Establishing
IT GovernanceEstablishing
IT Governance
For quite some time, we’ve been recommending that organisations need to establish an effective system of governance for their use of IT. As pointed out below by our correspondent from Compuware, establishing a system of governance is not achieved merely through installation of a software product.
For organisations that understand the value in effective governance, and which are not experiencing any particular difficulty at present, we suggest a five step approach to establishing effective system for Corporate Governance of IT.
1. Develop Awareness;
2. Benchmark;
3. Design Governance Program;
4. Implement Progressively;
5. Review.
Step 1 – Develop Awareness
The essential starting point is development of top management awareness of IT Governance. Regardless of how IT is delivered, responsibility for determining the way that the organisation uses IT remains with management and the board, and a broad management and board awareness of the issues to be addressed in IT Governance is vital.
Infonomics Executive Briefings and related material can assist with the introduction, as can sources such as the IT Governance Institute.
The Infonomics Seminar “IT Governance – Insight and Perspective at the Top” is designed to develop a solid appreciation of what IT Governance is about. Designed for executives and directors (and also relevant to IT specialists), the one day seminar introduces the Australian Standard for Corporate Governance of ICT (AS8015), and a framework against which the key processes for the System of IT Governance can be designed. It provides a valuable grounding for an organisation that intends to establish a formal system of governance.
Step 2 – Benchmark
It is often said that organisations can only manage what they can measure – and it will be valuable for any organisation to establish a benchmark measure of its existing control over IT, before embarking on change. The benchmark will serve two purposes: initially it will assist in prioritising the work on improving governance and subsequently it will serve as a yardstick against which improvements can be reported and assessed.
Preparing the benchmark involves completion of a comprehensive questionnaire by selected personnel. The results of the questionnaire are modelled to generate a profile of areas requiring attention and to provide an “alignment index” or score.
Step 3 – Design Governance Program
Taking into account the increased awareness of the important aspects of IT Governance, this step commences with establishment of the IT governance model specifically for the organisation. The design process focuses on:
Establishing corporate policy corresponding to the six principles for good governance of IT as set out in AS8015;
Identifying (but not detailing) the key processes and structures (such as management and board committees if necessary) required for control of planning, delivery and use of IT;
Prioritising and scheduling the effort to implement the processes, taking into account overall corporate priority, availability of relevant personnel, information from steps 1 and 2, and outcomes of the current IT review. As far as practical, the schedule should link development of the governance elements to the time when they will be needed.
Step 4 – Implement Progressively
Working to the plan established in step 3, develop the processes, structures, templates and any other tools required, and establish these as normal practice in the running of the organisation. This effort may include training and coaching to ensure that the relevant personnel are adequately equipped to perform the required roles.
Step 5 – Review
At key points through the implementation process, on completion, and on a periodic (annual) basis, review the effectiveness and performance of its IT Governance. An effective way to do the periodic assessment is to repeat the assessment from step 2. The interim reviews would use more specific measurement criteria, linked to the specific objectives to be set out for the Governance Program.
Organising a Governance Program
An effective system of governance for IT depends on the top levels of management and the board having appropriate understanding of, and confidence in the system. It is therefore appropriate for top management and the board to be involved in the development of an organisation’s IT Governance.
We suggest that two or three board members also participate in the process – ideally through establishment of an appropriate board committee that ensures the same attention to IT matters as the Audit committee gives to finance and the risk committee gives to risk. This will assist the board members in their contribution to the design of the governance system – particularly regarding the means by which the board engages in the system to provide appropriate oversight.
The first three steps of the above approach can and should be completed promptly – within approximately four weeks, as follows:
Week 1 – Conduct Seminar and issue assessment questionnaires;
Week 2 – Collect questionnaire responses and compile benchmark report;
Week 3 – Deliver benchmark report and develop policies;
Week 3 & 4 – Finalise governance program design.
Timing of subsequent work would be mapped out as part of designing the governance program.
To enquire about assistance in developing an IT Governance model for your organisation, please contact Infonomics Business Development Manager Ben Scheltus at bscheltus@infonomics.com.au.