Week 1: Selig chapter 1 & 3 and 2 articles (Henderson and Sabherwal)
Selig chapter 1 Introduction to IT/Business alignment, planning, execution and governance
1.2 Overview (figure 1.1)
IT has become a critical function in most organizations and is fundamental to support, and sustain
innovation, growth and survival. Enterprise governance (corporate governance) represents the
entire management accountability and control framework of an organization, including roles and
responsibilities of the board, the CEO and other functional managers, to ensure that the organization
meets its objectives and plans in an ethical manner.
Effective corporate governance requires the board to focus on general oversight and stewardship of
the corporation, and to refrain from involvement in the day-to-day operations of the company.
Enterprise governance includes the leadership and governance oversight of enterprise architecture
to align business strategy, structures, systems, policies, processes and relational mechanisms.
Enterprise governance drives business governance and IT governance.
Enterprise governance Business governance IT governance
Separation of ownership and Direction and control of the Direction and control of IT
control (board) business (CEO and executives) (CIO and direct reports)
- Roles of board and - Business strategy, plans - IT strategy, plans and
executives and objectives objectives
- Regulatory - Manage execution - Alignment with
compliance oversight - Performance metrics, business plans and
- Business operations controls and incentives objectives
and control oversight - Intellectual capital and - IT assets and
- Financial accounting management/succession resources
and reporting planning - Demand management
oversight - Manage innovation, - Value delivery and
- Risk management proactive change and execution
oversight continuous management
improvement - Risk, change and
performance
management
Major IT challenges must be dealt with as part of an IT planning and governance process.
- Total cost of ownership and IT value proposition
o ROI-based decisions for new investments based on IT-enables business changes,
reducing costs, competitive differentiation and keeping the lights on; do more with
less; re-invest savings
- SOX/other compliance
o Sustainable compliance model
- Architecture and applications
o Implement scalable, secure, open architecture and standardized solutions
- Security and privacy
o Impenetrable, scalable and cost-effective security and privacy polies, processes and
controls
- Asset optimization
o Optimal infrastructure and other asset utilization: physical assets, human capital,
strategic sourcing, cloud computing etc.
- On demand management and IT investment
o Manage on demand requests in a consistent manner and aligned with the business
- Business/competitive intelligence
, o Data strategy, business intelligence, data analytics and big data
- Talent development and management
o People development, training and certifications, talent acquisition, succession
planning
1.3 Definition, Purpose and Scope of IT Governance
IT governance formalizes and clarifies oversight, accountability and decision rights for a wide array of
IT strategy, integration, resource and control activities.
Purposes of IT governance
- Align IT investments and priorities more closely with the business strategy and risk appetite
- Manage, evaluate, prioritize, fund, measure and monitor requests for IT services and the
resulting work and deliverables, in a more consistent and repeatable manner that optimizes
returns to the business
- Responsible utilization of resources and assets
- Establish and clarify accountability and decision rights
- Ensure that IT delivers on its plans, budgets and commitments
- Manage major risks, threats, change and contingencies proactively
- Improve IT organizational performance, compliance, maturity, staff development and
outsourcing initiatives
- Improve the voice of the customers, demand management and overall customers and
constituent satisfaction and responsiveness
- Manage and think globally, but act locally
- Champion innovation and proactive change within the IT function and the business
Scope of IT governance
- IT principles: high level statements about how IT is used in the business and self-fund by re-
investing savings; invest in customer-facing and other revenue generating systems etc.
- IT architecture: organizing logic for data analytics, applications and infrastructure captured in
a set of policies, relationships, processes and standards to achieve desired objectives.
- SOA architecture: service-oriented architecture is a business-centric IT architectural
approach that supports the integration of the business as linked, repeatable business tasks.
- IT (enterprise) infrastructure: centrally coordinated, based on shared IT services that provide
the foundation for the enterprise’s IT cap ability and support, which may be insourced,
outsourced or both.
- Business application needs: specifying the business need for purchased or internally
developed IT applications.
- IT investment and prioritization: decisions about how much and where to invest in IT.
- People (human capital) development: decisions about how to develop and maintain global
IT leadership, management and technical skills and competencies.
- IT governance policies, processes, mechanisms, tools and metrics: decisions on composition
and roles of steering groups, advisory councils, technical and architecture working
committees, project teams; KPIs; chargeback alternatives etc. It is important to adopt
outcome-based approach to IT governance, this will ensure that an organization is
appropriately guided in its use of IT.
Effective IT governance is built on three critical pillars. If anyone of these pillars is missing or
ineffective, the IT governance initiative will not be effective or sustainable. In addition, over-
dependence on one dimension over the others will result in sub-optimal performance.
1. Leadership, organization and decision rights
, o Defines the organization structure, roles and responsibilities and
interface/integration touch points and champions for proactive change.
2. Flexible and scalable processes
o The IT governance model places heavy emphasis on the importance of process
transformation and improvement.
3. The use of enabling technology
o Leverage leading tools and technologies that support the major IT governance
components.
A number of negative impacts may result from poor IT governance. These include:
- Business losses and disruptions, damaged reputations and weakened competitive positions.
- Schedules not met, higher costs, poorer quality and unsatisfied customers.
- Core business processes are negatively impacted.
- Failure of IT to demonstrate its investment benefits or value propositions.
The simple fact is that a poorly executed IT operation will result in the business not working. In
addition, business and IT continuity and resumption plans have become critical.
1.4 Linking the CEO role to achieving business growth, improving profitability and creating an
effective governance and compliance environment
Critical success enablers includes superior leadership skills and motivated change agents, flexible and
scalable processes, pragmatic and realistic metrics, a clear governance policy and structure and the
use of enabling technologies.
1.5 Overview of the integrated IT governance framework, major components and prerequisites (figure
1.5)
Framework that identifies the major areas that must be addressed on the journey to a higher level of
IT governance maturity and effectiveness.
Business strategy, plan and - Strategic business plan - Plan document
objective (demand - Capital planning and - Financials
management) budgeting - Balanced scorecard
- Business performance - BCG, Porter etc.
management
- Organization structure
IT strategy, plan and objective - IT plan is aligned with - IT strategic/tactical
(demand management) business plan metrics
- IT portfolio - Portfolio management
investment, selection, model
funding - Engagement model
- Fund major initiatives - Business rules and
- IT performance authorization
managements
IT plan execution (execution - Program, project and - Access implications of
management) operating plans CoBit, Scrum, ISO etc.
- Policies, standards, - Infrastructure and
guidelines and operational integrity,
processes continuity and security
- Processes
- Financial, program,
project, application,
, maintenance and
operational
accountability
Performance management, - Manage and measure - Balanced scorecard &
risk management and plans, budgets, KPI
management controls programs, operations - Performance
(execution management) and risks management
- Define and track KPIs - Sarbanes-Oxley etc.
- Compare plans to - Management
actuals and take controls/COBIT
corrective actions
Vendor management and - Outsourcing and
outsourcing management vendor selection,
(execution management) tracking, measurement
- Business and IT
continuity, security etc
People development, - Human capital - Adopt current and
continuous process development emerging industry and
improvement and learning - Organizational, project government best
and operational practices and
maturity models and standards
standards - ISO, six sigma, lean etc.
- Management change - Career development,
and transformation succession planning
- Training and and certification
certification
The IT governance initiative must be decomposed into manageable and accountable work packages
and deliverables and assigned to owners for planning, development, execution and continuous
improvement. (figure 1.6)
Manage governance initiatives
o Establish a comprehensive initiative and annual calendar of key governance activities
- Manage planning
o Develop roadmaps
o Develop strategic and annual plan and budget
o Portfolio investment management
Ensure development of high quality strategic/operating plans and critical
success factors that are comprehensive and mutually consistent
- Manage execution
o Manage programs and projects
o Manage demand (service requests, service management and delivery)
Launch programs/projects as specified in roadmaps, and ensure they are
completed on time and on budget by managing demand from business users
- Manage performance
o Develop and measure key performance indicators (KPI)
Discretionary -> could do
Mandatory (keep lights on) -> must do
Define KPIs for each function, establish targets and monitor
performance using balanced scorecards
Manage value creation: manage business initiatives and operations
