May 2010

SPECIAL: 9th Anniversary
ENGINEERING REVIEW - MAY 2010

ENGINEERING REVIEW - MAY 2010
Other Archives
IT IN SME INDUSTRY FOCUS

IT Governance : Adopting the right approach

IT Governance in simple terms can be said to be a method for CIOs to manage IT strategy and execution by enabling a consolidated view of key governance functions such as project, demand, resource, risk and performance management.

In many organisations, Information Technology (IT) has become crucial in sustaining and the growth of a business. This pervasive use of technology has created a critical dependency on IT that calls for a specific focus on the IT Governance and Compliance strategies of an enterprise. In today’s regulated environment, shareholders have become more demanding and are paying more attention to the governance and compliance strategies of an enterprise.

There are various regulatory compliance requirements today that are mandated by the Organisation for Economic Co-operation and Development’s (OECD) . The rationale behind such regulations is to ensure a verifiable process to manage corporate risks and instill a corporate environment of respect for all stakeholders. Organisations are required to provide an assurance to the accuracy and integrity of both financial reports and core business processes. Therefore, IT controls have become integral to the effective governance of the modern enterprise. Corporate IT groups have recognised the inherent value of corporate and IT governance leading to the birth of the notion of business and IT alignment.

IT Governance in simple terms can be said to be a method for CIOs to manage IT strategy and execution by enabling a consolidated view of key governance functions such as project, demand, resource, risk and performance management. The key benefits of IT Governance are alignment of IT with business needs, transparency and better comprehension of IT activities and performance, clearer understanding of objectives and expectations, clearer visibility of issues and priorities, joint responsibility for planning and executing IS/IT in the business, improved value delivery (operational and project), optimised costs, management of IT related risks, and improved quality of service. While every CIO worth his salt understands the importance of IT Governance, the area where most CIOs go wrong is in getting the planning right.

Some Steps to Take Are:
Undestand the scope of IT Governance
IT governance addresses two key areas that are considered as the outcomes of IT Governance.

IT’s Value Delivery to the Business: IT should enable organisations to grow by delivering the expected business value through the successful completion of critical projects on-time and within-budget.

Mitigation of IT Risks: Embedding accountability into the enterprise. Enterprises should identify their appetite for risk management in IT investments especially with respect to the security, reliability and compliance and have clear-cut strategies to manage risk.

Factors that Drive Outcomes
Strategic Alignment:
Enterprises need to ensure that that all investments in IT are selective and strategically aligned to long term business goals

Resource Management:
Managing resources (people, applications, technology, facilities or data) is one of the key elements behind maximising the business value of IT addressing needs of recruitment, retention, education, training and development of IT staff.

Performance Measurement: Performance measurement is a cumulative measure of available resources, processes and outcomes of IT Governance and measures its effectiveness in delivering four key objectives—the cost effective use of IT, the effective use of IT for asset utilisation, the effective use of IT for growth and for business flexibility.

Define Roles and Responsibilities for your IT Governance Framework
Define roles and responsibilities for each of the five IT Governance domains. Organisations have to assign accountability to all participants of the group responsible for IT Governance implementation. Efforts should also be made to establish committees (E.g. steering committee, technology council, IT architecture review board) and define their responsibilities for every key IT Governance domain.

Identify and Prioritise
Decide the highest priority projects that will help improve the management and governance of significant areas. This decision should be based on identifying projects which promise the most potential benefits, are easy to implement, and have a strong focus on important IT processes and core competencies.

Build a Continuous improvement Plan
In order to build a continuous improvement plan, enterprises must continuously assess the effectiveness of IT Governance in delivering value to the business. IT Governance implementation should be considered as a closed loop. For example, the business provides the direction that results in IT initiatives, or, activities that should generate the desired results to meet the business expectations. These results should be compared with the desired results to find out the performance.