One of the primary themes of the Australian itSMF National conference held in August 2009 in Australia was how organizations should manage governance of their IT environment. IT Governance is defined by the IT Governance Institute (ITGI) as:
“...an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives."
Let’s face it, IT and business alignment is no longer enough. IT must work with the business to ensure integration and without governance you cannot ensure this. Think for a moment about performing a banking transaction. Whether the transaction is preformed using an ATM, via Internet banking or at a branch, without technology the transaction will not be placed and you will be unable to receive your money. The technology component of that transaction is crucial. I recently read about a supermarket where the system running the cash registers failed. The failed system formed part of the transaction system interfacing with the debit and credit card system. Ultimately, the failure led to hundreds of grocery carts being abandoned in the store and much ill will with customers. The store manager was forced to close the store until the IT services were restored.
Implementing a good ITSM environment will indeed assist you in your quest for good service delivery. Keep in mind, however, that to integrate with the business, sound governance is critical. Based on my extensive work in the arena of IT Governance, I developed my TOP 5 LIST of deadly sins to avoid in your governance journey and over the next few weeks I will be sharing these with you for your edification.
Let’s start today with the error made most often - Deadly Sin 1-- No Definition of Governance.
The impetus for the interest in governance initially was driven by the requirement to comply with the ever growing number and impact of regulations. In North America we have SOX, HIPPA, GLBA and so on, Japan has J-Sox and Europe has EU-8, and so on. Much of the last few years have been a rush to implement and automate these processes. Now, I have visited many organizations who have gone “over the top” in the implementations of controls for regulations – implementing significantly more or less controls than appropriate and the risks of this are complexity to the business process. These controls need to be balanced with the business strategy and the ISACA has a model to balance your governance implementation taking into account the 5 IT Governance domains of Strategic Alignment, Value Delivery, Risk Management, Resource Management and Performance Management. Balancing the 5 domains ensure that you balance all aspects of the business with strategy to deliver a balanced governance model.
IT Governance Focus Area’s Diagram
Source: COBIT 4.1 ©1996-2007 IT Governance Institute. (more information available on the IT Governance
Focus Area’s in COBIT 4.1 available from ISACA.org).
In these difficult economic times you are probably familiar with many IT organizations who are totally focused on simply reducing costs, without focus on the other domains and subsequently they may indeed reduce their costs but are at the same time exposing their organizations to risk, are suffering from resource constraint and then it’s only a matter of time before performance suffers. To avoid Deadly Sin Number 1 – you need to define your organizations definition of governance; this will form the mission statement for your governance journey. An excellent place to start this journey is with the free ISACA publication Board Briefing on IT Governance, 2nd Edition which is available as a free download. This publication will take you through a series of interviews and exercises to allow you to develop your governance strategy and plan the implementation with an appropriate scope and step one is defining your definition of governance for your organization. So if your organization has determined your governance definition, your are ready to avoid deadly sin number two, more on that next week. Any guesses what it will be?