Download (direct link):
M1 Monitor the process Ì2 Assess internal control adequacy Ì3 Obtain independent assurance M4 Provide for independent audit
DS1 Define service levels DS2 Manage third party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and attribute costs DS7 Educate and train users DS8 Assist and advise IT customers DS9 Manage the configuration DSIO Manage problems and incidents DS11 Manage data DS12 Manage facilities DS13 Manage operations
Define a strategic IT plan Define the information architecture Determine the technological direction Define the IT organization and relationships Manage the IT investment Communication management aims and direction
Manage human resources
Ensure compliance with external
A11 Identify solutions A12 Acquire and maintain application software
A13 Acquire and maintain technology architecture A14 Develop and maintain IT procedures A15 Install and accredit systems A16 Manage changes
94 CHAPTER 3 PEOPLE AND GOVERNANCE
There are practical steps that can be taken to institute effective IT governance in support of IT portfolio management.
First, an organization must understand its business and strategic objectives and assess its portfolio management maturity. It is difficult to govern if processes are not governable and if current and future directions are not clear. Coordination of IT with goals, strategies, requirements, and priorities is essential. Thus, putting principles in place to steer appropriate behavior that align with strategy, investment objectives, and tolerance for risk is the first, albeit remedial, step.
Second, IT portfolio management should be leveraged to communicate the magnitude of the IT portfolio management opportunity. This will be a segway into IT investment governance.
Third, IT processes should be cleaned up and standardized. It is the IT processes that provide feedback into the IT portfolio. This will allow management and subsequent optimization of the IT portfolio.
Fourth, the existing business and IT processes, activities, and target areas that naturally fit into IT governance should be identified. These include areas such as:
• Enterprise program management
• Architecture group
• Requirements committee
• Human capital management
• Sourcing relationships
• Strategic planning
• Integrating product, project, and portfolio management
Fifth, the appropriate people and committees must be identified. The success of IT governance is contingent on active executive involvement. If acceptable committees exist, they should be leveraged. If not, they should be created. A simple exercise in stakeholder analysis involves identifying who are the key players and who will make IT governance and IT portfolio management successful. Establishment of a program office is an important component.
Sixth, these governing bodies should be chartered in writing. The charters should contain the purpose of the governing body, the scope, the participants, the processes, the policies and objectives, the expectations, specific roles and
responsibilities, success criteria for measuring effectiveness, as well as documentation and definition of risks and assumptions.
Seventh, baselines for measuring effectiveness should be captured. Some examples include project spending as a percent of revenue, elapsed time to introduce new and innovative solutions, integrity and accuracy of data and information, and total IT costs per end user. Balanced scorecards are an effective tool for measuring the value of tangible as well as intangible assets. If the data does not actually exist, develop baselines by agreement. As an example, one company did not know its success rates on projects with precision because it never actually measured its projects. When key stakeholders knowledgeable in project execution were facilitated properly, consensus was that on average the company was three years late and 300% over budget. After instituting governance over project execution, it was only three months late and 30% over budget. The company attained an order of magnitude improvement, demonstrating the success of IT governance and a formalized IT portfolio analysis process. In the absence of a baseline, however, it would have appeared to be worse off with governance in place because the perception might have been that it was coming in on time and on budget previously and was now not only late but being burdened by governance overhead.
Eighth, improvements should be demonstrated and lessons should be captured. Leverage lessons learned from similar entities. It is common to adopt too much too quickly. For example, one company tried to implement full life cycle IT governance. As part of its initial effort, project team members had to capture task-level information. This was too much too quickly. It was rejected by the staff, particularly on smaller projects or projects with tasks having short durations. The CIO scaled back to activity-level tracking and the overall IT governance was deemed a success, improving resource utilization by 13% and increasing end user satisfaction from 40% to 70%.