Download (direct link):
1. Policy development (structure): policy must articulate the guidelines within which expected behaviors occur, with the intent of directing the enterprise toward an acceptable level of commonality.
2. Policy compliance (process): after policy is established (i.e., reviewed and agreed upon in the level of formality warranted for a particular company), governance is responsible for providing the means (controls and checks) to ensure compliance with established policy. This includes defining, communicating, gaining agreement upon, and applying the consequences of noncompliance.
There is a strong relationship and dependency between IT governance and IT portfolio management. The criteria used to evaluate IT investments in the IT portfolio are derived from many of the policies and principles created and approved by governance bodies. Conversely, IT portfolio management provides the framework, language, and tools to support IT governance. IT portfolio management provides the analysis and common taxonomy between business and IT so that governance bodies can communicate and mutually understand how investments are aligned, balanced, and managed across the company. Quantification of risks, costs, value, and performance shown in views that speak to important issues of concern to members of the governing bodies dissipate many of the political biases in the decision-making process. Because IT portfolio management ensures consistency in the process of making decisions, clearly delineated criteria to proceed forward or halt an investment are rapidly decided. In addition, IT portfolio management provides the framework for governing bodies to save money by scrutinizing IT investments and eliminating nonstrategic and poorly performing investments.
The increasing requirements on corporate governance brought on by Sarbanes-Oxley and other legislation have a direct impact on both the importance and the specificity of IT governance. This chapter articulates the importance of the role of people, policies, and principles in IT governance. It describes the relationship between IT governance and IT portfolio management.
A DEMANDING ENVIRONMENT 67
A DEMANDING ENVIRONMENT
Investors and stakeholders expect a company to:
• Generate higher profits and provide meaningful return on investment
• Maintain risk mitigation strategies such as business continuity plans
• Optimize limited resources
• Hold senior leadership accountable for their actions
• Have control and measurement practices in place, monitoring the right set of leading and lagging indicators
Customers expect extraordinary levels of flexibility and customization, greater functionality, fair pricing and quality, and unprecedented levels of service and support. Regulators expect increased control and accountability from management in both the private and public sectors. Competitors are creating new innovations at a record pace, compressing the time and cost of product life cycles, and redefining and blurring industry and organizational boundaries.
These demands have created an unprecedented need for companies to maintain or improve current levels of performance as they transform their architecture and business model to accommodate many of these changes and uncertainties. Many companies are transforming by exploiting new strategies and executing multiple value drivers while hanging on to their traditional business models and markets through waves of change and generational shifts. It is a bit like the proverbial changing of the tires on a moving car. Successful planning, development, execution, and refinement requires efficient and effective:
• Organizational structures
• Policies and principles
• Decision-making processes
IT is an enabler of these areas, enhancing the planning, design, manufacturing, and knowledge management aspects of business. IT also facilitates:
• Increasingly automated business processes, be they collaborative, analytical, or transactional
68 CHAPTER 3 PEOPLE AND GOVERNANCE
• The creation of new business models (e.g., Dell, eBay, and Amazon)
• Cost efficiency and focus on core competencies (e.g., IT outsourcing)
IT enables the business and is rapidly morphing into the business. As discussed in Chapter 1, current research shows a definitive link between intelligent investments in IT and productivity improvements. For many companies, efficient and effective performance of IT has a direct impact on their profitability.
However, in many companies, the business does not actively engage the IT organization early or often enough in the planning and decision-making processes. Security, scalability, integration issues, and other areas within IT that should be of concern in planning and IT decision-making criteria are not given adequate attention or weight. Unfortunately, planning activities and decisions made within companies are often a result of who carries the most political clout.