Which IT Governance Model Is Right for Your Business

by Elizabeth Ferrarini

Two leading consultants weigh in on how you should choose the model that will best serve your company.

At one time, IT departments made decisions fast and loose, doing their best to keep up with the demands of a booming economy and pressure for more infrastructure. The recovery from the 2002 economic recession has prompted IT managers to re-evaluate their decision-making processes to align themselves with the rest of the company’s goals.

Gary Hardy, a governance consultant for the non-profit industry group IT Governance Institute, says that an IT department resembles the engine room in the ship. Says Hardy, “If the people down below don’t know where the ship is headed, the whole thing can be catastrophic.”

If you’ve been listening to governance experts such as Hardy, you know the benefits of coming up with clear decision-making policies through a defined governance model. Deciding to enact governance policies is the easy part. Once you’ve got the green light, the trickier steps include developing and enacting a model that suits your company.

Devising a Governance Model

The first step in developing a governance model consists of polling the entire business for ideas. Most experts suggest forming a company management committee to oversee development of your IT governance model.

Tom Wong, who specializes in governance issues for the consulting firm of Ernst & Young, says that the most effective way of doing this is to form a workgroup or focus group from different representatives, then take that forward to determine what areas the company should focus on governing.

When Wong helps facilitate developmental focus groups, he tries to encourage businesses to think about four main components that their governance model should manage: IT value delivery, IT strategic alliance, risk management, and performance measurements.

One way to ensure that each of these key components is addressed is by taking cues from an already developed governance framework

Looking at Some Frameworks

In 1992, a group of industry veterans decided that the only way to get the governance problem fixed across the board was to come up with a standard framework around which businesses should build their policies.

Hardy says that it helps to have an overarching frame of reference. He was one of the insiders who eventually came up with the CobiT model of governance.

One of the most popular governance frameworks in the world, CobiT has been joined by others over the years, including IT Infrastructure Library or ITIL, ISO17799, and CMM. According to Hardy, they all can benefit organizations in some way, because most frameworks offer some specialization in governance. For example, ISO17799 focuses mainly on security matters, while ITIL offers guidance on decisions surrounding operations and service management.

Because CobiT was designed to work as a higher-level umbrella framework, Hardy says that it naturally works well in conjunction with other frameworks. Both he and Wong say that organizations should never simply choose a single framework, but instead try to use what they can from each.

“All of those frameworks are basically just tools. The most important thing is determining how they will integrate with your overall corporate governance policy,” says Wong, who also does work for the IT Governance Institute. “Take what is out there and use pieces that relate to your company.”

This piecemeal practice is widely used, so much so that many of the groups responsible for each standard are beginning to work together.

“We are seeing a lot of convergence of control frameworks as we try to reduce user confusion,” Wong says.

One example of this convergence, says Hardy, is an ongoing project between the British government and the IT Governance Institute to integrate CobiT and ITIL principles.

Deciding What to Enact

When coming up with governance policies, both Wong and Hardy suggest a graduated approach to implementation.

“One of the big mistakes people make is taking the shotgun, big-bang approach, trying to come up with their whole governance program at once,” says Wong. “What they don’t realize is they are never going to get the kind of resources necessary to get business units to roll it out in one big bang. The trick is coming up with an implementation schedule.”

Hardy backs up Wong, explaining, “This is not something that you can do just like that. It takes several years and, in fact, never really stops.”

They both suggest having the governance committee take a look at each policy it would like to enact and matrix each by priority, by degree of benefit, and by rank.

“That way, you break these things up into little projects and implement them one at a time, starting with those that are easy to implement and have a high potential for success,” Wong says.

Simpler is Better

Implementing a comprehensive governance model may sometimes be complicated, but the principles behind the model shouldn’t be, Hardy says. “Really, a lot of it is pretty obvious,” he says. “It all comes back to commonsense principles, and in many cases, it is simply fighting IT’s ‘firefighting mentality.’”

When developing a method for managing IT decision making, remember that the solution will have ramifications throughout the company. It follows, then, that the model should be based on input from across the company.

Hardy says that this isn’t just an IT initiative: the best way to approach it is as a shared activity. It is strongly recommended that you assemble some sort of council or IT strategy committee when coming up with a governance model.

So who should be involved in this committee? Typically, it should be senior-level management from business groups that represent IT’s user base. Each business unit should prepare for development with some sort of user-level self-assessment and then send managers from each user group to the meeting armed with the answers. Beyond this, another group that should have a high level of involvement is finance, which will want to control how purchasing decisions are made.

Yet one group that isn’t such an obvious choice for involvement, but should definitely be represented, is operations. Wong says that operations frontline people are usually the most dependent on IT infrastructure and can give good insight into what the company needs from its IT staff.

--

Elizabeth Ferrarini is an IT consultant from Boston, Massachusetts.

home

sponsored by
BMC Software
Remedy

advertisement

Are you losing visitors ($) because your server is down or performing poorly?

How well is your infrastructure performing?

Do you need a solution "up-and-running" today?

Award winning PATROL Express monitors the performance and availability of:

  • servers
  • applications
  • storage devices
  • network devices

PATROL Express also monitors the performance and availability of web transactions.

Monitoring is accomplished remotely (agentless) with no software residing on the elements being monitored.

PATROL Express:

  • drives down operating costs
  • measures customers’ true end-to-end Web site experiences
  • helps improve service levels
  • offers centralized access to reports via a the web
  • reports against user-defined service level objectives

"Enterprises looking for a simple way to deploy a management product, either as an enterprisewide solution or as one limited to remote divisions, must look at BMC Patrol Express...
Jeane Pierre Garbani
- Giga Information Group

PATROL Express augments Corio's world-class monitoring infrastructure by providing quick delivery of a cost-effective monitoring solution for Corio customers. Corio has achieved a 35 percent cost savings using PATROL Express..."
- Noahal Mundt
Senior Architect, Corio

"PATROL Express meets our criteria: it is fast to install, scalable and easy to operate. It delivers the management features we need and uses an agentless architecture."
- Lau Soon Liang
Assistant CEO, National Computer Systems Pte. Ltd.

Try it NOW>>

 

 

 

 
Copyright (c) 2004-2005, nextslm.org. All Rights Reserved. Legal Statement.