Download (direct link):
Many poor business decisions will result in significant IT change management issues. A fundamental truism is that when bad business processes are automated, things get worse faster. Conversely, when good business processes are automated, they generally lead to productivity improvements and cost reductions. Likewise, poor technology decisions will result in subpar business agility, slow responsiveness, poor integration, and potential loss of goodwill with key partners, suppliers, employees, and customers. There is no longer a distinction between business and e-business—they are one in the same.
Self-Diagnosis: Preventive Measures
The dependency and importance of information technology and IT portfolio management influence and shape effective IT governance. Companies should consider some of these questions as they assess their IT governance maturity level:
• Are the board of directors and executive management engaged in decisions regarding the focus and direction of IT, the prioritization of IT investments, and risk setting and monitoring? Are these communicated in business nomenclature? Is a senior IT representative a member of the executive management team?
• Are the processes to ensure that IT is aligned with business and strategic objectives consistent and repeatable? Are there consistent and standardized weighted criteria and business uses in place to assess each IT investment? Have these been socialized and agreed upon by the members of the governance bodies? Are they aligned to the critical success factors, key performance indicators, and balanced scorecards? Are they widely and frequently communicated across the company?
A DEMANDING ENVIRONMENT 69
• Is the budget cycle performed only on an annual basis? Does the budget horizon project out for at least two years? Are savings achieved by migrating or retiring IT investments actively factored back into the IT budget? Is spending on IT commensurate with industry averages?
• Are there business, information, and technology policies and principles in place? Are they available throughout the company?
• Do specific projects deliver their intended value within the cost, schedule, and resource allocation as promised?
• How easily can the governance bodies assess alternative investments and perform what-if analyses? Are there sufficient infrastructures, processes, rules, resources, and communication channels and vehicles in place to rapidly redirect resources and absorb the impact of change?
• Has the company’s tolerance for risk been clearly defined and communicated?
• Are legal compliance and regulatory issues addressed proactively?
• Are there internal control mechanisms in place to adequately identify and mitigate risks before they become unwieldy? Are there appropriate change management processes in place?
• Is the company focusing on its core competencies and leveraging the fabric of a network and net-centric environment to create a web of partnerships, alliances, and outsourcing relationships?
• Are intangible assets such as information assets, branding, human capital management, and customer relationship management being fully exploited (or even monitored)?
• Do governing bodies have easy access to and visibility of all investments across the IT discovery, IT project, and IT asset portfolios? Are these rolled up into a holistic end-to-end perspective showing risks, value, timing, and costs of all combined IT investments? Are meetings held frequently to assess both new and existing IT investments?
• Are there pools (categories) of investments with defined levels of IT spending defined for each category? What percentage of resources from IT are allocated to running the business versus transforming the business or growing the business? Are these figures actively tracked?
• Are performance measurements, service-level agreements, and postmortem project assessments, actively tracked, captured, communicated, and fed back into the system for continuous improvement? Are these valued in hard dollars?
• Are customers and/or end users satisfied with the service delivered by IT? Do they believe that IT is responsive within an acceptable timeline to meet their needs? Do customers have a voice in IT decisions?
70 CHAPTER 3 PEOPLE AND GOVERNANCE
• Are different functional areas, business units, and divisions incentivized to work together and support one another for the common good of the company? Are there incentive compensation triggers in place to reward employees for desired behavior and acceptable risk taking?
• Is the ownership for IT decisions clear to management, employees, stakeholders, and partners—that is, who is responsible, accountable, consulted, and informed (i.e., RACI) for all key IT decisions? Has the culture of the company been taken into consideration as to how decisions are made and who makes them?
• Is there a governance process/framework that has been defined, documented, and is working effectively and efficiently? Does this framework incorporate best practices from CobiT, ISO 900X, SEI CMM, COSO, ITIL, as well as other common frameworks used in both the private and public sectors?