Shrikant Patil – Senior Advisory Consultant, Strategy & Change
09 January 2009
Applying IT Governance to Enterprise
Initiatives : ISACA Bangalore
© 2009 IBM Corporation
ISACA Bangalore : Applying IT Governance to Enterprise Initiatives
Learning Objectives
 Understand Basic IT Governance Concepts
 Review Relevant Organizational Constructs and Best Practice Frameworks
 Discuss Critical Role of IT Governance in Enterprise Initiatives
2
© 2009 IBM Corporation
Agenda
IT Governance Concepts
IT Organization Design Principles
Applying IT Governance
Case Studies
Q&A
3
© 2009 IBM Corporation
Governance Definition

“Governance is process of decision making in the exercise of authority for direction
and control”
- G.E.P. Shailer

Implies that
–
–
–
–
4
Board knows the strategic direction of the company
Board is responsible for relevant actions and decisions
Board holds ultimate authority over the affairs of the organization
Board is should include oversight and control as part of governance
© 2009 IBM Corporation
Components of Enterprise Governance
Doing the right
way ?
5
Doing the right
things ?
© 2009 IBM Corporation
IT Governance Definitions

It is an integral part of enterprise governance and consists of the leadership and
organisational structures and processes that ensure that the organisation’s IT sustains
and extends the organisation’s strategies and objectives.

IT governance is the responsibility of the board of directors and executive management

Relationship Mechanisms (within business units) play catalytic role in implementation of
Governance
The distribution of IT decision-making rights and responsibilities among enterprise
stakeholders, and the procedures and mechanisms for making and monitoring
strategic decisions regarding IT
— Source: Luftman and Brier, 1999; Sambamurthy and Zmud, 2000; Weill,
2004 CISR MIT Sloan
Source : IT Governance Institute
6
© 2009 IBM Corporation
What needs to be addressed within IT Governance?
According to COBIT there are five IT governance focus areas that executive management
needs to address to govern IT within their enterprises:
 Strategic alignment
 Value delivery
 Resource management
 Performance measurement
gic nt
e
t
ra me
t
S i gn
Al
V
De alue
l iv
er
y
ance t
orm
n
Perf ureme
s
Mea
IT
Governance
Domains
Resource
Management
R
Man isk
agem
ent
 Risk management
Source : IT Governance Institute
7
© 2009 IBM Corporation
IT Governance is embedded within Enterprise Governance
 Internal Environment
– Value Statements : Core beliefs and philosophies that shape the organization’s vision
and mission
– Guiding Principles : Durable statements that encapsulates the role IT will play and how
decisions will be driven in both business and IT organizations
 Entrustment Framework
– Accountability / authority framework across the organisation
– Designated decision authorities : individuals or bodies
– Organization constructs & functional interrelationships
 Decision Model & Framework
– Clear (transparent) assignment of decisions rights
– Sequence of actions and decision path in decision processes
Source: Many faces of IT Governance by Nick Robinson CISA, ISACA Journal Volume 1 2007
8
© 2009 IBM Corporation
3 Key Questions for IT Governance
1. What decisions must be made ?
2. Who should take these decisions ?
3. How these decisions are made and monitored ?
9
© 2009 IBM Corporation
MIT CISR Arrangement Matrix
 The Governance Arrangements Matrix is used to describe, analyze and communicate an organization’s
IT governance
 The framework uses a set of political governance archetypes for five principle decision domains
 The matrix also identifies the set of mechanisms used to implement the governance arrangements (eg.
committees, approval processes, relationships and organizational structures)
Five Key IT Decisions
IT Governance Archetypes
IT Principles
High level statements about how IT is used
in the business
Business
Monarchy
“C” level executives as a group or
individuals
IT Infrastructure
Strategies
Strategies for the base foundation of
budgeted-for-IT capability (both technical
and human), shared throughout the firm as
reliable services and centrally coordinated
IT Monarchy
Individuals or groups of IT executives.
Feudal
Business unit leaders, Key Process
owners, or their delegates
IT Architecture
An integrated set of technical choices to
guide the organization in satisfying business
needs
IT Duopoly
IT executives and one other group
Federal
Business
Application Needs
Business applications to be acquired or
built.
Shared by “C” level executives and one
other business group
IT Investment and
Prioritization
Decisions about how much and where to
invest to IT including project approvals and
justification techniques
Anarchy
Each individual user
Source: MIT CISR
10
© 2009 IBM Corporation
Governance and Alignment…”Six IT Decisions Your IT People Shouldn’t
Make,” HBR – Ross and Weill
1. How much should we spend on IT?
2. Which business processes should receive IT dollars?
3. Which IT capabilities need to be companywide?
4. How good do our IT services really need to be?
5. What security and privacy risks will we accept?
6. Whom do we blame if an IT initiative fails?
11
© 2009 IBM Corporation
For each organization type there are different possible IT decision
making mechanisms („archetypes“).
Local IT
Federal IT
Central IT
IT
Management
IT
Management
Management
...
Business
Line A
...
Business
Line B
IT
Business
Line C
...
..
IT
Business
Line D
Business
Line A
...
...
IT
Business
Line B
IT
IT
Business
Line C
...
..
IT
...
Business
Line D
Business
Line A
...
...
IT
Business
Line B
Business
Line C
Business
Line D
...
..
...
IT
Different archetypes of
IT decision rights*
Federal IT
Federal IT
Federal IT
IT
Management
...
Business
Line B
IT
Business
Line C
...
..
IT
IT
Management
IT
IT
Business Monarchy
Business executives
make IT decisions.
Business
Line A
...
...
Management
...
Business
Line D
Business
Line B
IT
Business
Line C
...
..
IT
IT
Management
...
Business
Line A
Federal IT
IT
Business
Line D
Business
Line A
...
...
IT
...
IT
IT makes IT decisions.
Business
Line C
...
..
IT
IT Monarchy
Business
Line B
IT
Business
Line D
Business
Line A
...
...
IT
...
IT
Federal
Coordinated decision making
including all business units. IT
may be involved.
Business
Line B
...
..
IT
Business
Line C
IT
Business
Line D
...
IT
IT
IT Duopoly
Bilateral agreements between
IT and business units.
Source: IT Governance, P. Weill, Jeanne W. Ross, Harvard Business School Press, 2004
12
© 2009 IBM Corporation
Allocation of IT Decision Making Authority across Business & IT Functions
Source: Weill & Boradbent 1998
13
© 2009 IBM Corporation
In most organizations the decision rights are implemented differently,
depending on the different IT domains.
Local IT
Federal IT
Central IT
IT
Management
IT
Management
Management
...
Business
Line A
...
Business
Line B
...
..
IT
Business
Line C
IT
Business
Line D
Business
Line A
...
...
IT
Federal IT
Business
Line B
...
..
IT
IT
Business
Line C
IT
Business
Line B
IT
Business
Line C
...
..
...
IT
Federal IT
Federal IT
IT
Business
Line A
...
IT
Business
Line D
IT
Business
Line B
Business
Line C
...
..
IT
IT
IT
Management
Management
...
Business
Line D
...
IT
Business Monarchy
Often, each IT domain has its
own mechanisms to make
decisions
Business
Line C
Management
...
..
IT
...
Business
Line B
Federal IT
...
Business
Line A
Business
Line A
...
IT
IT
Management
...
...
Business
Line D
Business
Line D
Business
Line A
...
...
IT
...
IT
Business
Line B
IT Monarchy
Business
Line C
...
..
IT
IT
Business
Line D
Federal
Business
Line A
...
...
IT
...
IT
Business
Line B
Business
Line C
...
..
IT
IT
Business
Line D
...
IT
IT
IT duopoly
IT Domains
Good
Practice1
IT Strategy
Federal
Application architecture
IT Monarchy
System architecture
IT Monarchy
Specialized architecture
Federal
IT investments
Federal
IT risk management
Business
Monarchy
Source: based on MIT Sloan, Center for Information Systems Research (CISR)
14
© 2009 IBM Corporation
IT Governance Models
Source: Peterson 2000
15
© 2009 IBM Corporation
Summary : To set direction and make it stick across the organization
IT governance is the responsibility of the board of directors
and executive management. It is an integral part of
enterprise governance and consists of the leadership and
organizational structures and processes that ensure that the
organization’s IT sustains and extends the organization’s
strategies and objectives.
— Source: The IT Governance Institute
Term used to describe how those persons entrusted with
governance of an entity will consider IT in their supervision,
monitoring, control and direction. How IT is applied within
the entity will have an immense impact on whether the entity
will attain its vision, mission or strategic goals
— Source: Prof. Robert S. Roussey, University of
Southern California
A structure of relationships and processes to direct and
control the enterprise in order to achieve the enterprise’s
goals by adding value while balancing risk versus return
over IT and its processes.
— Source: Cobit Executive Summary
16
© 2009 IBM Corporation
IT Governance Drivers
IT Principles & Policies
Accountability Framework
Processes & Decision Models
• Organizational structures & functional interrelationships
• Individuals or bodies .e.g. committees, boards, empowered to make IT
decisions
• Sequence of activities and decision paths
• In line with the number and type of decision
Strategic Alignment, Risk
and Resource Management
• Demand mgmt : ensure alignment / manage portfolio and investments
• Supply management : provisioning and supply of products and
services
Performance Management
• Outcome focused – Is IT Function meeting the objectives?
• Process focused – Are the IT processes operating effectively
Value Management
17
• Guiding Principles
• Standards and procedures
• Delivery of business value from IT investments
© 2009 IBM Corporation
Program Management Office (PMO) types

Temporary PMO
– For achieving specific business
benefits
– Decision of formation of PMO is
taken based on size of the
program (most economical for min
30 associates)
– Largely Administrative
– PMO disbanded post program
retirement
– E.g. ERP Rollout Program Office
18

Permanent PMO
– For continuous organizational
improvement
– Decision is based on the criticality
of the objectives
– Establishes the best practice
framework and rolls out across
the organization
– E.g. Corporate Program Office,
Chairman’s Program Office, Office
of the CIO (OCIO)
© 2009 IBM Corporation
The Office of the CIO (OCIO)
 OCIO is Permanent type of PMO
 5 % of 2000 CIOs participating in Gartner’s Executive Program (EXP) have OCIO
 OCIO acts as the mouth piece of centralized IT
 Provides transparency of IT to business
 Extremely important step towards Business – IT Alignment
 Mostly popular in Governments & large distributed organizations
 The US Departments of Commerce and Agricultural leverage the OCIO
– Standardization of IT roles and responsibility execution
– Processes application development to help desk support are developed and standardized
– This consistency supports stronger and more accurate reporting
Strategy planning, lessons learned and financial IT performance are formally reviewed
quarterly which is facilitated by the office of the CIO
— Zack Hicks, corporate manager at Toyota's office of the CIO
Torrance, California
19
© 2009 IBM Corporation
PMO Within OCIO
20
© 2009 IBM Corporation
COBIT Framework - Activities and Responsibilities
C
C
I
C
R
C
C
C
R
C
C
C
C
C
C
C
R
C
C
C
C
I
R
C
CA
RS
He
ad
A/R R
R A/R
C
R
A
I
A
Bu
sin
es
I
C
C
I
I
CIO
C
C
A
C
C
Bu
sin
es
sE
xec
Link business goals to IT goals
Identify critical dependencies and current performance
Build IT strategic plan
Build IT tactical plans
Analyze and manage project and service portfolios
CFO
Key Activities
CEO
RACI Chart
1
2
3
4
5
sS
rM
ngm
t
Op
era
tio
ns
Chi
ef A
rch
ite
ct
He
ad
De
vel
opm
He
ent
ad
IT
Ad
min
PM
O
PO1
C
C
I
I
CEO
CARS
CFO
Business
Executive
Business
Sr Management
CIO
Head of
Operations
Chief
Architect or CTO
Head of
Development
Head of
IT Admin
HR, Fin, etc
PMO
CARS: Compliance, audit, risk and security (groups with control responsibilities who do not have operational IT responsibilities)
Source : ISACA, COBIT
21
© 2009 IBM Corporation
VAL IT Recommended Organization Chart
Source : ISACA, Val IT Framework
22
© 2009 IBM Corporation
Role Definitions for VAL IT
Source : ISACA, Val IT Framework
23
© 2009 IBM Corporation
VAL IT Framework RACI
Source : ISACA, Val IT Framework
24
© 2009 IBM Corporation
Governance of Outsourcing
Ref : Capgemini Outsourcing Report
25
© 2009 IBM Corporation
Client-Vendor Engagement : Governance of Outsourcing
Ref : Gartner
26
© 2009 IBM Corporation
Why focus on IT Governance?
“Top performing enterprises generate returns on their IT investments up to 40
percent greater than their competitors.”
 they clarify business strategies and the role of IT in achieving them
 they measure and manage the amount spent and value received
 they assign accountability for changes and decisions required to benefit from IT
capabilities
 they become adept at sharing and reusing IT assets
- IT Governance, Peter Weill & Jeanne W. Ross, HBS Press
“Firms with above average IT governance combined with a specific business
strategy (eg. customer intimacy) had >20% higher profits than firms pursuing the
same strategy”
Source: 2005 MIT SeeIT/CISR survey (625 firms); Peter Weill & Stephanie Woerner
Investors have acknowledged their awareness of importance of governance,
demonstrating a willingness to pay premium of up to 20 percent on shares of
enterprises known to have a governance framework in place
- McKinsey Report 2000
27
© 2009 IBM Corporation
Applying IT Governance to Enterprise Initiatives
 Strategy Operationalization
 IT Enabled Enterprise Transformation Program
 Underlying Organizational Change Management
 Portfolio / Investment Management
 Framework Implementations e.g. COBIT, ITIL (IT Control Establishments)
 Collaborative Innovation
28
© 2009 IBM Corporation
Enterprise Initiatives Classification
Source : W. “RP” Raghupathi August 2007/Vol. 50, No. 8 COMMUNICATIONS OF THE ACM
29
© 2009 IBM Corporation
Enterprise Initiatives Landscape
• Portfolio / Investment Management : Stage 1
• Framework Implementations e.g. COBIT, ITIL
(IT Control Establishments) : Stage 1 & 2
• Collaborative Innovation : All Stages
• Audits & Assessments : All Stages
• Strategy Operationalization : Stage 1 & 2
• IT Enabled Enterprise Transformation
Program : All Stages
• Underlying Organizational Change
Management : All Stages
Source : W. “RP” Raghupathi August 2007/Vol. 50, No. 8 COMMUNICATIONS OF THE ACM
30
© 2009 IBM Corporation
IT Governance for Enterprise Transformation Programs
31
© 2009 IBM Corporation
Case Study 1 : Manufacturing - Europe
Problem Statement

Global organization with revenue of US$
9 BN

First time in the life span started multi
million dollar ERP program and did not
succeed in 3 previous attempts

Integrations within applications growing
out of hand

Program Office not established

Low awareness and practice of Project
Management Methodology

Business frustrated due to consistent
failures and not supportive of the
initiative

32
Solution Provided

a) Creation of program office b)
Program Sponsor to undertake the
OCM c) Revalidation of vendor
commitment and customized framework
for vendor and application evaluation

Operationalization plan of IT strategy
objectives related to program

Mentoring the Program Manager

Creation / implementation of BusinessIT alignment initiatives

Establishment of core processes such
as risk and quality at the program level

Definition of process maturity framework
Processes adequate for managing small
project but not sustainable for large
programs
© 2009 IBM Corporation
Case Study 2 : How Org Context Affects the IT Governance
Source: Carol V Brown Graduate Business School Indiana University
33
© 2009 IBM Corporation
How Leading firms behave differently

Greater top mgmt commitment to IT

More integrated business and IT planning

Less political turbulence

Higher user satisfaction with IT

More experience managing IT
34
© 2009 IBM Corporation
Thank you
Contact
Shrikant Patil
Senior Advisory Consultant, IBM India
shrikpat@in.ibm.com
9620201083
35
© 2009 IBM Corporation