Untitled Document
Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
15 February 2010  
Untitled Document
Sections

Cover Story
Trend
Tech Views
News
Product
Case Study
CIO Profile

Express Intelligent Enterprise

Events

Technology Senate
Technology Sabha
Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Exp.Channel Business
Express Hospitality
Express TravelWorld
Express Pharma
Express Healthcare
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Tech Views - Article

Avoid the biggest IT Traps through regular maintenance

Robert E. Stroud, CGEIT argues that many businesses are sacrificing profits and productivity by not implementing effective governance over their IT


Robert E. Stroud

Experts recommend that people change the oil in their automobiles every 3,000 miles. While the benefits may not be immediately visible, in the long run it improves performance and protects their investments.

This can be very good advice for enterprises around the world, too. Regular service and attention to vital components are key activities for building value and ensuring a business is running smoothly and efficiently. This is especially important as a dramatic shift has taken place in enterprises. While information technology (IT) was once considered separate from the overall business and was mainly used to streamline activities and automate processes, it has now become interwoven with nearly every aspect of the enterprise.

Businesses around the world now depend on IT for competitive advantage. Unfortunately, many are sacrificing profits and productivity by not implementing effective governance over their IT.

Because IT has become integral to ongoing operations, enterprise leaders need to have the appropriate governance tools in place to ensure that their organization is running at peak performance and that it meets business objectives while satisfying stakeholders. Just like a new car comes with important information in its Owner’s Manual, here is guidance to help enterprises enhance IT governance and avoid three of the biggest IT traps that they may face.

Agree to a Definition of IT Governance

This may sound as simple as instructions that say ‘put key in ignition and turn,’ but this is an area that stalls many enterprises. ‘Governance’ is not well defined in most organizations, and it is often misused. Only after agreeing to a consistent definition of IT governance can an organization truly begin its journey to ensure maximum control, compliance and value.

ISACA, a global nonprofit association of 86,000 IT professionals, has developed a definition for IT governance that has been accepted by many organizations. It states that ‘IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.’

In COBIT, the globally recognized framework for IT governance that was developed, and is continually updated, by ISACA, five key domains have been identified: Strategic Alignment, Value Delivery, Risk Management, Resource Management and Performance Management.

Think of the four wheels of a car. If they are not correctly balanced, the car might seem to operate fine during slow speeds, but as soon as the vehicle picks up speed, there will be uncomfortable—and potentially unsafe—vibrations, or worse. The goal of most businesses is to ‘pick up speed,’ that is, to grow and increase profits. If the five key domains are not balanced, the business will eventually experience ‘vibrations,’ (e.g., loss of profits, reduced competitive edge, non-compliance and increased risks). Balancing the five IT governance domains helps encourage innovation and make the road ahead smoother for growth.

Management ‘owns’ governance over IT

Just as an auto title shows who owns the vehicle, the ‘title’ for IT governance should clearly say ‘executive leadership.’ The responsibility for setting policy and ensuring it is followed rests completely on the shoulders of business management. Policies, procedures and rules must be agreed-to by senior leadership, and the chief information officer (CIO) or someone in a similar position should be made accountable for execution of the IT governance program.

The generic business goals and IT goals described in COBIT can be used to drive the discussion. While management must ensure processes are followed, it also needs to ensure that individuals are empowered and that the organization’s vision, mission, principles and values are leveraged.

Avoid the ‘single governance’ process

There is no one single perfect solution for implementing an IT governance program. Management at each organization needs to understand its own unique structure, culture and goals, and customize a program that best fits its situation. Some organizations have tried to create a single set of policies, procedures and rules, only to be faced with rough terrain in the form of large, costly and risky projects requiring huge expenditures. These programs are frequently doomed from the beginning.

Instead, IT governance implementations should consist of multiple levels and integrate activities and information from multiple sources. Management should also review key requirements, including externally imposed controls such as the Sarbanes-Oxley Act, internally imposed controls such as the Capability Maturity Model Integration (CMMI) and any industry-specific quality or process requirements.

COBIT, which is available as a free download at www.isaca.org/cobit, provides a comprehensive approach and is a good road map for IT governance. Many organizations use it as an over-arching framework that harmonizes IT governance activities.

Additional guidance including checklists, maturity models and tool kits is in the Board Briefing on IT Governance, 2nd Edition, which is a free download from www.isaca.org.

Implementing an IT governance program is not a destination, but rather a journey. As long as an enterprise continues to ‘change its oil’ and continue the regular maintenance of documenting, guiding and measuring the implementation process, it should ensure that resources are used effectively and the tank is full for the road trip ahead.

The author is International Vice President of ISACA and the IT Governance Institute. He is also Vice President, Service Management Strategy, And Service Management And Governance Evangelist at CA Inc. He will discuss ‘Five Traps for IT Governance Professionals’ at ISACA's Asia-Pacific Computer Audit, Control and Security (CACS) Conference, 22-23 February 2010, in Mumbai (www.isaca.org/asiacacs).

 


Untitled Document
Untitled Document

FEEDBACK: We would love to hear from you -- what you like about our content, what you dont, and even how you think we can improve. Please send your feedback to: prashant.rao@expressindia.com

© Copyright 2001: The Indian Express Limited. All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of The Indian Express Limited. Site managed by BPD.