IT Governance: The Ultimate IT Weapon

Shashank Mane

Patni White Paper

Japan Tel: +44 20 8538 0120 Tel: +81-3-5549-2200 Fax: +44 20 8538 0276 Fax: +81-3-5549-2261 . translated.COPYRIGHT Copyright © Patni Computer Systems Ltd. or the results of the use. All other brand and product names are trademarks of their respective companies. UK. This document is provided "as is" without warranty of any kind including without limitation. of the written material in terms of correctness. be copied photocopied. 50 Salisbury Road 4F. Minato-ku. Further. Mumbai 400 093 Tel: +91 22 5693 0205 Fax: +91 22 5693 0211 North America One Broadway Cambridge MA 02142 Tel: +1 617-914-8000 Fax: +1 617-914-8200 UK & Europe Japan Vistacentre. Hounslow. TW4 6JQ 2-14-8. from Patni Computer Systems Ltd. September 2005 Restricted Rights This document may not. Patni does not warrant. any warranty of merchantability or fitness for a particular purpose. or make any representations regarding the use. Yamaguchikensetsu No. in writing. guarantee. or otherwise. accuracy.21 Andheri (E). Akasaka. All Rights Reserved. Tokyo 107-0052. reproduced. MIDC Cross Road No. or reduced to any electronic medium or machine readable form without prior consent.1 Building. Information in this document is subject to change without notice and does not represent a commitment on the part of Patni. in whole or in part. Middlesex. reliability. Patni Computer Systems Limited India Akruti.

............................................... All rights reserved........................12 About the Author .2 What is IT Governance? ...9 Proven Frameworks .............................................................................................................. 4 [II] See Where You Are....................................................................................................... 9 Typical Challenges ..................................................................................................................................................................................................................................................... 8 [IV] Identify the Right Implementation Spot ............................................Table of Contents Background ...................................................................................................................................................................................................................................13 Copyright © Patni Computer Systems Ltd................................................................................................................................................................................................ 8 [III] Define Roles and Responsibilities for Your IT Governance Framework ................................................................................................................................................................................................................................................................................... 9 [V] Build a Continuous Improvement Plan.................................................................................................. 2005...................................................................12 References.................................................................................................................... 1 ...................................................................................13 About Patni...................2 Where to Start? ..............................................10 Conclusion ......12 Patni’s IT Governance Practice..........................3 [I] Understand the Scope of IT Governance ....................................

All rights reserved 2 . Copyright © Patni Computer Systems Ltd. organizations having good governance strategies in place are valued highly by shareholders and have good market capitalization. But even as IT is evolving to meet demands of enterprises. In a regulated environment. This paper highlights the best practices for implementing an effective IT Governance strategy and describes how IT Governance tools can help organizations streamline their IT strategy and execution with business goals. shareholders have become more demanding and are paying more attention to governance and compliance strategies of an enterprise. Not surprisingly. effective control and management of these systems has become essential – hence the current focus on IT Governance. The overall objective of IT Governance. It enables enterprises to match their expectations with reality. IT Governance is a crucial weapon that every organization’s IT force should be armed with to meet these increasing demands. and processes that ensure that the IT strategy sustains and extends the organization’s strategies and objectives. It has also become important for enterprises to show good results and strong governance not only from the overall business perspective but from the IT perspective as well. IT has become an integral part of business and must be treated like a ‘business within a business’. WHAT IS IT GOVERNANCE? IT Governance in simple terms can be said to be a method for CIOs to manage IT strategy and execution by enabling a consolidated view of key governance functions such as project management. Effective IT Governance ensures that expectations for IT are met and IT risks are mitigated. It is an integral part of enterprise governance and comprises the leadership. 2005.BACKGROUND Alignment of IT with business goals with control over IT costs has always been a top priority for CIOs. It helps organizations in repeating the success and eliminating the failure. good governance is crucial to drive more business value with less cost and maintain high service levels. Today. organizational structures. so that the enterprise can sustain its operations and implement the strategies required to extend its activities into the future. Organizations are required to provide an assurance to the accuracy and integrity of both financial reports and core business processes. therefore.. risk management and performance management. is to understand the issues and the strategic importance of IT. but to ensure that the policy or plan works as planned. Today. new governance and compliance requirements are impacting enterprises. resource management. and resources are used responsibly. With the vast majority of this information residing in IT systems. demand management. The goal of IT governance is hence not just to formulate a plan.

let us look at how organizations can start adopting IT Governance as a strategy. applications. The following are the recommended steps that organizations should go through while planning an IT Governance strategy: § § § § § Understand the scope of IT Governance See where you are Define roles and responsibilities for your IT Governance framework Identify the right implementation spot Build a continuous improvement plan. infrastructure and information Risk Management which provides transparency about the significant risks to the enterprise and embeds risk management responsibilities into the organization Performance Measurement which tracks and monitors all other four domains and provides necessary scorecards for their effective management. All rights reserved 3 . and the proper management of critical IT resources namely processes.. Copyright © Patni Computer Systems Ltd. § § The benefits of IT Governance can be summarized as: § § § § § § § § § Alignment of IT with business needs Transparency and better comprehension of IT activities and performance Clearer understanding of objectives and expectations Clearer visibility of issues and priorities Joint responsibility for planning and executing IS/IT in the business Improved value delivery (operational and project) Optimized costs Management of IT related risks Improved quality of service. WHERE TO START? Having understood the benefits of IT Governance. IT plans and operations Value Delivery which focuses on executing the value proposition and ensuring that IT delivers the promised benefits against the strategy Resource Management which ensures optimal investments.According to the IT Governance Institute. people. the key domains of effective and practical IT governance are: § § § Strategic Alignment which focuses on ensuring the linkage of business. 2005.

2005. There are three main drivers that drive these outcomes: § § § Strategic Alignment Resource Management Performance Measurement. it is extremely important for enterprises to be extremely selective in IT investments.Strategic alignment of IT with the business Mitigation of IT risks – Embedding accountability into the enterprise. All rights reserved 4 . Figure 1: IT Governance Model Organizations should pay close attention to these five key domains to get the maximum benefits from an IT Governance implementations. monitored and measured continuously. IT Governance focuses on these two outcomes and their growth drivers. the organization must evaluate vendors and solutions to find the right combination. However.. These are considered as outcomes of IT Governance. Every investment needs to be scrutinized. (i) Strategic Alignment With enterprises being heavily dependent on IT to meet their core business. Copyright © Patni Computer Systems Ltd. The following listing proves an insight into each of these five domains and also gives an idea of how different IT Governance tools in the market can help manage each one of these domains.[I] UNDERSTAND THE SCOPE OF IT GOVERNANCE IT governance addresses two main things: § § IT’s value delivery to the business . to achieve these benefits.

program management and provide early warnings as soon as exceptions.This is the heart of an IT Governance implementation. For instance. They should help you to spend less time in data collection and more in data analysis. IT should enable organizations to grow by delivering the expected business value. problems or opportunities are identified and should allow drilldown to find out the root cause of the issue. All rights reserved 5 . Project Portfolio Management tools play a critical role in ensuring that IT investments are aligned to business needs. programs using Earned Value Analysis (EVA). 2005. “Everything that you do must contribute to the business objectives set by your organization”. forecasting and analysis are some of the key features that organizations should look for while selecting the tool. These tools allow organizations to make sure that their IT investments: ♦ ♦ ♦ Fit strategically Support business functional requirements Help in identifying opportunities for process improvement or synergies across the business Enable the marriage of underlying technology with the enterprise infrastructure Use existing resources and skills to maximize the chances of success Generate attractive returns. make sure to check if the tool supports the Project Management framework designed by the Project Copyright © Patni Computer Systems Ltd. These tools must help organizations understand whether they are on the right path. Senior management will be more interested in knowing the revenue growth that new IT systems have brought in or the percentage by which new IT systems are helping the business in achieving the business objectives set by an organization. Portfolio management provides a toolset to monitor new projects that are under development and assets that are generating returns on your previous investments. While selecting the tool. IT Governance tools should support project. organizations have to look at the ability of these tools to retrieve financial data from existing systems and populate the budgeting information automatically when existing financial systems are updated. These tools must also help organizations evaluate and improve their methods of delivering value. budgeting. financial planning. Further.. ♦ ♦ ♦ IT Governance tools should also enable organizations to build what-if scenarios to verify investments based on these parameters. The interpretation of value delivery differs from people to people. As organizations move up the value chain. Almost all the tools will help you manage your projects. Strategic management. individual business units may measure this in terms of cost involved in building a new application or time involved in implementing a solution. the value measurement becomes more and more challenging. (ii) Value Delivery Value is delivered when critical projects are successfully completed on-time and within-budget.

What is a risk? Everything and anything that threatens your aim of meeting your business objective is a risk..Share risk with partners or seek insurance coverage Accept . because even if no immediate action is taken. Depending upon the type of risk and its significance to the business. IT Governance tools allow organizations to take care of such risks by letting them define the risk during the execution and attaching them to projects. However. enterprises should identify their appetite for risk management. facilities or data. enterprises should have clear-cut strategies to manage risks before these risks get transformed into issues. acquire and deploy security technology to protect the IT infrastructure) Transfer .Implement controls (e.g. risk should at least be analyzed. the most damaging IT risks are those that are not well understood. technology. (iv) Resource Management One of the key elements behind maximizing the business value of IT is to use the resources responsibly. It should also have a concrete escalation process to highlight critical risks. The senior management needs to address appropriate investments in infrastructure and capabilities by ensuring that: ♦ The responsibilities with respect to IT systems and services procurement are understood and applied Appropriate methods and adequate skills exist to manage and support IT projects and systems 6 ♦ Copyright © Patni Computer Systems Ltd. the management may choose to: ♦ Mitigate . Often.Management Institute.Formally acknowledge that the risk exists and monitor it. (iii) Risk Management Risk Management plays a very critical role in IT investments especially with respect to the security. This framework supports an exhaustive set of processes that can be used as best-practices while doing Project Management. whether they follow risk-taking or riskavoidance policies. All the risks are completely exposed before making a decision to implement any new idea or a proposal. Project dashboards take into account the risks attached to different projects and determine the health of the project accordingly.. 2005. the awareness of risk will influence strategic decisions for the better. Some risks appear during the execution of the project. A risk management process should go through appropriate levels of management for making the right decision. These factors are then used to build what-if scenarios to compare new initiatives. How do you deal with risks? To answer this question. reliability and compliance areas. ♦ ♦ At the minimum. IT Governance tools allow to attach risks or risk-value factors to new IT initiatives. applications. All rights reserved . Risk management strategies must be embedded in the operation of the enterprise. Once the risks are defined. Resources could be people. it is important to understand that not all risks can be defined before starting a new project.

Performance measurement is focused on the following perspectives: ♦ ♦ ♦ ♦ ♦ Process Performance Financial Performance Organization Health Customer Learning. All rights reserved 7 . Bad project or cost health should enable drill downs to point to the root cause of bad health. processes and outcomes of IT Governance. These are: ♦ ♦ ♦ ♦ Cost effective use of IT Effective use of IT for asset utilization Effective use of IT for growth Effective use of IT for business flexibility. and issues against it. These scorecards provide visibility into project health. Copyright © Patni Computer Systems Ltd. (v) Performance Measurement Performance measurement is a cumulative measure of available resources. break downs. 2005. training and development needs are fully identified and addressed for all staff Appropriate facilities are provided and time is available for staff to develop the skills they need. number of incidents. cost health and risks. ♦ ♦ Most IT Governance tools address human resource management needs effectively. Performance Measurement measures the effectiveness of IT Governance in delivering four key objectives weighed by their importance to the enterprise. Some of the most important ones that organizations should look out for are project.. Bifurcation of spending of strategic initiatives against tactical initiatives. In other words.♦ Improved workforce planning and investments are made to ensure recruitment and retention of skilled IT staff IT education. service level monitoring and preparedness for meeting the future demands are some of the important scorecards that IT Governance tools should be equipped with. Most IT Governance tools provide an exhaustive set of balanced scorecards for performance measurement. program and portfolio scorecards. They provide facilities to: ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ Create skill sets Define a resource rate and a skill rate Attach skill sets to resources Create resource pools of available resources Create staffing profiles for future demands View resource utilization charts Perform resource comparison between different projects and programs Perform extensive searches for selecting the right resource.

Efforts should also be made to establish committees (E. IT Architecture Review Board) and define their responsibilities for every key IT Governance domain.G. Organizations have to assign accountability to all participants of the group responsible for IT Governance implementation. All rights reserved 8 . Copyright © Patni Computer Systems Ltd. Technology Council. Some questions recommended by the IT Governance Institute include: § § § § § § How critical is IT for sustaining the enterprise? How critical is IT for growing the enterprise? How far should the enterprise go in risk mitigation and is the cost justified by the benefit? Is IT a regular item on the agenda of the board and is it addressed in a structured manner? Is the board regularly briefed on IT risks to which the enterprise is exposed? Does the board articulate and communicate the business objectives for IT alignment? Does the board have a clear view on the major IT investments from a risk and return perspective? Does the board obtain regular progress reports on major IT projects? Is the board getting independent assurance on the achievement of IT objectives and the containment of IT risks? Is the reporting level of the most senior IT manager commensurate with the importance of IT? § § [III] DEFINE ROLES AND RESPONSIBILITIES FOR YOUR IT GOVERNANCE FRAMEWORK Define roles and responsibilities for each of the five IT Governance domains. organizations need to check their level of readiness by seeking answers to relevant questions. Steering Committee. [II] SEE W HERE YOU ARE To gauge the effectiveness of an organization’s IT Governance strategy in addressing real problems. 2005..Some of the benefits of performance measurement are: ♦ ♦ ♦ ♦ Identifying problems before they arise Communicating the value Integrating compliance and risk initiatives Establishing effective alliances and partnerships.

For example. These results should be compared with the desired results to find out the performance. Hence. Organizations need people at all levels who ensure that reliability standards are mandatory and enforceable. This will lessen the burden to manage the same data in two different systems and cut down on additional maintenance activities. Any delta in the desired and actual results should drive changes in IT Governance implementation. enterprises must continuously assess the effectiveness of IT Governance in delivering value to the business. IT Governance implementation should be considered as a closed loop. The performance measures coming out of an IT Governance system are more evident to the senior management. Before considering IT Governance tools. or. the business provides the direction that results in IT initiatives. Organizations will find it difficult to implement a strategic plan when the employees responsible for executing the day-to-day support activities are unaware of it.. a CIO must understand that IT Governance cannot be done in isolation. Equally important is the involvement of every employee. choose a tool that has the ability to load the organizational hierarchy data from the existing source. People driving this Copyright © Patni Computer Systems Ltd. The chances of failure increase when the gap between promises made by the organization and the results delivered by them increases.While selecting the IT Governance tool. the involvement of the top management is crucial in ensuring the success of IT Governance. People aren’t doing the things they’re supposed to do to implement a plan. Leaders who fall victim to these gaps have frequently mentioned that the problem lies with accountability. TYPICAL CHALLENGES One of the typical challenges seen in an IT Governance implementation is convincing people to use the system of accountability. with penalties for non-compliance. This decision should be based on identifying projects which promise the most potential benefits. and have a strong focus on important IT processes and core competencies. [IV] IDENTIFY THE RIGHT IMPLEMENTATION SPOT Decide the highest priority projects that will help improve the management and governance of significant areas. it will be difficult for people at the operational level to visualize the direction or the objectives that the higher management wants to achieve. activities that should generate the desired results to meet the business expectations. This is because IT Governance links together people. [V] BUILD A CONTINUOUS IMPROVEMENT PLAN In order to build a continuous improvement plan. are easy to implement. Unless this vision is shared. It is very important to make people at all levels realize the importance of IT Governance. 2005. All rights reserved 9 . strategy and operations.

The next big question one will have is how to do it? IT Infrastructure Library (ITIL) is the answer to this question. organizations can adopt proven frameworks. 2005. All rights reserved 10 . senior business management and senior IT management. and defines an internal control framework for all of them.. not how it needs to do it. PROVEN FRAMEWORKS To ensure an effective IT Governance strategy. processes should demand necessary actions rather than letting system users think or decide on the actions to take. One understated factor for ensuring the success of IT Governance is the use of processes that are simple to execute and understand. Figure 2: CobiT framework Once CobiT is understood. Copyright © Patni Computer Systems Ltd. meet quality. fiduciary and security needs. One good way to start effortlessly is through understanding of frameworks such as CobiT (Control Objectives for Information and Related Technology). CobiT's purpose is to ensure IT resources are aligned with an enterprise's business objectives so that services and information. links 318 tasks and activities to them. one will exactly know what to do with one’s IT Governance implementation. CobiT focuses on what an enterprise needs to do. This framework addresses the needs of auditors. It is also intended to provide a mechanism to balance IT risks and returns. when delivered. CobiT defines 34 significant processes. Ideally.initiative should have a clear vision of keeping different things blended nicely under one umbrella.

It focuses on the method. rather than defining a broad-based control framework. its primary target audience is IT and service management. control and best-practice framework in IT service management. 2005. ITIL has a much narrower scope than CobiT because of its focus on IT service management.. but it defines a more comprehensive set of processes within that narrower field of service delivery and support. All rights reserved 11 . ITIL is more-prescriptive about the tasks involved in those processes and. Enterprises that want to put their ITIL program into the context of a wider control and governance framework should use CobiT.ITIL is based on defining best-practice processes for IT service delivery and support. as such. Figure 4: Combined Framework Copyright © Patni Computer Systems Ltd. Figure 3: ITIL Framework CobiT and ITIL are not mutually exclusive and can be combined (as depicted in Figure 4) to provide a powerful IT Governance.

isaca. To summarize. 2005. Patni’s CoE framework is well supported by a comprehensive knowledge base in the different areas of IT Governance product suites of leading vendors. However. we have devised a unique IT Governance model. IT Governance must be considered as a core element of an organization’s culture as it can ensure strategic alignment. 2nd Edition http://www. Our numerous customer engagements. no organization can execute strategies consistently without having their people to follow standard operating processes designed using an accountability framework. are our key differentiators. Our vast amount of digitization and IT Governance experience. which we have been using successfully for a majority of our customers’ IT Governance implementations. Board Briefing on IT Governance.itgi. The CEO’s Guide to IT Value@Risk http://www. All rights reserved 12 .. The model leverages industry-standard best practices and proven frameworks to better align business objectives with IT capabilities.org/Content/ContentGroups/ITGI3/Resources1/Board_Briefing_on_IT_Governance/ 26904_Board_Briefing_final. Based on our experience in the area. combined with skilled resources and varied range of service offerings. and compliance adherence – all factors which are key for leadership in an increasingly competitive world. representing over 150 person-years of delivered effort. have helped us gain in-depth IT Governance expertise across industry verticals.cfm&ContentI D=20697 PATNI’S IT GOVERNANCE PRACTICE With its dedicated Center of Excellence in IT Governance.pdf 2. Patni has proven experience in the arena.CONCLUSION The success of an organization in the new economy will depend on its ability to execute planned strategies accurately.cfm?template=/ContentManagement/ContentDisplay. Copyright © Patni Computer Systems Ltd. resource alignment. quality delivery. REFERENCES 1.org/template_ITGI.

process consulting. He holds a Bachelor's degree in Electronics Engineering from Mumbai University and has more than 8 years of IT experience. ABOUT PATNI Patni Computer Systems Limited (BSE: PATNI COMPUT. Patni is an ISO 9001:2000 certified and SEI-CMMI Level 5 organization. Patni adds value to its client's businesses through well-established and structured methodologies.ABOUT THE AUTHOR Shashank Mane leads the IT Governance focus group at Patni's IT Governance Center of Excellence. business process outsourcing. Copyright © Patni Computer Systems Ltd. Committed to quality. business intelligence & data warehousing. Retail. With an employee strength of over 10. For the past 3 years he has been actively involved in IT Governance Implementations that have enabled various customers successfully shape their IT Governance Agenda. Patni adopts Six Sigma practices as an integral part of its quality and process frameworks.000.. assessed enterprise wide at P-CMM Level 3. Financial Services. Media & Entertainment. Telecom. e-business. infrastructure management. verification & validation. engineering services. embedded technologies. and Logistics & Transportation. product engineering. Manufacturing. and RFID. Patni's technology focus spans enterprise applications. tools and techniques. Our service offerings include: application development. NSE: PATNI) is a global IT Services provider servicing Global 2000 clients through its industry practices in Insurance. and IT governance. He has played a pivotal role in designing and developing for many software projects using various cutting-edge technologies in the IT industry.6 million for the year 2004. Energy & Utilities. and through its technology practices. application management. and 24 international offices across the Americas. multiple offshore development facilities across eight cities. In keeping with its focus on continuous process improvements. All rights reserved 13 . 2005. Patni has registered revenues of US$ 326. Europe and Asia-Pacific.