Professional Documents
Culture Documents
1
IT Governance – Quotes#1
• “The governance board, composed of the corporate controller,
eight domestic CIOs (the most seasoned and experienced) and
three regional CIOs (Asia, Europe, Latin America) – has been
meeting for a year, but anyone who has attended the meetings
views it as dysfunctional. No one pays attention or takes it
seriously.“ CIO, Global Manufacturing Firm
• “We have to rejustify our refresh strategy every year. What should
have been a ten minute pitch took fourty-five minutes... The
management committee turned into a team of volunteer architects
to redesign cheaper desktops.“ CIO, Telecommunications Firm
• “We were not making the best use of our opportunities... The
business case for an IT initiative included costs for the project itself,
with some infrastructure thrown in...so the first project needing a
particular piece of infrastrucure had to pay the entire cost of
creating it“. CIO, Government Agency
Source: Weill, Peter; Ross, Jeanne W.: IT-Governance. Harvard Business School Press, 2004, p 117. 2
IT Governance – Quotes#2
• „The governance procedures we developed
brought transparency and accountability into the
process.“ CIO, Financial Services Firm
• „There is a very highly disciplined project
management system, well defined, with totally
educated users, everybody knows the vocabulary
– all the chief executives of the company know
phases of project management. We all talk the
same language.“ CIO, National Police Force
(Europe)
Source: Weill, Peter; Ross, Jeanne W.: IT-Governance. Harvard Business School Press, 2004, p 117. 3
Agenda: IT Governance
• IT Alignment / IT Strategy
• Definition IT Governance
• IT Governance Principles (Weil & Ross)
• CobiT
• COSO, ISO 27000, ...
• IT Compliance
– SOX, Euro-SOX, ....
4
Definition Strategy
• Origin of term “strategy”?
• Meaning / application of term “strategy”?
8
Why is strategy important?
….because resources are limited….
9
Strategy as a type of problem solving
(Rumelt)
• Professor Richard P. Rumelt described strategy
as a type of problem solving in 2011.
• He wrote that good strategy has an underlying
structure he called a kernel.
• The kernel in Operating Systems refers to…
10
Strategy as a type of problem solving
(Rumelt)
• Professor Richard P. Rumelt described strategy as a
type of problem solving in 2011.
• He wrote that good strategy has an underlying
structure he called a kernel.
• The kernel has three parts:
1) A diagnosis that defines or explains the nature of the
challenge;
2) A guiding policy for dealing with the challenge; and
3) Coherent actions designed to carry out the guiding
policy.
11
Strategy as a type of problem solving
(Rumelt)
• Rumelt wrote in 2011 that three important
aspects of strategy include "premeditation,
the anticipation of others' behavior, and the
purposeful design of coordinated actions."
• He described strategy as solving a design
problem, with trade-offs among various
elements that must be arranged, adjusted and
coordinated, rather than a plan or choice.
12
Strategy as a type of problem solving
(Rumelt)
US President Kennedy illustrated these three elements of strategy in his
Cuban Missile Crisis Address to the Nation of 22 October 1962:
• Diagnosis: "This Government, as promised, has maintained the closest
surveillance of the Soviet military buildup on the island of Cuba. Within
the past week, unmistakable evidence has established the fact that a
series of offensive missile sites is now in preparation on that imprisoned
island. The purpose of these bases can be none other than to provide a
nuclear strike capability against the Western Hemisphere."
• Guiding Policy: "Our unswerving objective, therefore, must be to prevent
the use of these missiles against this or any other country, and to secure
their withdrawal or elimination from the Western Hemisphere."
• Action Plans: First among seven numbered steps was the following: "To
halt this offensive buildup a strict quarantine on all offensive military
equipment under shipment to Cuba is being initiated. All ships of any kind
bound for Cuba from whatever nation or port will, if found to contain
cargoes of offensive weapons, be turned back."
13
Strategy as a type of problem solving
The Case of Microsoft: Gates quoted in Book
“The Innovators” by Issaacson
“We were no Hardware gurus…. When Paul
[Allen] showed me that magazine [Popular
Electronics, January 1972, Announcing the Altair
as the “Arrival of the PC”], there was no such
thing as a software industry…We had the insight
that you could create one....That was the most
important idea I ever had.”
15
Strategy as a type of problem solving
The Case of Apple: See book “The Innovators”
by Issaacson pr the film “Steve Jobs” by Danny
Boyle (Based on the books of Walter Isaacson)
“People don’t know what they want…. You have
to give them the best product and they will like
it..... They think they want an open system...But
I want to give them a closed system [which
failed with Macintosh in 1980s, but was
successfull in 1990s/2000s].”
16
Rumelt: Strategy as a type of problem solving
(Case Study, groups of 3-4, preparation, then
presentation, then analysis, then Q&A)
20
Definition Strategy
• Henry Mintzberg: Strategy is "a pattern in a
stream of decisions" [to contrast with a view
of strategy as planning]
Source: Mintzberg, Henry and, Quinn, James Brian (1996). The Strategy
22
Process:Concepts, Contexts, Cases. Prentice Hall.
Henry Mintzberg – Strategy Definitions
• Strategy as plan – a directed course of action to achieve an
intended set of goals; similar to the strategic planning concept;
• Strategy as pattern – a consistent pattern of past behavior, with a
strategy realized over time rather than planned or intended. Where
the realized pattern was different from the intent, he referred to
the strategy as emergent;
• Strategy as position – locating brands, products, or companies
within the market, based on the conceptual framework of
consumers or other stakeholders; a strategy determined primarily
by factors outside the firm;
• Strategy as ploy – a specific maneuver intended to outwit a
competitor;
• Strategy as perspective – executing strategy based on a "theory of
the business" or natural extension of the mindset or ideological
perspective of the organization.
Source: http://images.flatworldknowledge.com/ketchen/ketchen-fig01_001.jpg101426
Chamberlain's Theory of Strategy
(2010)
• Based on Alfred D. Chandler, Jr., Kenneth R.
Andrews, Henry Mintzbergand James Brian Quinn
• Aims to cover all the main areas
• Chamberlain analyzes the strategy construct by
treating it as a combination of four factors.
– Factor 1. What strategy is.
– Factor 2. The forces that shape strategy.
– Factor 3. The processes that form strategy.
– Factor 4. The mechanisms by which strategy can take
effect.
27
Chamberlain's Theory of Strategy -
Factor 1. What strategy is
• Interpretation of the strategy construct.
• Chamberlain argues that it is not possible either to analyze or compare
strategies if we cannot clearly describe and categorize what we are looking
at.
• Factor 1 is summarized in seven propositions:
– Proposition 1: Strategy operates in a bounded domain (i.e., separate from the
policy, tactical and operational domains).
– Proposition 2: A strategy has a single, coherent focus.
– Proposition 3: A strategy consists of a basic direction and a broad path.
– Proposition 4: A strategy can be deconstructed into elements.
– Proposition 5: Each of the individual components of a strategy’s broad path
(i.e., each of its essential thrusts) is a single coherent concept directly
addressing the delivery of the basic direction.
– Proposition 6: A strategy’s essential thrusts each imply a specific channel of
influence.
– Proposition 7: A strategy’s constituent elements are each formed either
deliberately or emergently..
28
Situation Analysis: McKinsey‘s
7-S-Modell
Strategie – Situationsanalyse - 7-S-Modell (McKinsey)
„hard factors“
- cold
triangle
„soft factors“
– warm
square)
Source:
de.wikipedia.org
32
Definition IT Alignment
“Business-IT alignment is a dynamic state in
which a business organization is able to use
information technology (IT) effectively to
achieve business objectives”
35
Overconfidence- or Overoptimistic Bias
• Survey of youth (Germany) : Self-assessment
of leadership qualities
– 70% above average, 2% below average
– 60% consider themselves to be among the top
10%
– 25% consider themselves to be among the top 1%
• Can you imagine another group / profession
to score even higher on the Overconfidence-
or Overoptimistic Bias?
36
Overconfidence- or Overoptimistic Bias
• 94% of all professors consider their own
performance to be above average in the peer
group
37
Case Study: Management of Strategy
and Investments #1
CIO/CTO 23 53 43 38 30 29 30 62
Vorstand 26 3 6 0 15 10 13 0
Komitees/
52 44 51 63 55 51 58 38
Gremien
Welt Klassen-
beste
Survey Accenture 2008: Survey of 260 CIOs globally (all results in percentage points). 39
Source: Wirtschaftswoche Nr. 10, 26.03.2008
Case Study: Management of Strategy
and Investments #2
81 47 26 50 50 50 40 54
Welt Klassen-
beste
Survey Accenture 2008: Survey of 260 CIOs globally (all results in percentage points). 40
Source: Wirtschaftswoche Nr. 10, 26.03.2008
Case Study: Management of Strategy
and Investments#3
How often the affected Business Units decide upon the budget of IT Projects...
7 16 51 25 30 27 31 31
Welt Klassen-
beste
Survey Accenture 2008: Survey of 260 CIOs globally (all results in percentage points). 41
Source: Wirtschaftswoche Nr. 10, 26.03.2008
Strategie Raster (Gartner Group)
IT-Strategie
Anwendungen Integration Infrastruktur Service Beschaffung
§ Regionen? § nur in Geschäftseinheit? § Regionen?
§ Netz? § Grad der
§ Sprachen? § extern? Zentralisierung? § Kulturen?
Geografische § über § Ausbreitung? § Sprachen?
Verteilung § Gesetze? Unternehmensgrenzen? § Prozesse?
§ Strategie?
§ funktionale Silos? § Zentral oder dezentral?
§ Fokussierung? § Wer entscheidet? § Strategie?
§ Integrationsarchitektur? § Je Geschäftseinheit oder
§ mögliche gemeinsam?
IT-Governance
Informationen aus Geschäftsstrategie
Änderungen?
§ Plan?
§ Architektur? § Trends?
§ Unternehmensarchitektur § Wie soll Service § Eigene Kompetenzen
Zukunftsbezug § Ablösung der § Grids? aussehen? in der Zukunft?
Legacies?
§ On demand?
§ Änderungen der § Sicht für den Kunden? § Grenzen der Infrastruktur? § SLAs?
Interaktion? § Wer kontrolliert die
§ Anpassung? § Was wird gebraucht? § Kundenmanagement? IT-Beschaffung?
Kundensicht § Priorität?
§ :
http://www.gartner.com/technology/research/top-
10-technology-trends/
46
© 2009 Gartner, Inc. All Rights Reserved.
Top Strategic Technology Trends for 2018
54
IT Governance in the Context of
Corporate Governance#2
Corporate Governance
IT Governance
Strategy
IT Alignment
IT
IT Service Management
Architecture
IT Service
Compli- IT Compliance IT Service IT Service
Opera-
Infrastructure
Strategy Planning Management
ance tions
Strategy
55
IT Governance in the Context of
Corporate Governance#3
Organizational Governance
Enterprise Risk
Management
Internal Control
IT Control
56
IT Governance in the Context of
Corporate Governance#4
Corporate governance
Board
Monitoring Disclosure
Key assets
Human Finacial Physical IP Information Relationship
assets assets assets assets and IT assets assets
58
IT Governance - Motivation
• IT Strategy
– Enterprises are more dependent than ever on IT
– Tendency of IT to focus on itself
– Historically poor performance of IT (eg SW Development
Projects)
• IT Alignment
– Increased variety of service delivery models (cloud computing,
incremental outsourcing, etc.) creates complexity
– IT viewed as “strategic partner” vs. “order taker”
• IT Financials
– Enterprises need to maximize the business value from their [often]
large investment in IT
– Centralised versus decentralised (eg Business Units) IT
spending
• IT Compliance
– Regulatory focus in post-Enron era, e.g., Sarbanes Oxley
59
IT Governance vs. IT (Service)
Management
60
IT Governance: Definition
• The operating model for how the organization makes
and enacts decisions about the use of IT
• What is meant by “operating model”?
61
IT Governance: Definition
• The operating model for how the organization makes
and enacts decisions about the use of IT
• What is meant by “operating model”?
– Organizational units involved
– Division of roles, responsibilities, and accountabilities
– Processes, standards, policies
– Measurements
• What types of decisions are we talking about?
62
IT Governance: Definition
• The operating model for how the organization makes
and enacts decisions about the use of IT
• What is meant by “operating model”?
– Organizational units involved
– Division of roles, responsibilities, and accountabilities
– Processes, standards, policies
– Measurements
• What types of decisions are we talking about?
– What IT goals and priorities will enable the organization and maximize
benefits
– How to obtain and deploy IT resources
– How to appropriately mitigate and control risk
Topics: IT Architecture; IT Strategy; Project Portfolio Management, IT
63
Compliance
IT Governance: Example
• Proposal:
Replace various proprietary and local reporting systems
with a single, global management reporting system
èHard to justify on purely economic grounds
èLocal units will be resistant, but their cooperation is
essential to the success of the initiative
• IT Governance Issues:
Who decides? Who is accountable for the
implementation of the decision? How will the results of
the decision be measured and monitored?
64
Aufbauorganisation in einem kleinen
Unternehmen
65
Aufbauorganisation: Idealtypischer
Aufbau innerhalb der IT Abteilung
(Muster)
66
Aufbauorganisation – Ressortinstanz
bzw. Linieninstanz einer Abteilung
Unternehmens-
leitung
Stabsfunktionen:
"Dienen allen"
Produkt B Produkt B Produkt B Personal
Produkt C Produkt C Produkt C IW
IW: Informationswesen
67
Aufbauorganisation – Hauptabteilung
Unternehmens-
leitung
IW: Informationswesen
68
Aufbauorganisation – Stabstelle
Unternehmens-
leitung
IW
IW: Informationswesen
69
Aufbauorganisation – Matrix /
Querschnittsfunktion (Dezentral)
Unternehmens-
leitung
Einkauf
Produktion
Informations-
Wesen (IT)
... ...
dezentrale IV (IM) dezentrale IV dezentrale IV dezentrale IV
IW: Informationswesen
70
Aufbauorganisation – Divisional /
Dezentral
AUFBAUORGANISATION - DIVISIONAL/DEZENTRAL
Unter- Unternehmens-
nehmens- leitung
stab
IW
IW IW IW IW
IW
IW
Unternehmensleitung
Unternehmensleitung
IW
IW
Stabsabteilung Matrixorganisation
Hoher Stellenwert der IV im Kurze Instanzwege zu den
Unternehmen Fachbereichen und UL
Dienstleistungsfunktion der IV
IV-Abteilung hat guten
Wird betont
Überblick über die gesamte IV
Keine Weisungsbefugnis Hohes Konfliktpotential
73
Operating Model (OM) - Context
• Business Model
• Operating Model
• Capability Model
74
Operating Model (OM) - Context
• Business Model
– Describes how an organization creates, delivers, and captures
economic, social, or other forms of value.
– Business Model design is part of business strategy.
• Operating Model
– Describes the necessary level of business process integration
– Standardization for delivering goods and services to customers
– Guides the underlying business and technical architecture to
effectively and efficiently realize its business model.
– Operating Model design is part of business strategy.
• Capability Model
– Describes the capabilities necessary to execute the Operating Model.
– Capability Model design is part of operations planning.
Sources:
http://http://en.wikipedia.org/wiki/Operating_model (16 March2012) 75
Peter Weill, Jeanne W. Ross. IT Savvy. Harvard Business Press, Boston. 2009.
Operating Model (OM)
“An operating model is the necessary level of
business process integration and
standardization for delivering goods and
services to customers. By identifying
integration and standardization requirements
an operating model defines critical IT and
business process capabilities ... [and thus]
guides IT investment and enhances business
agility.“
Sources:
http://streamlinetraining.blogspot.com/2010/02/generating-business-value-from-it-i.html (16 March2012) 76
Peter Weill, Jeanne W. Ross. IT Savvy. Harvard Business Press, Boston. 2009.
Operating Model (OM) - Prerequisites
• Business Leader must decide
(i) How much to standardize business processes
(ii) How much to integrate business processes
• Small Organisations: Provide single digitised
process platform to support OM Model
• Big Organisations: Multiple OMs; 1 at each
organisation level (eg firmwide, business
units) where platform capabilities are shared
77
Operating Model – 4 Choices
Sources:
http://streamlinetraining.blogspot.com/2010/02/generating-business-value-from-it-i.html (16 March2012) 78
Peter Weill, Jeanne W. Ross. IT Savvy. Harvard Business Press, Boston. 2009.
Operating Model – 4 Choices
A company using the
• Coordination model operates unique business units with a need to know
each other's transactions. Its key IT capability is providing access to shared
data through standard technology interfaces (e.g. Pepsi Americas).
• Unification model operates as a single business with global process
standards and global data access. Its key IT capability is providing
enterprise systems that reinforce standard processes and provide global
data access (e.g. UPS)
• Diversification model operates independent business units with different
customers and expertise. Its key IT capability is providing economies of
scale without limiting independence (e.g. Procter & Gamble).
• Replication model operates independent but similar business units. Its key
IT capability is providing standard infrastructure and application
components for global efficiency. Marriott is an example (e.g. ING Direct).
Sources:
http://streamlinetraining.blogspot.com/2010/02/generating-business-value-from-it-i.html (16 March2012) 79
Peter Weill, Jeanne W. Ross. IT Savvy. Harvard Business Press, Boston. 2009.
Operating Model – Unification Model
Example UPS
• UPS Regional Head for Eastern Europe Proposal (around 2000)
– Aggressive expansion into Less mature market, thus fewer process
requirements
– Cheaper than standard UPS handheld devices would cost less and be
adequate to meet market requirements
• UPS decision making process
– Policy: Review all exception to standard Business Process & IT Service
provision
– Decision passed to senior level management who insisted that
Eastern Europe adopt standard UPS business processes and
technology
– UPS CEO Mike Eskew: “We are a network and we can‘t have some
warehouses managing with this system and others managing with that
system.... [Otherwise] you can‘t transfer people and you can‘t transfer
Sources: information.“ 80
Peter Weill, Jeanne W. Ross. IT Savvy. Harvard Business Press, Boston. 2009.
IT Operating Model: Roles
Plan
Head Process Owner Project Portf Mgr Controller
Build Run
Account Mgr Service Lvl Mgr Incident Mgr 1st level Support
81
IT Operating Model: Process Modell
Source: Arcondis
82