Here are a few ideas to help get started down the path to disciplined IT governance:
Sell IT to the board. The idea of governance itself is closely tied to corporate governance, and most observers agree that good IT governance starts in the boardroom.
The board must apply the same strategic focus to IT matters as they would to any other element of corporate strategy, such as acquisitions or product development. They must support the idea of IT as a strategic lever, and not merely as a cost center.
It is the board that is ultimately responsible for enforcing accountability, and so performance measurement, perhaps in the form of an IT-focused balanced scorecard, is a critical component of board-level IT governance. CIOs must make the case for board-level IT governance, since most IT executives are not lucky enough to have a board that comes to that conclusion independently.
CIOs, for instance, can use the wealth of analyst material, as well as briefings from the IT Governance Institute, to begin educating their board on the movement towards IT governance. They can begin putting some of the structures in place, such as an IT steering committee, and begin applying some of the disciplines, such as IT project portfolio management, to demonstrate that they are “walking-the-walk” in their own management activities.
You can begin to apply a balanced scorecard approach to their own areas of operations, rather than waiting for the board to request or mandate it. CIOs, in short, should prepare a marketing, communications, and education strategy to help move their boards towards a governance oversight structure for IT.
Connect IT to enterprise strategies. When viewed as a back-office operational function, IT can often become disconnected from the organization’s strategic goals. IT teams can get into a tactical rut, where they perform routine IT operational tasks and projects without understanding or buying into the strategies that drive the enterprise.
IT managers need to connect IT activities with strategy at every opportunity.
Every project should be reviewed, with the delivery teams, to make the explicit connection between project goals and corporate objectives. Long-range strategic plans should be prudently communicated to IT staff, so that consensus is built and IT technical resources have a chance to mature into strategic thinkers.
Some IT executives schedule periodic long-range strategy session just for their IT teams, so they can have a concentrated opportunity to look down the road at corporate objectives and develop IT strategies to align more closely with the enterprise.
Think of IT as a portfolio. CIOs manage a portfolio of assets, from hardware and infrastructure to applications and utilities, and they typically also manage a portfolio of projects that may be ongoing simultaneously, such as migrations, application selection projects, and software rollouts.
One of the key elements of IT governance is the “portfolio mentality;” the ability to look at projects, assets, and operations holistically across the breadth of the IT function, and to make investment and priority decisions based on both business case and balance.
Business case discipline requires IT executives to mandate that any incremental investment, from the purchase of disk storage to the development of a custom Web-based storefront, be analyzed from a cost-benefit perspective, with the right level of quantitative rigor to ensure that “pet projects” are not prioritized over more strategically impactful initiatives.
Balance requires CIOs to look at the level of risk of their projects to ensure that they’re not taking on too much or too little risk. Too much risk exposes the enterprise to loss, too little limits the ability to innovate, and so potentially allows rivals to gain competitive advantage.
By beginning to implement portfolio management as part of the standard IT decision process, CIOs can prepare the organization for board-level IT oversight and can help ensure that IT investments are directed at the most fruitful initiatives.
Measure IT. The elemental measurements for IT projects are similar to those for any type of project: Did the project deliver on time, on budget, and with the expected functionality? This “triple constraint” type of measurement is familiar to any project manager, but is not sufficient to fulfill the needs of a rigorous governance process.
The balanced scorecard approach is a widely used framework for applying metrics to the IT function, but it’s not the only framework. At Intel, we’ve developed the business value index, a rigorous set of measurements designed to embed within Intel a repeatable and uniform IT project evaluation process.
This set of metrics is used both to evaluate investments as they are proposed and to monitor their performance throughout the lifecycle. By using a mix of quantitative and qualitative measurements, running the gamut from hard metrics like projected impact on Intel revenues to “softer” measurements like customer satisfaction and intangible benefits, Intel hopes to guide both the decision and monitoring processes with a consistent, enterprise-wide measurement process.
The point is not which process is used; the point is to select (or construct) one that’s compatible with your corporate culture and has the right level of rigor for your needs, and to use it consistently throughout the investment and execution process.