ForrTel:IT Governance ModelsGene Leganza
Vice President
Forrester Research
March 15, 2004. Call in at 12:55 pm Eastern Time
Theme
Governance is a top-down process for imposing the will of
the enterprise as a whole on the actions of individuals. It acts on what people do and how they
do them.
Agenda
• IT governance defined
• Areas in need of governance
• Types of IT governance
• The role of metrics in governance
• Best practices
• Common mistakes
Definition
► IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.
Source: Board Briefing on IT Governance, IT Governance Institute
The CEO’s perspective
Is our IT:
» Likely to achieve its objectives?
» Resilient enough to learn and adapt?
» Judiciously managing the risks it faces?
» Appropriately recognizing opportunities and acting upon them?
Adapted from Board Briefing on IT Governance, IT Governance Institute
The CEO’s perspective (cont.)
IT Governance is about:
» Aligning IT strategy with the business strategy
» Providing structures and processes that facilitate the implementation of strategy and goals
» Implementing an IT control framework
» Measuring IT’s performance
Adapted from Board Briefing on IT Governance, IT Governance Institute
Federated decision-making
Source: AstraZeneca
Core assets
Enterprise-Wide Requirements and Resources
Common assets for some BUs
BU Assets
BU 1
BU 2
BU 3BU 4
BU 5
BU 6
BU Assets BU
AssetsBU Assets
BU Assets
BU Assets
Striking a Balance Between Centralized & Decentralized
IT areas in need of governance
• Capital planning and investment control
• Strategic plan implementation
• Project selection
• Portfolio management
• Budget control
• Enterprise architecture
IT areas in need of governance (cont.)
• Service level management
• Vendor management
• Policies, processes, procedures & methodologies
» SDLC
» Project management methodology
» Security
» Change management
» Sarbanes-Oxley
» Etc.
Areas within enterprise architecture
• Approval of architecture
» Business architecture
» Application architecture
» Information / data architecture
» Technical architecture
• Application of standards and guidelines
• Technology road map
» Research
» Introduction of emerging technology
» Retirement of obsolete technology
Types of governance
• Steering committee
» Project selection
» Portfolio management
» EA approval
• Program office
» Strategic plan implementation
» EA: Overall and its components
» Other major transformations
Types of governance (cont.)
• Review boards
» EA adherence
» SDLC design reviews
• Audit
» SDLC compliance
» Project management process compliance
» Security
» Change management
» Other standard processes
Types of governance (cont.)
• Standard management review
» SLAs
» Vendor management
» Strategic plan implementation
» Special projects (program offices)
• Consulting
» EA design and technology selection
» Project management
Common to all of the above: metrics & reporting
The role of metrics
Metrics
ReportingAreas
Needing Improvement
Planning
Execution
Best practices
• Direct linkage to business goals
• Clear process owners
• Clearly defined processes
• Clearly communicated processes
• Systematic, consistent reporting
» Dashboard or other graphic
» Summary level with detail backup
• Systematic status review
» Run by process owner
• Continuous process improvement
Common mistakes
• Inconsistent processes, ad-hoc environment
• Vague ownership
• Crisis needed to trigger attention
• Process paralysis: impractical processes
» Lack of clear criteria for inclusion
• Lack of comprehensive governance plan
• Lack of communication
Summary
• Governance is the responsibility of management.
• It controls adherence to business strategy by controlling what is done.
• It controls quality by controlling how things are done.
• Formal structures and processes are required to implement governance.
• Metrics are key to reporting & process improvement.
Gene Leganza
www.forrester.com
Thank you
Entire contents © 2004 Forrester Research, Inc. All rights reserved.
Aligning IT with business strategy remains key to your organization’s survival and success. The business economy is recovering, but new issues, new challenges, and new choices emerge every day.
How do you keep up with changes and advances in technology? Are you under pressure to deliver more value, more profit? Are you faced with increased expectations and decreased funding? How do you get and stay on track? And where do you start?
Find out by attending GigaWorld IT Forum 2004.Register TODAY: Call +1 888/343-6786 or visit www.forresterevents.com/gigaworld2004
Now in its eighth year, the GigaWorld IT Forum has set the standard in delivering hard-hitting, relevant research and peer-to-peer networking opportunities. A widely focused Event, GigaWorld’s agenda spans the course of four days, features more than 100 sessions, and covers all of the major issues at the forefront of technology today.