Shrikant Patil – Senior Advisory Consultant, Strategy & Change 09 January 2009

Applying IT Governance to Enterprise Initiatives : ISACA Bangalore

© 2009 IBM Corporation

2 ISACA Bangalore : Applying IT Governance to Enterprise Initiatives

Learning Objectives

 Understand Basic IT Governance Concepts  Review Relevant Organizational Constructs and Best Practice Frameworks  Discuss Critical Role of IT Governance in Enterprise Initiatives © 2009 IBM Corporation

3

Agenda IT Governance Concepts IT Organization Design Principles Applying IT Governance Case Studies Q&A

© 2009 IBM Corporation

4

Governance Definition

  “Governance is process of decision making in the exercise of authority for direction and control” -

G.E.P. Shailer

Implies that – Board knows the strategic direction of the company – Board is responsible for relevant actions and decisions – Board holds ultimate authority over the affairs of the organization – Board is should include oversight and control as part of governance © 2009 IBM Corporation

Components of Enterprise Governance

5

Doing the right way ?

Doing the right things ?

© 2009 IBM Corporation

IT Governance Definitions

   It is an integral part of enterprise governance and consists of the

leadership

and

organisational structures

and

processes

that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.

IT governance is the responsibility of the board of directors and executive management

Relationship Mechanisms

Governance (within business units) play catalytic role in implementation of

The distribution of IT decision-making rights and responsibilities among enterprise stakeholders, and the procedures and mechanisms for making and monitoring strategic decisions regarding IT

— Source: Luftman and Brier, 1999; Sambamurthy and Zmud, 2000; Weill, 2004 CISR MIT Sloan

Source : IT Governance Institute 6 © 2009 IBM Corporation

What needs to be addressed within IT Governance?

According to COBIT there are five IT governance focus areas that executive management needs to address to govern IT within their enterprises:  Strategic alignment  Value delivery  Risk management  Resource management  Performance measurement Source : IT Governance Institute 7 M M easu remen rman t Str ategic Alignm en t

IT

Deli

Domains

Val

Governance

ue Resource Management M M an agemen t t © 2009 IBM Corporation

IT Governance is embedded within Enterprise Governance

 Internal Environment – Value Statements : Core beliefs and philosophies that shape the organization’s vision and mission – Guiding Principles : Durable statements that encapsulates the role IT will play and how decisions will be driven in both business and IT organizations  Entrustment Framework – Accountability / authority framework across the organisation – Designated decision authorities : individuals or bodies – Organization constructs & functional interrelationships  Decision Model & Framework – Clear (transparent) assignment of decisions rights – Sequence of actions and decision path in decision processes Source: Many faces of IT Governance by Nick Robinson CISA, ISACA Journal Volume 1 2007 8 © 2009 IBM Corporation

9

3 Key Questions for IT Governance

1. What decisions must be made ? 2. Who should take these decisions ?

3. How these decisions are made and monitored ?

© 2009 IBM Corporation

MIT CISR Arrangement Matrix

 The Governance Arrangements Matrix is used to describe, analyze and communicate an organization’s IT governance  The framework uses a set of political governance archetypes for five principle decision domains  The matrix also identifies the set of mechanisms used to implement the governance arrangements (eg. committees, approval processes, relationships and organizational structures)

Five Key IT Decisions IT Principles

High level statements about how IT is used in the business

IT Infrastructure Strategies

Strategies for the base foundation of budgeted-for-IT capability (both technical and human), shared throughout the firm as reliable services and centrally coordinated

IT Architecture Business Application Needs IT Investment and Prioritization

An integrated set of technical choices to guide the organization in satisfying business needs Business applications to be acquired or built.

Decisions about how much and where to invest to IT including project approvals and justification techniques

IT Governance Archetypes Business Monarchy IT Monarchy

“C” level executives as a group or individuals Individuals or groups of IT executives.

Feudal IT Duopoly Federal Anarchy

Business unit leaders, Key Process owners, or their delegates IT executives and one other group Shared by “C” level executives and one other business group Each individual user 10 Source: MIT CISR © 2009 IBM Corporation

Governance and Alignment…”Six IT Decisions Your IT People Shouldn’t Make,” HBR – Ross and Weill

1. How much should we spend on IT?

2. Which business processes should receive IT dollars?

3. Which IT capabilities need to be companywide?

4. How good do our IT services really need to be?

5. What security and privacy risks will we accept?

6. Whom do we blame if an IT initiative fails?

© 2009 IBM Corporation 11

For each organization type there are different possible IT decision making mechanisms („archetypes“).

Local IT Management Federal IT Management Central IT Management ...

IT ...

IT ...

Business Line A ..

Business Line B ...

Business Line C

IT IT IT

...

Business Line D

IT

...

Business Line A ..

Business Line B ...

Business Line C

IT IT IT

...

Business Line D

IT

...

Business Line A ..

Business Line B ...

Business Line C ...

Business Line D

Different archetypes of IT decision rights*

Federal IT Management ...

IT Federal IT Management ...

IT Federal IT Management ...

IT Federal IT Management ...

IT ...

Business Line A ..

Business Line B ...

Business Line C ...

Business Line D

IT IT IT IT

...

Business Line A ..

Business Line B ...

Business Line C ...

Business Line D

IT IT IT IT

...

Business Line A ..

Business Line B ...

Business Line C ...

Business Line D

IT IT IT IT

...

Business Line A ..

Business Line B ...

Business Line C ...

Business Line D

IT IT IT IT Business Monarchy IT Monarchy Federal IT Duopoly Business executives make IT decisions.

IT makes IT decisions.

Coordinated decision making including all business units. IT may be involved.

12 Source: IT Governance, P. Weill, Jeanne W. Ross, Harvard Business School Press, 2004 Bilateral agreements between IT and business units.

© 2009 IBM Corporation

Allocation of IT Decision Making Authority across Business & IT Functions

13 Source: Weill & Boradbent 1998 © 2009 IBM Corporation

In most organizations the decision rights are implemented differently, depending on the different IT domains.

Business Monarchy IT Monarchy Federal Often, each IT domain has its own mechanisms to make decisions

IT Domains

14 Source: based on MIT Sloan, Center for Information Systems Research (CISR)

IT Strategy Application architecture System architecture Specialized architecture IT investments IT risk management

IT duopoly

Good Practice 1 Federal IT Monarchy IT Monarchy Federal Federal Business Monarchy

© 2009 IBM Corporation

IT Governance Models

15 Source: Peterson 2000 © 2009 IBM Corporation

Summary : To set direction and make it stick across the organization

IT governance is the responsibility of the board of directors and executive management. It is an

integral part of enterprise governance

and consists of the leadership and organizational structures and processes that

ensure that

the organization’s

IT sustains and extends the organization’s strategies

and objectives.

— Source: The IT Governance Institute

Term used to describe how those persons entrusted with governance of an entity will consider IT in their

supervision, monitoring, control and direction

Southern California

. How IT is applied within the entity will have an immense impact on whether the entity will attain its vision, mission or strategic goals

— Source: Prof. Robert S. Roussey, University of

A structure of control the enterprise in order to achieve the enterprise’s goals by

relationships and processes adding value while balancing risk

to direct and versus return over IT and its processes.

— Source: Cobit Executive Summary

© 2009 IBM Corporation 16

IT Governance Drivers

17

IT Principles & Policies Accountability Framework Processes & Decision Models Strategic Alignment, Risk and Resource Management Performance Management Value Management

• •

Guiding Principles Standards and procedures

• •

Organizational structures & functional interrelationships Individuals or bodies .e.g. committees, boards, empowered to make IT decisions

• •

Sequence of activities and decision paths In line with the number and type of decision

• •

Demand mgmt : ensure alignment / manage portfolio and investments Supply management : provisioning and supply of products and services

• •

Outcome focused – Is IT Function meeting the objectives?

Process focused – Are the IT processes operating effectively

•

Delivery of business value from IT investments

© 2009 IBM Corporation

18

Program Management Office (PMO) types



Temporary PMO

– For achieving specific business benefits – Decision of formation of PMO is taken based on size of the program (most economical for min 30 associates) – Largely Administrative – PMO disbanded post program retirement – E.g. ERP Rollout Program Office 

Permanent PMO

– For continuous organizational improvement – Decision is based on the criticality of the objectives – Establishes the best practice framework and rolls out across the organization – E.g. Corporate Program Office, Chairman ’ s Program Office, Office of the CIO (OCIO) © 2009 IBM Corporation

The Office of the CIO (OCIO)

 OCIO is Permanent type of PMO  5 % of 2000 CIOs participating in Gartner’s Executive Program (EXP) have OCIO  OCIO acts as the mouth piece of centralized IT  Provides transparency of IT to business  Extremely important step towards Business – IT Alignment  Mostly popular in Governments & large distributed organizations  The US Departments of Commerce and Agricultural leverage the OCIO – Standardization of IT roles and responsibility execution – Processes application development to help desk support are developed and standardized – This consistency supports stronger and more accurate reporting 19 Strategy planning, lessons learned and financial IT performance are formally reviewed quarterly which is facilitated by the office of the CIO

— Zack Hicks, corporate manager at Toyota's office of the CIO Torrance, California

© 2009 IBM Corporation

20

PMO Within OCIO

© 2009 IBM Corporation

COBIT Framework - Activities and Responsibilities

PO1 RACI Chart Key Activities

1 Link business goals to IT goals 2 Identify critical dependencies and current performance 3 Build IT strategic plan 4 Build IT tactical plans 5 Analyze and manage project and service portfolios C C A C C

C EO

I C C I I

C FO B u si n es s E x ec

A/R

C

R

IO

R C A/R R I A A C C I

B u si n es s S r Mn gm H ea t d O pe ra ti o n C s h ie f A rc h it e ct H ea d D ev e lo pm e n t H ea d IT A dm in P MO

C C C C C C C C I C R C R C C C R C C R C

C A R S

C C I I

Business Executive Business Sr Management Head of Operations Chief Architect or CTO Head of Development Head of IT Admin HR, Fin, etc

21 CARS: Compliance, audit, risk and security (groups with control responsibilities who do not have operational IT responsibilities) Source : ISACA, COBIT © 2009 IBM Corporation

VAL IT Recommended Organization Chart

22 Source : ISACA, Val IT Framework © 2009 IBM Corporation

Role Definitions for VAL IT

23 Source : ISACA, Val IT Framework © 2009 IBM Corporation

VAL IT Framework RACI

24 Source : ISACA, Val IT Framework © 2009 IBM Corporation

Governance of Outsourcing

25 Ref : Capgemini Outsourcing Report © 2009 IBM Corporation

Client-Vendor Engagement : Governance of Outsourcing

26 Ref : Gartner © 2009 IBM Corporation

Why focus on IT Governance?

“Top performing enterprises generate returns on their IT investments up to 40 percent greater than their competitors.”

 they clarify business strategies and the role of IT in achieving them  they measure and manage the amount spent and value received  they assign accountability for changes and decisions required to benefit from IT capabilities  they become adept at sharing and reusing IT assets

- IT Governance, Peter Weill & Jeanne W. Ross, HBS Press

“Firms with above average IT governance combined with a specific business strategy (eg. customer intimacy) had >20% higher profits than firms pursuing the same strategy”

Source: 2005 MIT SeeIT/CISR survey (625 firms); Peter Weill & Stephanie Woerner

27

Investors have acknowledged their awareness of importance of governance, demonstrating a willingness to pay premium of up to 20 percent on shares of enterprises known to have a governance framework in place

- McKinsey Report 2000

© 2009 IBM Corporation

Applying IT Governance to Enterprise Initiatives

 Strategy Operationalization  IT Enabled Enterprise Transformation Program  Underlying Organizational Change Management  Portfolio / Investment Management  Framework Implementations e.g. COBIT, ITIL (IT Control Establishments)  Collaborative Innovation 28 © 2009 IBM Corporation

Enterprise Initiatives Classification

Source : W. “ RP ” Raghupathi August 2007/Vol. 50, No. 8 COMMUNICATIONS OF THE ACM 29 © 2009 IBM Corporation

Enterprise Initiatives Landscape

• • •

Portfolio / Investment Management : Stage 1 Framework Implementations e.g. COBIT, ITIL (IT Control Establishments) : Stage 1 & 2 Collaborative Innovation : All Stages

•

Audits & Assessments : All Stages

• •

Strategy Operationalization : Stage 1 & 2

•

IT Enabled Enterprise Transformation Program : All Stages Underlying Organizational Change Management : All Stages

Source : W. “ RP ” Raghupathi August 2007/Vol. 50, No. 8 COMMUNICATIONS OF THE ACM 30 © 2009 IBM Corporation

IT Governance for Enterprise Transformation Programs

31 © 2009 IBM Corporation

Case Study 1 : Manufacturing - Europe

Problem Statement

       Global organization with revenue of US$ 9 BN First time in the life span started multi million dollar ERP program and did not succeed in 3 previous attempts Integrations within applications growing out of hand Program Office not established Low awareness and practice of Project Management Methodology Business frustrated due to consistent failures and not supportive of the initiative Processes adequate for managing small project but not sustainable for large programs

Solution Provided

      a) Creation of program office b) Program Sponsor to undertake the OCM c) Revalidation of vendor commitment and customized framework for vendor and application evaluation Operationalization plan of IT strategy objectives related to program Mentoring the Program Manager Creation / implementation of Business IT alignment initiatives Establishment of core processes such as risk and quality at the program level Definition of process maturity framework 32 © 2009 IBM Corporation

Case Study 2 : How Org Context Affects the IT Governance

33 Source: Carol V Brown Graduate Business School Indiana University © 2009 IBM Corporation

How Leading firms behave differently

    

Greater top mgmt commitment to IT More integrated business and IT planning Less political turbulence Higher user satisfaction with IT More experience managing IT

34 © 2009 IBM Corporation

Thank you

Contact Shrikant Patil

Senior Advisory Consultant, IBM India

[email protected]

9620201083

35 © 2009 IBM Corporation