Bringing IT Governance From Theory to Action

Sometimes it feels like a question of fairness. Even as technology has simplified and become almost invisible to most audiences, the complexity of maintaining technology is reaching a breaking point for information technology (IT) organizations. While digital sales and marketing channels proliferate and increase a company’s dependency on technology, little time is invested between the lines of business and IT to communicate corporate goals and how technology can support these goals. The mandate is simply “do more with less.” Fully formed IT governance implementations address this lack of communication and allow IT to run like a business with corporate goals in mind.

New trends bring new challenges to the business of IT

As budgets have spiraled higher and enterprise systems have become more intertwined, three major trends have emerged to contain costs and to make better investment decisions:

• Consolidation
• Outsourcing
• Visibility

These are trends for a reason. IT consolidation has become a best practice cost reduction no company can reasonably ignore. Many corporations could not stay competitive without the cost savings offered by outsourcing. And with today’s regulatory requirements, visibility into IT is mandatory.

Crucial as they may be to the success and possibly the viability of a company, these trends are placing unprecedented burdens and expectations on technology departments—and business heads are feeling their pain.

Consolidation

For the past decade, enterprises have focused on controlling service costs and infrastructures through consolidation of server, networking, and computing environments. Consolidation helps large companies cap runaway costs and small and medium-sized companies reduce costly redundancies. But these money-saving measures come at a cost: IT’s loss of visibility to the business and the business’ loss of control over what and how technology organizations execute.

As a centralized or “shared service,” IT must strive to maintain a close relationship with all lines of business, helping each to better respond to market changes while maintaining high service levels. This is a tall order, particularly when trying to discern needs from wants and prioritizing accordingly.

Moving from a decentralized structure to a shared service model means individual business units lose direct control of their technology resources. With the new organization in place that requires IT to support all business units equally, that rising-star developer who once focused solely on marketing’s Web site may now be working on multiple applications. The challenge arises in prioritizing time and availability of such valued resources in a manner that most benefits the business as a whole.

Outsourcing

The allure of hour-by-hour savings through outsourcing has made this a highly attractive option to companies of all sizes, if not an outright necessity. Yet outsourcing is fraught with some obvious and subtle obstacles. There are the big questions about communication and control: What are the rules of engagement between outsourcer and outsourcee? Who defines them? How can companies maintain control and visibility of outsourced tasks and processes? And how can businesses measure the results of the work being done?

There are also smaller overlooked details and questions few think to ask. For example, an outsourcer might not be aware of a taken-for-granted process that has never been documented or critical workarounds that have never been integrated into the technical architecture. Another detail often missed is determining what services to outsource. Senior executives and technology personnel of both the internal and outsourced groups make these decisions, but what about the perspective of the “consumers” of these services, such as staff, customers, and partners?

If left unresolved, these issues can result in quality control issues (read customer and staff complaints) and seriously undermine the savings outsourcing offers.

Visibility

Some trends are born out of changes in governmental policy, and increased visibility into IT is a perfect example. Sarbanes-Oxley and other regulatory requirements have compelled organizations to shine new light into the once inscrutable doings of IT. In addition to addressing security and compliance concerns, this increased visibility inspires businesses to become more involved in the IT decision-making process. Since this is a new role, business doesn’t understand what exactly it is getting for its money, and IT is placed in the uncomfortable position of justifying its every move.

Understanding the value of each technology initiative and aligning these initiatives with corporate goals is paramount to both the short-term success and long-term viability of any company.

How does a company address these trends and harness the potentially transformational power of IT?

The answer: IT Governance

Lines of business and IT can no longer work in their respective vacuums. This new interconnectedness means that what affects one now affects all. If problems are no longer confined to one functional area, solutions can’t be either. IT governance defines accountability and decision making and simplifies the challenges of consolidation, outsourcing, and increased visibility—ensuring IT expenditures deliver real business value.

Identifying the Rules of Engagement for IT Insiders and Outsourcers Alike

IT governance addresses the rules of engagement and execution for all of IT and its resources—including those of external vendors. Rather than simply agreeing to a vendor-defined set of services, companies can identify and plan for all required processes to ensure control and visibility. IT governance defines the parameters of outsourcing partnerships, while also defining processes for communication, contract execution, and service delivery. Defining these operational and service-level agreements ensures expectations are set between business customer and IT provider.

Setting and meeting expectations is important to success for any fiscally based relationship. But outsourcing is no longer just about reducing costs; it’s also about creating business value. A documented, formal communication and execution plan allows IT to smoothly integrate its work activities with third-party resources on joint initiatives designed to boost returns on investments and enhance business overall.

Allowing IT Visibility to Work Both Ways

Accountability is a key benefit of IT governance, and one that allows visibility to work both ways. Providing a mechanism for accountability helps clarify demands being made on IT and reveals how and where business is driving IT spend.

The most successful enterprises engage both business and IT in investment decisions. IT governance strengthens and clarifies the connection between corporate goals and IT initiatives. And with both business and IT aware of the strategic benefits of a given initiative, the initiative has a far greater chance of company-wide adoption and success.

No line of business or IT department is an island. What affects one, affects all.

The ways: IT frameworks for efficient, repeatable processes

Making Consolidation More Friendly

IT frameworks, such as Control OBjectives for Information Technology (COBIT) and the Information Technology Infrastructure Library (ITIL), are being adapted into governance initiatives to improve the consistency of implementations and operations. These frameworks provide decision makers with valuable visibility and control over the demands made on them and help managers structure and formalize management processes. This includes the prioritization of demand coming from across the organization and the assignment and allocation of shared resources—such as that rising-star Web developer—to address that demand.

In short, IT frameworks offer a bird’s-eye view into all lines of business, helping to ensure that the prioritization and assignment of work aligns with the overall company objectives.

Just as efficient, repeatable processes are the secret to realizing the value of technology, IT frameworks are the secret to realizing efficient, repeatable processes. In fact, these frameworks were developed in recognition that without standard management practices, organizations were independently, and repeatedly, making the same common and costly mistakes—many stemming from the very challenges addressed previously.

Defining the Process Framework

The first step toward taking a theoretical framework and putting it into practice is to understand the framework itself. A framework should address the following process areas:  

1. Business Perspective  
2. IT Business Management  
3. Application and Infrastructure Management  
4. Service Delivery  
5. Service Support

In turn, each of the five core process areas might be composed of three tracks that define an actionable approach to IT governance (see figure 1):

1. Strategy  
2. Planning  
3.  Management and execution

Figure 1 (Click to enlarge)

Process Framework in action

Consolidation, outsourcing, unprecedented visibility—every move in a company today impacts all aspects of a technology organization and crosses every core process. Take consolidation, as one example. Here is how a company might apply a process framework to uncover and address the specific challenges of consolidation.

Business Perspective: Consolidation requires an aggregated process to collect all requests and establish scoring and prioritization models to determine which request takes precedence. IT also must redefine its communication policies and procedures with individual business lines.

IT Business Management: IT consolidation requires definition of management processes (e.g., portfolio, financial, and demand management) and enterprise architectures, as well as redefinition of policies and procedures with third-party vendors.

Application and Infrastructure Management: Consolidation helps to leverage standardized project and application delivery processes, as well as shared utilization of infrastructure components. But to ensure quality delivery of all projects across the organization, formalized SDLC methodologies must be implemented. The planning and evaluation of infrastructure projects must now take into account the impacts to multiple lines of business.

Service Delivery: As infrastructure and resources are shared, a greater importance is placed on capacity management, business continuity, and SLA policies and procedures. The downtime of critical shared components can now impact an even greater number of end users.

Service Support: Consolidated infrastructure and shared applications lead to a greater amount of change to the environment as lines of business identify additional services to be implemented. Proper change and release management processes must be adjusted accordingly. In addition, consolidated help desk and tier support resources may need to be retrained or reorganized to handle the new infrastructure and shared applications.

The means: IT governance software and solutions

While IT frameworks provide the ways to implement IT governance, real-life tools and technology are needed to provide the means. If a company has a relatively simple technology footprint, basic templates and spreadsheets might suffice. Other companies that are large enough to embrace trends such as consolidation and outsourcing and are struggling with visibility require software automation.

Project and Portfolio Management Software

Project and portfolio management software (PPM) provides the tools to govern projects, applications, and opportunities in both consolidated and outsourced environments, with complete visibility to all key stakeholders. PPM includes integrated applications developed to provide:

• Compatibility with accepted best-practice frameworks.
• Specific process mechanisms tuned to specific organizational needs.
• Establishment and enforcement of roles and responsibilities of process participants.
• Dashboards for real-time visibility of projects and activities.
• Enterprise-level scalability.

PPM Software in Action

Again, every move business makes impacts all aspects of the IT organization and crosses every core process. No one-off tool can fully address the challenges of aligning business with IT. Enterprise class PPM software provides the means to true governance—from the initial demand all the way through to the fulfillment and support of that demand. PPM software captures all service requests, provides the tools for prioritizing those requests, and automates key project management processes that support their design, operation, and delivery.

Paving the way to success

Paramount to a successful implementation is earning the trust and buy-in of all key stakeholders each step of the way. The instituting governance practices can be something of a shock to the culture of a company. Change management and strong internal sponsors of the initiative are a must. And it is important to remember that insight can be garnered from staff and customers, as well as department heads and decision makers. Other factors for success include: Assessing current processes. Learning from process owners what does and doesn’t work. Envisioning and modeling the solution. Beginning with pilot projects and using their success to further build momentum and acceptance. Managing organizational changes as users learn the new technologies and processes. Each of these success factors inform a structured, flexible methodology for rolling out IT governance solutions. (See figure 2.)
1.   Planning phase—Includes defining the high-level strategy and road map to ensure the alignment of technology initiatives to company objectives.
2.   Deploying phase—Involves the full project implementation life cycle: solution design, solution build, phased deployment, and training.
3.   Activating phase—Focuses on the continuous improvement of processes and technology implementation by defining and monitoring key performance indicators.

Figure 2 (Click to enlarge)

The results: IT Governance realized

An effective strategy bridges the gap between IT governance in theory and action—aligning IT spend with corporate priorities and needs, focusing vital resources on proactive initiatives versus reactive tasks, managing change more effectively, and mitigating the inherent risks of technology-dependent business practices. Ultimately this framework allows lines of business and IT to effectively communicate so that all parts of the organization can be held accountable for contribution toward corporate goals. Now that seems fair.

Davin Gallego is the IT governance solution director and Jon Borg-Breen is senior vice president at Acquity Group (www.acquitygroup.com), a leading provider of business and technology solutions designed to optimize business performance.