September 2007 — PRINT EDITION    
 
Table of Contents
   
 

Focus on IT governance*

An effective IT governance plan takes time, especially if an organization is introducing changes that are contrary to the corporate culture

By Tony Balasubramanian

*This is an expanded version of a summary that originally appeared in the September 2007 issue of CAmagazine.

With the focus in recent years on corporate governance, it’s no wonder that we shift our attention to IT governance and scrutinize how IT is handled. Given our growing reliance on technology, we can no longer leave IT decisions and risk scenarios to the IT department. Company leaders and management are beginning to realize IT performance affects the whole organization and they must become involved rather than rely on a single stakeholder.

While most organizations recognize the importance of IT governance, most do not have a holistic view that considers all its dimensions. According to a new study from PricewaterhouseCoopers, “IT Governance in Practice,” the concept of IT governance as an umbrella framework has yet to emerge.

The pervasiveness of IT within commercial and public organizations has put pressure on companies to ensure IT is cost efficient and effective. To deliver stakeholder value, the current IT environment requires regulatory compliance, cost control, availability, risk management, alignment between IT and the business, timely project delivery, change and innovation.

The majority (60%) of the CIOs and IT governance specialists surveyed said alignment between IT and the business is the biggest driver and desired outcome of IT governance practices. Respondents said they recognize the importance of IT alignment to deliver sustainable business results, and feel IT governance is one of the best means to achieve this.

At the same time, however, the focus of IT governance initiatives is still very narrow, focusing mainly on risk and control. The initiatives are not considering IT governance from a holistic perspective that can be used to enhance the value of IT for the organization.

In addition, the survey found that performance improvement (56%) and regulatory compliance (40%) were forces driving IT governance implementation and largely initiated by senior management. However, the survey identified that IT governance is not being properly measured and managed. Some organizations said they were measuring the IT governance process and how it works, but very few measured hard benefits or the eventual outcome of governance practices.

To demonstrate value, it is important that organizations track performance, desired benefits and costs from the start—especially if they want to justify the use of unpopular IT governance practices. Companies should actively measure benefits.

Nearly 80% of organizations interviewed also identify additional steps to improve IT governance. These include:

  • improving the clarity of their current overall governance model;
  • defining and executing specific operational and tactical activities;
  • enhancing performance management and measurement;
  • automating some of the data gathering and reporting to support IT governance processes;
  • sustaining the drive for improvement; and
  • ongoing communication and monitoring.

These steps confirm that organizations are going in the right direction to enhance their IT governance programs but we still have a long way to go.

PwC has also identified some critical success factors that are required to ensure an effective IT governance program.

Senior management commitment and vision
IT governance plans have a better chance of succeeding if they are initiated by upper management. For long-term success, it is important that this effort be sustained through adequate available resources and regular follow-up, and that these initiatives, in turn, become a part of the strategic vision of senior managers.

Communication and change management
Organizations can overcome strong resistance to aggressive IT governance programs by offering ongoing communication to inform stakeholders of plans and objectives. This is an effective strategy if formidable IT governance plans or exceptions are introduced.

Focus, execute and enforce
Introducing or improving IT governance practices requires a well-defined plan. Success can only be achieved if stakeholders maintain focus and execute practices as proposed. It is also important to overcome opposition against standardized technology if it has been established as one of the cornerstones of IT governance. Organizations should also establish a structured exception process that documents and manages standard deviations.

Define a benefit management system and set achievable targets
Since the purpose of IT governance is to improve the value of IT for the organization and reduce risk, it is only natural that targets of new or improved IT governance practices are defined and measured. Without a system to define and measure expected benefits, organizations cannot improve their IT governance program going forward.

Evolution, as opposed to revolution
An effective IT governance plan takes time, especially if an organization is introducing significant changes that are contrary to the corporate culture. It is important to plan carefully and allocate adequate time to implement measures and allow the organization to absorb the changes.

Don’t over-engineer IT governance
We say that planning is important yet organizations should not over-compensate by introducing elaborate, multiple committees that overly complicate processes, monitoring and reporting. An over-engineered solution may create more resistance and be ignored, thus rendering the solution ineffective.

Tony R. Balasubramanian is partner, advisory services, with PricewaterhouseCoopers LLP.

For more information about IT Governance in Practice, visit www.pwc.com/ca.