Leveraging IT Governance for Business Value. Jacqueline Hanson- Kotei

Size: px

Start display at page:

Download "Leveraging IT Governance for Business Value. Jacqueline Hanson- Kotei"

Jewel Bishop
5 years ago
Views:

1 Leveraging IT Governance for Business Value Jacqueline Hanson- Kotei

2 Contents Introduc)on Business Challenges IT Governance Whose responsibility Frameworks What to look out for Objec)ves Structure and Strategy Wins Areas of Improvement Lessons learned Appendix

3 Introduction As Businesses grow and evolve, they become more and more IT dependent, crea)ng a hydra- like IT problem for all involved. IT can be a powerful resource to help enterprises achieve their most important objec)ves. IT can enable automa)on of key processes e.g. the supply chain IT is the founda)on of the networked economy that cuts through geographic loca)ons and organiza)onal silos to provide new and innova)ve ways of crea)ng value. While IT has the poten)al for business transforma)on, it ojen represents a very significant investment at the same )me. In many cases, the true IT cost is not transparent and budgets are spread across business units, func)ons and geographic loca)ons with no overall oversight. IT becomes more and more complex with the speed of change of technology, change or expansion of business processes, change of business needs, regulatory and audit compliance among others.

Introduction Statistics show that more than 50% of IT investments are wasted or fail to deliver returns to the business With increased complexity in IT, the cost of failure is steadily becoming

4 Introduction Statistics show that more than 50% of IT investments are wasted or fail to deliver returns to the business With increased complexity in IT, the cost of failure is steadily becoming significant It is an unwise decision to let IT grow on its own without any proper planning and monitoring IT needs to grow within the confines of a governance system of sorts to ensure alignment Statistics show that more than 50% of IT investments are watsed or fail to deliver returns to the business. With increased complexity in IT, the cost of failure is steadily becoming significant. with business etc

5 Business challenges??? For IT investments to deliver business value in todays complex landscape, IT must: Carefully control risks, both strategic and opera)onal Proac)vely and effec)vely manage IT assets Be more )ghtly aligned with business objec)ves Con)nuously improve IT performance

6 IT Governance Enter IT Governance. What is IT Governance? According to Gartner - IT Governance (ITG) is defined as the processes that ensure the effec)ve and efficient use of IT in enabling an organiza)on to achieve its goals IT and Business alignment. IT governance the process that allows a company s senior management to direct and measure their IT investments know where your money is going In simple terms, its seeks to answer the following ques)ons that arise in the day- to- day opera)ons. Are we going the same way with Business? Is there a disconnect between IT and Business? Is IT effec)vely suppor)ng Business? Are IT costs spiraling out of control and where are they going?

7 Whose responsibility Any IT Governance program should seamlessly plug into the Enterprise governance/en)re accountability framework of the Organiza)on. It cannot stand alone. It cannot be lej en)rely to IT Senior management and the CIO.

8 Whose responsibility

9 Enterprise vs Business vs IT Governance

10 IT Governance Frameworks There is no one size fits all IT Governance model. Over the years, a number of frameworks have emerged, each with their own strengths and weaknesses, but also, each with their own focus and purpose. Many revolve around ISO standards (or are documented by ISO standards)but not all of them. The major frameworks are currently: ISO focusing upon IT service management ITIL - a lower level framework again for ITSM ISO / ISO focusing upon informa)on Six Sigma - focusing upon opera)onal performance and defect iden)fica)on COBIT - framework for informa)on IT management risks Balanced Scorecard - a framework for measuring a company's ac)vi)es in terms of its vision and strategies Prince2 - a project management method

11 What to look out for An effec)ve IT governance framework: Provides clear direc)on to ensure that IT investments support the business Is an effec)ve way to manage change Creates value for the business in alignment with enterprise objec)ves Addresses the complete life cycle of IT investment This should be supported by: Integrated communica)on communica)on to all stakeholders Op)mal roles need to filled by the right people If an effec)ve governance framework is implemented effec)vely it reduces conflict between stakeholders, finance can easily track organiza)on spending against framework priority categories, business performance significantly improves and the organiza)on reacts be^er to compe))ve threats, Tina Nunno

12 Objectives

14 Structure and Strategy

15 Structure and Strategy This was achieved by breaking the main focus areas into smaller tasks: Align IT and Business goals Business engagement Enterprise Architecture management Strategic planning Opportunity Iden)fica)on External Oversight of IT Manage Demand proac)vely Project Demand Management Service Demand Management Manage Resources Efficiently Informa)on and Data Management IT Process Management Minimize IT Risks to the Business Informa)on Risk Management Opera)ons Risks Management

16 Structure and Strategy Manage the Porcolio for Maximum returns Project Porcolio management Program management IT Leadership Communica)on Business readiness Business Process Op)miza)on Measure the IT Performance IT Performance Management Develop Staff and Leaders Staff Development Leadership Development Calibrate Organiza)on Design and sourcing Vendor Selec)on and Management Sourcing Strategy Organiza)onal Design

Wins Staff Development build a strong commi^ed team Preserva)on of Ins)tu)onal Knowledge succession planning Proac)ve Management of IT risk Robust risk mi)ga)on plans, DRP s and BCP s Effec)ve Vendor

18 Wins Staff Development build a strong commi^ed team Preserva)on of Ins)tu)onal Knowledge succession planning Proac)ve Management of IT risk Robust risk mi)ga)on plans, DRP s and BCP s Effec)ve Vendor Selec)on and Management Eliminate all dollar based SLA s Consolida)on of SLA s Effec)ve internal and external Communica)on Rigorous Business engagement and alignment IT Performance management Enterprise Architecture Management Business process Op)miza)on Automa)on and simplifica)on of Business processes Change Management Alignment with Finance and Procurement Self help Portals CAPEX Management

Areas of Improvement Communica)on with customers ensure they are fully aligned with all decisions par)cularly changes Listen to your customers Do not overpromise be as realis)c and open

19 Areas of Improvement Communica)on with customers ensure they are fully aligned with all decisions par)cularly changes Listen to your customers Do not overpromise be as realis)c and open with stakeholders as possible Vendor Management there is always more room for improvement Project Management Service Desk Management OPEX Management con)nuous monitoring to realize savings

21 Lessons learned Change is hard ins)lling a deep rooted IT Governance culture involves a cultural change which can be difficult and needs to be underpinned by trainings, effec)ve communica)on and con)nuous reinforcement Stakeholder buy in is key stakeholders have to be involved in the process and level of involvement can be determined by implemen)ng a RACI chart for each process to ensure appropriate engagement is done Senior Management support is key this cannot be overemphasized. Senior Management have to understand and fully support this ini)a)ves Review, monitor, update con)nuous invest in improving the IT Governance model in response to the ever changing IT and business need

23 APPENDIX

24 Appendix As Businesses grow and evolve, they become more and more IT dependent, crea)ng a hydra- like IT problem for all involved. IT can be a powerful resource to help enterprises achieve their most important objec)ves. E.g. IT can represent a core driver of cost savings for large transac)ons such as mergers, acquisi)ons and dives)tures. IT can enable automa)on of key processes, such as the supply chain, and can be the cornerstone of new business strategies or business models, thereby increasing compe))veness and enabling innova)on, such as the digital delivery of products (e.g., music being sold and delivered online). IT is the founda)on of the networked economy that cuts through geographic loca)ons and organiza)onal silos to provide new and innova)ve ways of crea)ng value. Most enterprises recognize informa)on and the use of IT as cri)cal assets that need to be governed properly.

25 Appendix While IT has the poten)al for business transforma)on, it ojen represents a very significant investment at the same )me. In many cases, the true IT cost is not transparent and budgets are spread across business units, func)ons and geographic loca)ons with no overall oversight. The greatest por)on of spending is ojen for keeping the lights on ini)a)ves (post- implementa)on maintenance and opera)onal costs) as opposed to transforma)onal or innova)on ini)a)ves. IT becomes more and more complex with the speed of change of technology, change or expansion of business processes, change of business needs, regulatory and audit compliance among others. It will therefore be an unwise decision to let IT grow on its own without any proper planning and monitoring. IT needs to grow within the confines of a governance system of sorts to ensure Alignment with business Cost effec)veness Business value crea)on etc.

26 Appendix

27 Appendix Strategic alignment with corporate objec)ves and the company s performance and sustainability goals Value delivery through the op)misa)on of IT expenditure and proving the value of IT Risk management in support of the company s strategic and business objec)ves Resource management to op)mise organisa)onal knowledge and investments in IT resources Performance management to ensure that the company achieves its objec)ves, can be aligned with changes in strategic needs, judiciously manages IT risks and enables opportuni)es to be iden)fied and acted on.

28 Appendix What is ITIL? ITIL covers the organiza)onal structure and skill requirements for an IT organisa)on/area by presen)ng a comprehensive set of management procedures. These are intended to be supplier independent and apply to all aspects of IT infrastructure The IT Infrastructure Library (it's full name) is fundamentally a collec)on of eight books, the contents of which are referred to as 'sets'. These 'sets' are sub- divided into what are termed 'disciplines', each of which defines a specific subject. The current ITIL sets are: Service Delivery Service Support Planning to Implement Service Management ICT Infrastructure Management SoJware Asset Management The Business Perspec)ve Security Management Applica)on Management Of these eight, the most widely used are the first two: Service Delivery and Service Support

29 Appendix What is the Balanced Scorecard? The balanced scorecard is a framework for measuring an organiza)ons's ac)vi)es in terms of its vision and strategies. It seeks to measure a business from four perspec)ves: Financial perspec)ve Customer perspec)ve Business process perspec)ve Learning and growth perspec)ve The BSC approach has spawned many derivi)es and related methodologies, and certainlt, the evolu)on in this respect con)nues. What is CobIT? CobIT is a framework for informa)on IT management risks, or more formally, a "framework and suppor)ng toolset that allows managers to bridge the gap between control requirements, technical issues and business risks" (ref: ISACA). It comprises six documents: Management Guidelines Implementa)on ToolSet Execu)ve Summary Framework Control Objec)ves Audit Guidelines It has also been broadly mapped against a number of other methods and standards, including COSO, ITIL, ISO 17799, and ISO

30 Appendix What is Prince2? Prince2 (PRINCE being 'Projects in Controlled Environments') is a a process based approach to project management. It comprises eight high level processes: Direc)ng a project Ini)a)ng a project Star)ng up a project Planning Controlling a stage Managing product delivery Managing stage boundaries Closing a project A Prince2 project itself typically contain four 'phsases': Star)ng a project; Ini)a)ng a project; Implementa)on of a project; Closing a project. It also offers two levels of personal examina)on/cer)fica)on: Founda)on level and Prac))oner level.

31 Appendix What is ISO 17799? ISO is a 'code of prac)se', meaning that it lists a substan)al number of specific security controls that may be applicable to an IT environment. Selec)on from these controls is normally performed via risk assessment, and the methods outlined within ISO The document itself contains 12 prime content sec)ons, specifically covering: Security Policy Organiza)onal Security Asset Classifica)on HR Physical & Environmental Communica)ons & Opera)ons Access Control Systems Development Business Con)nuity Compliance Risk Assessment IS Acquisi)on

32 Appendix What is Six Sigma? Six Sigma is a quality management program that measures and improves an organiza)on's opera)onal performance of by iden)fying and correc)ng procedural defects. It defines two basic methodologies, known as DMAIC (Define, Measure, Analyze, Improve, Control) and DMADV (Define, Measure, Analyze, Design, Verify). The former is intended to improve exis)ng processes, the la^er to develop new, customer- focused processes. A formalized training system for Six Sigma is also established, offering two levels, known as Black Belts and Green Belts. OJen, Black Belts are on- site Six Sigma implementa)on experts, with Green Belts being employees within the organiza)on who use Six Sigma as part of their overall jobs.