastructure Strategies IT Architecture Business App Needs IT Investment / Prioritization External Relationship Style Input Decision Input Decision Input Decision Input Decision Input Decision Input Decision Senior Mgmt. Team CIO / Ent IT BU Leaders * ITLC Senior Mgmt. CIO & ITLC Input rights Decision rights Source: MIT Sloan CISR and Gartner EXP Research * CIO has “Veto” rights Senior Mgmt Team Corporate office (CEO and Staff) ITLC IT Leadership Council (includes App Head) CIO / Ent IT CIO office and Enterprise IT Senior Mgmt & ITLC Combined Corp Office and IT Leadership BU Leaders Leaders from the Business Units © 2002 Gartner, Inc. and MIT Sloan Center for Information Systems Research (Weill) drawing on the framework of Weill and Woodham, 2002.

37 Sample IT Governance Mechanisms
The ‘IT Governance Arrangement Matrix’ can be used to illustrate how governance styles, IT domains and governance mechanisms inter-relate. How the Decisions Get Made Business Application Needs (Governed by each Business Unit / Function independently) Domain Business App Needs Major Decisions Addressed * Approve application strategy and direction Determine appropriate application resource allocation; resolve major resource conflicts Propose significant application initiatives and projects Approve and prioritize application initiatives and projects (within parameters established by Prioritization process) Sponsor major projects to the Prioritization process Provide oversight for significant initiatives and projects Approve business risk mitigation tactics and strategies (with app impact) Mechanism Input Forum: ITLC meetings or CIO staff meeting Decision Forum: Regularly scheduled business unit leadership meetings (one per Business Unit / Function) Trigger: Regularly scheduled (no less than quarterly) Sponsor: Application Head Style Input Decision Senior Mgmt. Team CIO / Ent IT BU Leaders * ITLC Senior Mgmt. CIO & ITLC Source: MIT Sloan CISR and Gartner EXP Research Input rights Decision rights * CIO has “Veto” rights Refer to Exception process for more information

38 Sample IT Governance Mechanisms
The ‘IT Governance Arrangement Matrix’ can be used to illustrate how governance styles, IT domains and governance mechanisms inter-relate. How the Decisions Get Made Exception Process Exceptions to the IT Governance processes should be very rare and well-justified. In cases where an involved party has significant issues or concerns regarding a decision reached via the IT Governance processes, the following process should be followed: For Senior Management Team decisions CEO makes final decision For Senior Management Team, CIO & ITLC decisions Sr. Leader (or designee) approaches appropriate ITLC member with specific circumstances CIO & Sr. Leader formally approve exception Escalate to CEO, if necessary For Business Unit Leaders decisions Sr. Leader approaches Application Head with specific circumstances CIO & Sr. Leader must formally approve exception Source: MIT Sloan CISR and Gartner EXP Research

39 Sample IT Governance Communications Components
Executive (CEO leadership team meetings, COO leadership team meetings) socialization presentations, discussions Executive announcement ‘Elevator speech’ (COO to CEO & CEO direct reports) Executive summary slide deck BRM (business relationship manager) communication tools Slide deck Suggested talk track Suggested announcement FAQs Core team continued availability during above Return

40 Sample IT Governance Design - Enterprise Architecture
Example Mechanism, Roles, Process IT BOG XYZ Director IC Directors FARB Architecture Review Board EA Updates for Approval Exception Evaluations-major Technical Advice for EA Funding or Appeals Advice Evaluations-minor Exception Requests Advice for EA Funding Guidance Office of the Chief IT Architect Leadership Project Teams XYZ CIO ILLUSTRATIVE IT Architecture Domain Teams IC CIOs

41 Sample IT Governance Design - Clarifying Roles & Responsibilities
RACI analysis clearly defines who is Responsible, Accountable, Consulted, Informed on all decisions, activities, etc. ILLUSTRATIVE

42 IT Governance Operations — Making It Work
Goals Domains Principles Decision Rights Styles IT Governance Strategy IT Governance Operations Supply (How Should IT Do What It Does?) IT Management Primary Responsibility Demand (What Should IT Work On?) Business Management Primary Responsibility Biz/IT Strategy Validation Overall IT Investment & Expense Develop Demand Processes Biz/IT Operational Planning IT Investment Portfolios (PPM) Investment Evaluation Criteria Intra-/Inter- Enterprise Prioritization Implementation Board IT IT Gov Effectiveness (Metrics, etc.) IT Value Assessment Service Chargeback IT Service Funding Spending/Project Oversight Councils/ Committees Issue Escalation/ Resolution Business Benefits Realization Business Unit Plan Implement Manage Monitor Architecture Monitor Compliance Security Corporate Compliance Project Management Sourcing Procurement Etc. IT Supply Governance Domains Key Issue: How do you make IT governance a more practical challenge to solve? In the "Plan" cycle for IT Demand Governance (ITDG), business and IT strategic planning is used to determine the goals and strategies which will guide operational planning. Business and IT operational planning determines what IT has to deliver, and when, and the budgets for both the business and IT. In the "Implement" cycle, ITDG processes are designed to support the goals of ITDG consistent with the management style and decision-making culture of the organization. Financial control and oversight can be facilitated by using such tools as IT investment portfolio analysis. ITDG also establishes the policy for chargeback for the use of IT services and assets. The "Manage" cycle of ITDG focuses on the allocation of resources and the resolution of issues to support the business most effectively. (This is seen as an ITDG responsibility even though it "blurs the line" between "governance" and "management" in more conventional definitions of the two). The "Monitor" cycle ensures that approved investments yield the bottom-line benefits that were proposed; the IT organization provides IT services responsively and cost effectively; IT leverages its position as the organization's IT solutions provider by making contributions to optimize business opportunity from IT; the value and effectiveness of ITG are assessed and optimized. The behavior and practices of IT Supply Governance are governed by policies, practices, monitoring and enforcement across a wide range of IT responsibilities and disciplines. In "Planning," the policy to govern IT in the chosen area is determined or developed. Policy "Implementation" includes specific procedures and practices for compliance for each affected area. "Manage" and "Monitor" encompass the oversight, compliance enforcement and escalation/appeal process to deal with requests for waivers or other exceptions that might be allowable.

43 Best Practices for Governance When Governance Isn’t Governed
Use a stick: Threat of auditor, Sarbanes-Oxley, Basel II… Use a club: How would CFO look at these actions? Do they insert more risk and lower ROI? Under FOIA (Freedom of Information Act), does this pass the newspaper test? Use a carrot: Advertise the joint success of IT and SBU on a particular initiative and why it helped governance. Use chocolate: Make the advertised success addictive, and this is what we are looking forward to later ... Use secret sauce: CIOs can be slightly off-center (devious) by stating that service-level architecture or Web-based infrastructure requires greater transparency, much like FedEx allows customers to see where packages are and estimated times of arrival, which is why FedEx’s IT is bullet-proof.

44 More Symptoms of Good IT Governance
Decisions Score Clarity There is clarity about who makes strategic decisions about IT — Investment IT investments are evaluated and approved using consistent criteria — Approval Project IT projects deliver results consistently in accord with the business case — Implementation Business Business executives clearly understand their roles in IT decisions — Roles Committee Appropriate committees are in place, with clearly documented roles — Structures Budgets The IT budget process is aligned with business and IT strategies — Enterprise Architecture exceptions have a defined process for approval — Architecture Directions Alignment There is clear alignment between business and IT strategies — IT Strategy The IT strategy is clear to all affected stakeholders — IT Principles There is a clear set of IT principles underlying decisions that are clear to all — Risk IT risks are understood by all stakeholders and managed effectively — Management Business The business value of IT is tracked, understood and communicated — Value IT Metrics IT metrics highlight critical success factors for performance management — Relationships Corporate IT governance is clearly linked to corporate governance — Governance Trust There are strong and trusted relationships between business and IT

45 IT Governance Maturity Checklist
World-class Life-cycle PfM Business architecture Market agility Advanced Enterprise PMO Project PfM Info architecture Good Project prioritization Asset portfolio management (PfM) Independent audit Basics Review boards Regular audits Universal controls Standards Efficiency Effectiveness Investment Transformation Dependency on IT Governance Business Perception of Its Respect Cost Trust Credibility of IT Governance Viewing governance within the C/D Matrix enables CIOs to assure that the actions they are taking align with the relationship maturity within the business. Without the above listed stabilizing features, evolving IT shops will find progress difficult and possibly circular (1 step forwards, 1 step backwards). Do you plan, build, and run as one body?

Download ppt "Louis Boyle Vice President Gartner Executive Programs"

Similar presentations

A presentation for CIOs. What are the biggest challenges that face a modern CIO? (Lets list them…)

A presentation for CIOs. What are the biggest challenges that face a modern CIO? (Lets list them…)
Program Management Office (PMO) Design

Program Management Office (PMO) Design
Roadmap for Sourcing Decision Review Board (DRB)

Roadmap for Sourcing Decision Review Board (DRB)
How to commence the IT Modernization Process?

How to commence the IT Modernization Process?
Global Congress Global Leadership Vision for Project Management.

Global Congress Global Leadership Vision for Project Management.
Leverage MarkITS for agile solutions delivery that balances strategic thinking with tactical execution for “Business & Technology Convergence” MarkITS.

Leverage MarkITS for agile solutions delivery that balances strategic thinking with tactical execution for “Business & Technology Convergence” MarkITS.
HR Manager – HR Business Partners Role Description

HR Manager – HR Business Partners Role Description
1 IT Governance Presentation to DCO’s Forum 8 June 2005.

1 IT Governance Presentation to DCO’s Forum 8 June 2005.
© 2009 The MITRE Corporation. All rights Reserved. Evolutionary Strategies for the Development of a SOA-Enabled USMC Enterprise Mohamed Hussein, Ph.D.

© 2009 The MITRE Corporation. All rights Reserved. Evolutionary Strategies for the Development of a SOA-Enabled USMC Enterprise Mohamed Hussein, Ph.D.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Delivery Business Solutions April 29, 20131 Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.

Delivery Business Solutions April 29, Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Enterprise Architecture. 2 Agenda What is Enterprise Architecture (EA)? Roles in EA? Why is EA Important? Tangible Benefits from EA? What Do We Need to.

Enterprise Architecture. 2 Agenda What is Enterprise Architecture (EA)? Roles in EA? Why is EA Important? Tangible Benefits from EA? What Do We Need to.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Program Management Overview (An Introduction)

Program Management Overview (An Introduction)
IT Project Management Office

IT Project Management Office
Shared Learning Services : Key Learnings Session 102 November 9, 2009.

Shared Learning Services : Key Learnings Session 102 November 9, 2009.
PPA 502 – Program Evaluation Lecture 10 – Maximizing the Use of Evaluation Results.

PPA 502 – Program Evaluation Lecture 10 – Maximizing the Use of Evaluation Results.
IT Governance and Management

IT Governance and Management
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman

Similar presentations

Ads by Google