Governance It

8/6/2019 Governance It

1/41

WHY IS I.T. IMPORTANT TOWHY IS I.T. IMPORTANT TO

AN ORGANISATIONALAN ORGANISATIONALENTITY?ENTITY?

IT contributes directly to market valueIT contributes directly to market value

IT is essential for the achievement ofIT is essential for the achievement oforganisational goalsorganisational goals

IT involves large investments and operationalIT involves large investments and operationalrisksrisks


2/41

STRATEGIC IMPORTANCE OFSTRATEGIC IMPORTANCE OF

INFORMATION TECHNOLOGYINFORMATION TECHNOLOGY

IT is essential to manage the transactions,IT is essential to manage the transactions,information, and knowledge necessary to initiateinformation, and knowledge necessary to initiateand sustain economic and social activities. Inand sustain economic and social activities. In

most enterprises, IT has become an integral partmost enterprises, IT has become an integral partof the organisation and is fundamental to support,of the organisation and is fundamental to support,sustain, and grow the organisation.sustain, and grow the organisation.


3/41

EXPECTATIONS FROM I.T.EXPECTATIONS FROM I.T.

Those charged with governance and executiveThose charged with governance and executivemanagement generally expect their organisation'smanagement generally expect their organisation'sIT to deliver organisational value, i.e., provideIT to deliver organisational value, i.e., provide

fast, secured, high quality solutions and services;fast, secured, high quality solutions and services;generate reasonable return on investment; andgenerate reasonable return on investment; andmove from efficiency and productivity gainsmove from efficiency and productivity gainstoward value creation and business effectiveness.toward value creation and business effectiveness.


4/41

WHEN EXPECTATIONS ANDWHEN EXPECTATIONS AND

REALITY DO NOT MATCHREALITY DO NOT MATCH

Operational losses, reputational damage, andOperational losses, reputational damage, andweakened competitive positionweakened competitive position

Inability to obtain or measure a return for ITInability to obtain or measure a return for ITinvestmentsinvestments

Failure of IT initiatives to bring the innovationFailure of IT initiatives to bring the innovationand benefits promisedand benefits promised

Inadequate or obsolete technologyInadequate or obsolete technology

Inability to leverage available new technologiesInability to leverage available new technologies

Deadlines that are not met and budgets that areDeadlines that are not met and budgets that areoverrunoverrun


5/41

WHAT SHOULD BE DONE?WHAT SHOULD BE DONE?

Those charged with governance and executiveThose charged with governance and executivemanagement should understand the issues andmanagement should understand the issues andthe strategic importance of IT so that theirthe strategic importance of IT so that their

organisation can sustain operations andorganisation can sustain operations andimplement strategies required to extend activitiesimplement strategies required to extend activitiesinto the future.into the future.

This is the governance of IT that aims at ensuringThis is the governance of IT that aims at ensuringthat expectations from IT are met and IT risks arethat expectations from IT are met and IT risks aremitigated.mitigated.


6/41


Those charged with governance and executiveThose charged with governance and executivemanagement need to assess their capacity tomanagement need to assess their capacity to

take advantage of IT's enabling capacity for newtake advantage of IT's enabling capacity for newbusiness models and changing business practicesbusiness models and changing business practices

balance IT's increasing costs and information'sbalance IT's increasing costs and information'sincreasing value to obtain an appropriate returnincreasing value to obtain an appropriate returnfrom IT investementsfrom IT investements

manage the risks of transacting in anmanage the risks of transacting in aninterconnected digital world and the dependenceinterconnected digital world and the dependenceon entities beyond the direct control of theon entities beyond the direct control of theorganisationorganisation


7/41


Those charged with governance and executiveThose charged with governance and executivemanagement need to assess their capacity tomanagement need to assess their capacity to

manage IT's impact on business continuity due tomanage IT's impact on business continuity due toincreasing reliance on information and IT in allincreasing reliance on information and IT in allaspects of the organisationaspects of the organisation

maintain IT's ability to build and maintainmaintain IT's ability to build and maintainknowledge essential to sustain and grow theknowledge essential to sustain and grow the

organisationorganisation avoid the failures of IT, increasingly impactingavoid the failures of IT, increasingly impacting

the organisation's value and reputationthe organisation's value and reputation


8/41

IT GOVERNANCEIT GOVERNANCE

IT governance is the responsibility of thoseIT governance is the responsibility of thosecharged with overall governance and thecharged with overall governance and theexecutive management. It is an integral part ofexecutive management. It is an integral part of

organisational governance and consists of theorganisational governance and consists of theleadership organisational structure and processesleadership organisational structure and processesthat ensure that the organisation's IT sustains andthat ensure that the organisation's IT sustains andextends the organisation's strategies andextends the organisation's strategies andobjectives.objectives.


9/41

OBJECTIVES OF ITOBJECTIVES OF IT

GOVERNANCEGOVERNANCE

Alignment of IT with the organisation andAlignment of IT with the organisation andrealisation of promised benefitsrealisation of promised benefits

Use of IT to enable the organisation byUse of IT to enable the organisation byexploiting opportunities and maximising benefitsexploiting opportunities and maximising benefits

Responsible use of IT resourcesResponsible use of IT resources

Appropriate management of IT related risksAppropriate management of IT related risks


10/41

INTERACTION OFINTERACTION OF

OBJECTIVES AND I.T.OBJECTIVES AND I.T.ACTIVITIESACTIVITIES


11/41

IT GOVERNANCEIT GOVERNANCE

FRAMEWORKFRAMEWORK


12/41

WHY IS I.T. GOVERNANCEWHY IS I.T. GOVERNANCE

IMPORTANT?IMPORTANT?

Because Information Technology is importantBecause Information Technology is important

IT is critical in supporting and enablingIT is critical in supporting and enablingorganisational goalsorganisational goals

IT is strategic to the organisation [growth andIT is strategic to the organisation [growth andinnovation]innovation]

Due diligence is increasingly required relative toDue diligence is increasingly required relative tothe IT implication of mergers and acquisitionthe IT implication of mergers and acquisition


13/41



Because there was no previous focus on ITBecause there was no previous focus on IT

IT requires more technical insight than do otherIT requires more technical insight than do otherdisciplines to understand how it enables thedisciplines to understand how it enables theorganisation and creates risks and opportunitiesorganisation and creates risks and opportunities

IT has traditionally been treated as an entityIT has traditionally been treated as an entityseparate to the businessseparate to the business

IT is complex, even more so in the extendedIT is complex, even more so in the extended

enterprise operating in a networked economyenterprise operating in a networked economy


14/41



Because there is a need to align expectations ofBecause there is a need to align expectations ofthose charged with governance from executivethose charged with governance from executivemanagementmanagement

Deliver IT solutions of the right quality, on timeDeliver IT solutions of the right quality, on timeand, within budgetand, within budget

Harness and exploit IT to return valueHarness and exploit IT to return value

Leverage IT to increase efficiency andLeverage IT to increase efficiency and

productivity while managing IT risksproductivity while managing IT risks


15/41


IMPORTANTIMPORTANT

Because of the negativities of ineffectiveBecause of the negativities of ineffectivegovernancegovernance

Business losses, damaged reputations orBusiness losses, damaged reputations orweakened competitive positionsweakened competitive positions

Deadlines not met, costs higher than expectedDeadlines not met, costs higher than expectedand quality lower than anticipatedand quality lower than anticipated

Enterprise efficiency and core processesEnterprise efficiency and core processes

negatively impacted by poor quality ITnegatively impacted by poor quality ITdeliverablesdeliverables

Failures of IT initiatives to bring innovation orFailures of IT initiatives to bring innovation ordeliver the promised benefitsdeliver the promised benefits


16/41

WHO SHOULD DO WHAT?WHO SHOULD DO WHAT?

Those charged with governance should take anThose charged with governance should take anactive role in IT strategy or similar committeesactive role in IT strategy or similar committees

CEOs [or their equivalent] should provideCEOs [or their equivalent] should provideorganisational structures to support theorganisational structures to support theimplementation of IT strategyimplementation of IT strategy

CIOs [or their equivalent] must be businessCIOs [or their equivalent] must be businessoriented and provide a bridge between IT and theoriented and provide a bridge between IT and the

businessbusiness All executives should be involved in ITAll executives should be involved in IT

steering or similar committeessteering or similar committees


17/41

WHAT DOES I.T.WHAT DOES I.T.

GOVERNANCE COVER?GOVERNANCE COVER?

IT's delivery of value to the organisationIT's delivery of value to the organisation

Mitigation of IT risksMitigation of IT risks


18/41

FOCUS AREAS OF ITFOCUS AREAS OF IT

GOVERNANCEGOVERNANCE


19/41

EACH ENTERPRISE OPERATESEACH ENTERPRISE OPERATES

IN AN ENVIRONMENT THAT ISIN AN ENVIRONMENT THAT ISINFLUENCED BYINFLUENCED BY

Stakeholder valuesStakeholder values

The mission, vision and values of the enterpriseThe mission, vision and values of the enterprise

The community and company ethics and cultureThe community and company ethics and culture Applicable laws, regulations and policiesApplicable laws, regulations and policies

Industry practicesIndustry practices


20/41

IT GOVERNANCE PROCESSIT GOVERNANCE PROCESS


21/41

I.T. STRATEGIC ALIGNMENTI.T. STRATEGIC ALIGNMENT[focusing on aligning with the business and[focusing on aligning with the business and

collaborative solutions]collaborative solutions]


22/41

IT/ENTERPRISE ALIGNMENTIT/ENTERPRISE ALIGNMENT


23/41

STRATEGIC OPPORTUNITIESSTRATEGIC OPPORTUNITIES

FROM I.T.FROM I.T. Add value to products and servicesAdd value to products and services

Assist in competitive positioningAssist in competitive positioning

Contain costs and improve administrativeContain costs and improve administrativeefficiencyefficiency

Increase managerial effectivenessIncrease managerial effectiveness


24/41

CONSIDERATIONS INCONSIDERATIONS IN

FORMULATING I.T. STRATEGYFORMULATING I.T. STRATEGY Business objectives and the competitiveBusiness objectives and the competitive

environmentenvironment

Current and future technologies and the costs,Current and future technologies and the costs,

risks and benefits they can bring to the businessrisks and benefits they can bring to the business

The capability of the IT organisation andThe capability of the IT organisation andtechnology to deliver current and future levels oftechnology to deliver current and future levels ofservice to the business, and the extent of changeservice to the business, and the extent of change

and investment this might imply for the wholeand investment this might imply for the wholeenterpriseenterprise

Cost of current IT and whether this providesCost of current IT and whether this providessufficient value to the businesssufficient value to the business

The lessons learned from past failures andThe lessons learned from past failures andsuccessessuccesses


25/41

I.T. SUPPORTING STRATEGICI.T. SUPPORTING STRATEGIC

OBJECTIVESOBJECTIVES


26/41

PLANNED AND PURPOSEFULPLANNED AND PURPOSEFUL

MANAGEMENTMANAGEMENT Creating and sustaining awareness of theCreating and sustaining awareness of the

strategic role of IT at top management levelstrategic role of IT at top management level

Clarifying what role IT should play: utility vs.Clarifying what role IT should play: utility vs.

enablerenabler

Creating IT guiding principles from businessCreating IT guiding principles from businessmaxims. For example, develop partnershipsmaxims. For example, develop partnershipswith customers worldwide can lead towith customers worldwide can lead to

consolidate customer database and orderconsolidate customer database and orderprocessing processes.processing processes.

Monitoring the business impact of the ITMonitoring the business impact of the ITinfrastructure and applications portfolioinfrastructure and applications portfolio

Evaluating, postEvaluating, post--implementation, benefitsimplementation, benefitsdelivered by IT projectsdelivered by IT projects


27/41

VALUE DELIVERYVALUE DELIVERY[concentrating on optimising expenses and proving[concentrating on optimising expenses and proving

the value of IT]the value of IT]


28/41

EXPECTATIONS RELATIVE TOEXPECTATIONS RELATIVE TO

CONTENTS OF THE I.T.CONTENTS OF THE I.T.DELIVERABLEDELIVERABLE

Fit for purpose, meeting business requirementsFit for purpose, meeting business requirements

Flexibility to adopt future requirementsFlexibility to adopt future requirements

Throughput and response timesThroughput and response times Ease of use, resiliency and securityEase of use, resiliency and security

Integrity, accuracy and currency of informationIntegrity, accuracy and currency of information


29/41

VIEWS OF I.T. VALUEVIEWS OF I.T. VALUE

[WEILL and BROADBENT][WEILL and BROADBENT]


30/41

DEPENDENCIES OF THEDEPENDENCIES OF THE

CAPACITY TO DELIVERCAPACITY TO DELIVER Timely, usable and reliable information aboutTimely, usable and reliable information about

customers, processes, markets, etc.customers, processes, markets, etc.

Productive and effective practices [performanceProductive and effective practices [performance

measurement, knowledge management, etc.]measurement, knowledge management, etc.]

The ability to integrate technologyThe ability to integrate technology


31/41

RISK MANAGEMENTRISK MANAGEMENT[addressing the safeguarding of IT assets and[addressing the safeguarding of IT assets and

disaster recovery]disaster recovery]


32/41

ENTERPRISE RISKENTERPRISE RISK

MANAGEMENTMANAGEMENT Ascertaining that there is transparency about theAscertaining that there is transparency about the

significant risks to the enterprise and clarifyingsignificant risks to the enterprise and clarifyingthe risk taking or risk avoidance policies of thethe risk taking or risk avoidance policies of the

enterprise [i.e., determining the enterprisesenterprise [i.e., determining the enterprisesappetite for risk]appetite for risk]

Being aware that the final responsibility for riskBeing aware that the final responsibility for riskmanagement rests with the board so, whenmanagement rests with the board so, whendelegating to executive management, makingdelegating to executive management, making

sure the constraints of that delegation aresure the constraints of that delegation arecommunicated and clearly understoodcommunicated and clearly understood


33/41

ENTERPRISE RISKENTERPRISE RISK

MANAGEMENTMANAGEMENT Being conscious that the system of internalBeing conscious that the system of internal

control put in place to manage risks often has thecontrol put in place to manage risks often has thecapacity to generate costcapacity to generate cost--efficiencyefficiency

Considering that a transparent and proactive riskConsidering that a transparent and proactive riskmanagement approach can create competitivemanagement approach can create competitiveadvantage that can be exploitedadvantage that can be exploited

Insisting that risk management be embedded inInsisting that risk management be embedded in

the operation of the enterprise, respond quicklythe operation of the enterprise, respond quicklyto changing risks and report immediately toto changing risks and report immediately toappropriate levels of management, supported byappropriate levels of management, supported byagreed principles of escalation [what to report,agreed principles of escalation [what to report,when, where and how]when, where and how]


34/41

I cannot imagine any condition which could causeI cannot imagine any condition which could causethis ship to founder. I cannot conceive of anythis ship to founder. I cannot conceive of anyvital disaster happening to this vessel.vital disaster happening to this vessel. -- --

Captain of the Titanic, 1912Captain of the Titanic, 1912


35/41

RESOURCE MANAGEMENTRESOURCE MANAGEMENT[optimising knowledge and infrastructure][optimising knowledge and infrastructure]


36/41

ADDRESS APPROPRIATEADDRESS APPROPRIATE

INVESTMENT IN I.T.INVESTMENT IN I.T.By ensuring thatBy ensuring that

The responsibilities with respect to IT systemsThe responsibilities with respect to IT systemsand services procurement are understood andand services procurement are understood and

appliedapplied

Appropriate methods and adequate skills exist toAppropriate methods and adequate skills exist tomanage and support IT projects and systemsmanage and support IT projects and systems

Improved workforce planning and investmentImproved workforce planning and investment

exist to ensure recruitment and, more important,exist to ensure recruitment and, more important,retention of skilled IT staffretention of skilled IT staff

IT education, training and development needs areIT education, training and development needs arefully identified and addressed for all stafffully identified and addressed for all staff

Appropriate facilities are provided and time isAppropriate facilities are provided and time is


37/41

WISE USE OF I.T. RESOURCESWISE USE OF I.T. RESOURCES

Appropriate methods and adequate skills exist inAppropriate methods and adequate skills exist inthe organisation to manage IT projectsthe organisation to manage IT projects

The benefits accruing from any serviceThe benefits accruing from any service

procurement are real and achievableprocurement are real and achievable


38/41

PERFORMANCE MEASUREMENTPERFORMANCE MEASUREMENT[tracking project delivery and monitoring[tracking project delivery and monitoring

IT services]IT services]


39/41

BALANCED SCORECARDBALANCED SCORECARD

DIMENSIONSDIMENSIONS


40/41

CAUSE AND EFFECTCAUSE AND EFFECT

RELATIONSHIPS BETWEENRELATIONSHIPS BETWEEN

BSC DIMENSIONSBSC DIMENSIONS


41/41

SAMPLE IT BSC MEASURESSAMPLE IT BSC MEASURES

Documents

Governance It