8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT
1/11
Page 1
Establishing Sustainable IT Governance: Bridging the Gap Between
Enterprise Business and IT
Shane Molinari, PMP
Time is a precious resource. Establishing a governance framework as a formal deliverable with policies,
procedures, and processes should be straightforward and deliberate. Further, leveraging formal guidelines and
standards (e.g., COBIT, PMI, ISO, Six Sigma) is a tried and true means to achieving goals the right way the first
time. Governance involves making sound decisions. It is the framework of authority that encourages desired
behaviors in the overall governmental body. Delving deeper, Information Technology (IT) governance is an integral
part of enterprise governance and consists of the leadership and organizational structures and processes that ensure
that the organization's IT sustains and extends the organization's strategies and objectives (Palmer, 2005).
The objective is to provide state government leadership with information that can be leveraged to establish
and drive overarching sustainable IT governance, bridging the gaps between the business and IT silos. Given the
ongoing budget cutbacks with the potential for more to follow, state governments need to establish a sustainable
governance program in order to reduce lost monies from inefficient operations and ineffective means of controlling
projects and programs.
However, it is critical that efforts be an evolutionary approach, to build sustainability into the governance
procedures and processes. This will help to gain cultural and formal buy-in from both individual team members and
senior executive leadership respectively.
Strategic Approach
As with any resolution effort, the organizational leadership needs to understand what tools currently exist
that can be used during the initial steps. The figure below is an illustration of the overarching strategy to crafting the
governance processes and procedures.
8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT
2/11
8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT
3/11
Page 3
Figure 2. Enterprise and Program Level Governance Framework(ITGI, 2007)
Plans
For anyone who has participated in scuba diving, the saying Plan your dive and dive your plan is not
simply a statement that rings true, it is a statement that can prevent turning a great experience into a painful one. The
same approach should be taken by leadership when leveraging best practices and the core fundamentals: Plan your
execution and execute your plan. The result will be the construction of a solid groundwork for executing a
governance strategy. As with most journeys, a basic roadmap needs to be consulted and followed, similar to the ITIL
roadmap illustrated below in Figure 3.
CIO / CTO
Board of
Directors
Steering
Committee
Executive Board
Strategic Planning
Project
Manager
Project Teams
Service
Provider
(Internal and
External)
Develop Implement Deploy
Internal Processes(Contracting, Legal, etc.)
Service Level Agreements
Enterprise Continuum
Program Director
DiffusionandConformance
Alignment
Guidance
RegulatoryRequirements
A ut hor it y St ru ct ur es S tan da rd s
Stewardship
Internal and
External
Stakeholders
Stakeholder
Oversight
Monitoring
Provide Change
Alignment
Program
Level
EnterpriseLe
vel
8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT
4/11
Page 4
Figure 3. Governance Roadmap (ITIL V3.0, 2008)
Building Cultural and Formal Governance
Effective leadership is critical when building the fundamental cultural and formal governance processes and
procedures. The first and most difficult effort for the executive leaders will be to establish the cultural paradigm to
execute change within the organizational membership. Executive and program level leadership must demonstrate
key traits including:
Raise awareness and
obtain management
commitment
Define scope Define risksDefine resources
and deliverablesPlan the Program
Analyze gaps andidentify
improvements
Define target for
improvement
Assess actual
performance
Define the
supporting projects
Develop
improvement plan
Implement
improvements
Monitor
implementation
performance
Build sustainability
Identify new
governance
requirements
Review the
Programs
effectiveness
Identify Needs
Envision Solution
Plan Solution
Implement Solution
Operationalize Solution
Trade tools include:
COBIT
PMI
Six Sigma
ITIL
8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT
5/11
8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT
6/11
Page 6
Patterns
Customizing the fundamentals can be accomplished at a relatively rapid pace to fit the needs of the
respective agency, while maintaining the basics of the leveraged standards and best practices. Once the processes are
in place, the effort then becomes a matter of process management and continuous improvements.
8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT
7/11
Page 7
Capability Maturity
Regarding Capability Maturity, Brad Boston, Senior Vice President and CIO at Cisco Systems, said it best.
Referencing runaway IT costs as often having very little governance, he said, Its much harder to get a return on an
investment if you have to support separate applications, environments, and databases. (Adams, 2003)
Figure 4. State of Organizational Capability Maturity
According to the American Society of Quality, at CMM 1 the organization is flying by the seat of its pants
with very little or nothing in terms of defined processes. Continuing to level 2, the organization has fundamental
processes in place, still in a reactive mode, but is working to manage their operations. At level 3 of process maturity,
the organization has established formal processes and is starting to leverage the quality results to improve processes
and procedures (Cobb, 2003). Regarding Level 4 Capability Maturity (Managed), leadership and management
should be able to effectively control the respective process and set quantitative goals. This can be accomplished by
leveraging effective tools, such as process metrics (e.g., ITIL) and other continuous improvement techniques (e.g.,
Six Sigmas DMAIC rule) (Benbow, 2005).
It is equally important to note that although there are five levels, the fifth level is streamlining operations in
its purest form. However, the second and third level should be the initial goal, considering it could take as long as
18-months to attain level 3 capabilities.
Metrics
There is an old management adage that remains accurate even today, You can't manage what you don't
measure (Knowledge@Wharton, 2006). Good metrics and measures provide the ability to see which processes are
AREYOUHERE
?
DESIREDSTATE?
XLevel 1Ad Hoc
Level 4
Managed
BESTPOSSIBLE
STATE
Level 5Streamlining
8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT
8/11
Page 8
improving and which are not. The table below is an example of an Enterprise Balanced Scorecard taken from the
Information Systems Audit and Control Association (ISACA).
Perspective Objective Sample Metrics
Financial Short /Long Term $ SuccessLong Term Change Success Return of InvestmentSuccess of Change
Stakeholders
Ethics and Legal ComplianceGovernance and AccountabilityManaging Stakeholders' Needs
Number of Ethical/Legal ViolationsNumber of Voluntary DisclosuresNumber of Stakeholder Meetings
Internal Processes
Risk and Crisis ManagementPerformance Evaluation SystemsReview of Strategic PlansFunctioning of the Governance Board
Number of Risk Audits PerformedNumber of Hours Spent on
Strategic IssuesOverall Attendance at Meetings
Learning and GrowthComposition of the Governance BoardSkills and Knowledge
% Directors Financially LiterateExistence of Training Programs
Table 1. Enterprise Balanced Scorecard Metrics (Grembergen and Haes, 2005)
Similar to the previous table, the table below is an example of an Enterprise Balanced Scorecard taken from the
ISACA.
Perspective Objective Sample Metrics
Executive
Level
Business/IT AlignmentValue DeliveryCost ManagementRisk ManagementIntra-Govt Agency Synergy
Operational Budget ApprovalBusiness Unit PerformanceExpense/Recovery TargetsResults of Internal AuditsSingle System Solutions
Internal
Customer
Customer SatisfactionCompetitive CostsDevelopment PerformanceOperational Performance
Business Unit Survey RatingsAttainment of Unit-Cost TargetsMajor Project ScoresAttainment of Targeted Levels
Operational Excellence
Development ProcessOperational Process MaturityEnterprise Architecture
Change Management EffectivenessLevel of IT ProcessesState of Infrastructure Assessment
FutureResource ManagementKnowledge Management
Staff TurnoverImplementation of Learned Lessons
Table 2. IT Program Balanced Scorecard Metrics (Grembergen and Haes, 2005)
Risks
Risk management is the process of identifying events or situations that can adversely affect the stated goals or
objectives and developing strategies to avoid or minimize these negative outcomes. Without formal risk
management, leaders can easily find themselves reacting to negative events rather than anticipating those events in
ways that decrease the probability of the negative events occurring. The risks in driving IT governance include:
Lack of management action on recommended improvement opportunities
8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT
9/11
Page 9
Not involving the right people at all levels to plan, build, test, and implement governance process
improvements
Being overly-ambitious it is very important that the framers of this endeavor not try to improve
everything at once. Be realistic with timelines and expectations.
Not performing all steps of the roadmap it is important that all steps of the improvement process be
followed; missing any one step can lead to a poor decision on what and how to improve. This includes the
risk of not discussing improvement opportunities with IT leadership. Both IT and the business have to be
involved in improvement decisions that will impact one another.
Benefits of a Sustained Approach
Fundamentally, establishing and maintaining sustainable IT governance processes and procedures can provide
several benefits including:
Executive Leadership gains insight into the overall enterprise relationship between business and IT, thereby
increasing the capability to improve cross-functional communication, control, and effectiveness.
Governance processes make it easier to consolidate the separate operational and IT functions into one,
making it simpler to find ways to use fewer and more common parts, thereby saving money.
Leadership can control objectives to assess how well groups are maintaining policies, ensuring consistent
practices and leveraging consistent processes to manage changes.
Organizations can better prepare for audit processes like Sarbanes-Oxley and HIPPA by leveraging
industry standards (i.e., ISO and IEEE) and best practices (i.e., PMI, Six Sigma, and COBIT).
There are real-world success stories, whereby the common denominator seems to be that the framework is
organized by summary controls objectives, which then break out into detailed controls. IT leaders then leverage
collections of controls and create checklists to assess current operations and incorporate them into due diligence
activities.
Skip Philson, Nebraskas Project Office Manager, described managing more than 1,300 new projects with
better risk control and cost reduction to increase the value provided back to their taxpayers (CA, 2007).
8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT
10/11
Page 10
Michigans Child Support Enforcement System was able to avert $147M in federal penalties for FY 2001-
2003 and report out a Return on Investment value of 2.1 (money earned / money spent). They also reported
the establishment of their Governance Model and Project Control Office (NASCIO, 2006).
The DoD cited benefits including eliminated overlapping and/or redundant data creation efforts, reduced
cycle time, and improved legal compliance (DTIC, 2006).
Conclusion
This paper demonstrated how leveraging formal governance best practices, guidelines, and standards can
lead to achieving goals the right way the first time to ensure that the state government leadership sustains and
extends the organization's strategies and objectives. This evolutionary approach will help to gain formal and cultural
buy-in from both senior executive leadership and individual team members.
The need for IT governance is growing along with the demand for greater accountability of IT activities
and expenditure. Executive management can successfully establish a sustainable IT governance to manage IT
infrastructure, systems, services and projects efficiently and effectively.
Shane Molinari, PMP
is president of Molinari Technical Solutions, LLC specializing in systems approach to project recovery and Change
Management consulting. He received his MSc in Technology Management with a focus in Systems Engineering and
Design. Mr. Molinari has more than 10 years of international experience, leveraging professional certifications
including Project Management Professional, Six-Sigma Master Black Belt, Rational Unified Process Software
Designer, and IT Service Management. His extensive background includes Department of Defense, State
Government, industrial, and commercial organizations. Recently, his work has extended beyond consulting to
lecturing on IT strategic planning and establishing sustainable IT governance. He can be reached atshanem@mts-
llc.org.
8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT
11/11
Page 11
References
1. Benbow, D. (2005). The Certified Six Sigma Black Belt Handbook. Milwaukee: ASQ Quality Press
2. CA, Inc. (2007). Success Stories: State of Nebraska Improves Efficiency of its Projects with IT
Governance. Retrieved January 31, 2008 from http://ca.com/us/success/collateral.aspx?cid=153761)
3. Cobb, C. (2003). From Quality to Business Excellence: A Systems Approach to Management. Milwaukee:
ASQ Quality Press
4. Collins, J. (2001). Good to Great. New York: HarperCollins
5. Defense Technical Information Center (DTIC). (2006, April). Department of Defense Guidance for
Implementing Net-Centric Data Sharing. Retrieved January 30, 2008 from
http://www.dtic.mil/whs/directives
6. Duncan, W. (1996). A Guide to the Project Management Body of Knowledge. Newtown Square: PMI
7. Information Systems Audit and Control Association. 2008. http://www.isaca.org
8. IT Governance Institute (ITGI). (2007). COBIT 4.1: Framework-Control Objectives-Management
Guidelines-Maturity Models. Rolling Meadows: IT Governance Institute
9. IT Infrastructure Library Version 3. 2008. http://www.best-management-practice.com
10. Knowledge@Wharton. (2006, September). You Can't Manage What You Can't Measure: Maximizing
Supply Chain Value. Retrieved January 30, 2008 fromhttp://knowledge.wharton.upenn.edu/article.cfm?
articleid=1546
11. National Association of State Chief Information Officers (NASCIO). (2006). Michigans Project
Management and Governance Model. Retrieved February 3, 2008 from
www.nascio.org/awards/nominations/2006Michigan10.pdf
12. Palmer, R. (2005). IT Service Management Foundation: ITIL Study Guide. Corinth: Gulf Stream Press
13. Van Grembergen, W. & De Haes, S. (2005). Measuring and Improving IT Governance Through the
Balanced Scorecard, Volume 2. Retrieved February 2, 2008 from
http://www.isaca.org/Content/ContentGroups/Journal1/20058/Measuring_and_Improving_IT_Governance
_Through_the_Balanced_Scorecard.htm
14. Adams, C. (2003, November/December). iQ Magazine: Seven Leadership Strategies for IT Success.
Retrieved February 3, 2008 from www.xynomedia.com/media/Seven_Leadership_Strategies.pdf
http://ca.com/us/success/collateral.aspx?cid=153761http://knowledge.wharton.upenn.edu/article.cfm?articleid=1546http://knowledge.wharton.upenn.edu/article.cfm?articleid=1546http://knowledge.wharton.upenn.edu/article.cfm?articleid=1546http://www.nascio.org/awards/nominations/2006Michigan10.pdfhttp://ca.com/us/success/collateral.aspx?cid=153761http://knowledge.wharton.upenn.edu/article.cfm?articleid=1546http://knowledge.wharton.upenn.edu/article.cfm?articleid=1546http://www.nascio.org/awards/nominations/2006Michigan10.pdfRecommended