Transcript
  • 8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT

    1/11

    Page 1

    Establishing Sustainable IT Governance: Bridging the Gap Between

    Enterprise Business and IT

    Shane Molinari, PMP

    Time is a precious resource. Establishing a governance framework as a formal deliverable with policies,

    procedures, and processes should be straightforward and deliberate. Further, leveraging formal guidelines and

    standards (e.g., COBIT, PMI, ISO, Six Sigma) is a tried and true means to achieving goals the right way the first

    time. Governance involves making sound decisions. It is the framework of authority that encourages desired

    behaviors in the overall governmental body. Delving deeper, Information Technology (IT) governance is an integral

    part of enterprise governance and consists of the leadership and organizational structures and processes that ensure

    that the organization's IT sustains and extends the organization's strategies and objectives (Palmer, 2005).

    The objective is to provide state government leadership with information that can be leveraged to establish

    and drive overarching sustainable IT governance, bridging the gaps between the business and IT silos. Given the

    ongoing budget cutbacks with the potential for more to follow, state governments need to establish a sustainable

    governance program in order to reduce lost monies from inefficient operations and ineffective means of controlling

    projects and programs.

    However, it is critical that efforts be an evolutionary approach, to build sustainability into the governance

    procedures and processes. This will help to gain cultural and formal buy-in from both individual team members and

    senior executive leadership respectively.

    Strategic Approach

    As with any resolution effort, the organizational leadership needs to understand what tools currently exist

    that can be used during the initial steps. The figure below is an illustration of the overarching strategy to crafting the

    governance processes and procedures.

  • 8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT

    2/11

  • 8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT

    3/11

    Page 3

    Figure 2. Enterprise and Program Level Governance Framework(ITGI, 2007)

    Plans

    For anyone who has participated in scuba diving, the saying Plan your dive and dive your plan is not

    simply a statement that rings true, it is a statement that can prevent turning a great experience into a painful one. The

    same approach should be taken by leadership when leveraging best practices and the core fundamentals: Plan your

    execution and execute your plan. The result will be the construction of a solid groundwork for executing a

    governance strategy. As with most journeys, a basic roadmap needs to be consulted and followed, similar to the ITIL

    roadmap illustrated below in Figure 3.

    CIO / CTO

    Board of

    Directors

    Steering

    Committee

    Executive Board

    Strategic Planning

    Project

    Manager

    Project Teams

    Service

    Provider

    (Internal and

    External)

    Develop Implement Deploy

    Internal Processes(Contracting, Legal, etc.)

    Service Level Agreements

    Enterprise Continuum

    Program Director

    DiffusionandConformance

    Alignment

    Guidance

    RegulatoryRequirements

    A ut hor it y St ru ct ur es S tan da rd s

    Stewardship

    Internal and

    External

    Stakeholders

    Stakeholder

    Oversight

    Monitoring

    Provide Change

    Alignment

    Program

    Level

    EnterpriseLe

    vel

  • 8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT

    4/11

    Page 4

    Figure 3. Governance Roadmap (ITIL V3.0, 2008)

    Building Cultural and Formal Governance

    Effective leadership is critical when building the fundamental cultural and formal governance processes and

    procedures. The first and most difficult effort for the executive leaders will be to establish the cultural paradigm to

    execute change within the organizational membership. Executive and program level leadership must demonstrate

    key traits including:

    Raise awareness and

    obtain management

    commitment

    Define scope Define risksDefine resources

    and deliverablesPlan the Program

    Analyze gaps andidentify

    improvements

    Define target for

    improvement

    Assess actual

    performance

    Define the

    supporting projects

    Develop

    improvement plan

    Implement

    improvements

    Monitor

    implementation

    performance

    Build sustainability

    Identify new

    governance

    requirements

    Review the

    Programs

    effectiveness

    Identify Needs

    Envision Solution

    Plan Solution

    Implement Solution

    Operationalize Solution

    Trade tools include:

    COBIT

    PMI

    Six Sigma

    ITIL

  • 8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT

    5/11

  • 8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT

    6/11

    Page 6

    Patterns

    Customizing the fundamentals can be accomplished at a relatively rapid pace to fit the needs of the

    respective agency, while maintaining the basics of the leveraged standards and best practices. Once the processes are

    in place, the effort then becomes a matter of process management and continuous improvements.

  • 8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT

    7/11

    Page 7

    Capability Maturity

    Regarding Capability Maturity, Brad Boston, Senior Vice President and CIO at Cisco Systems, said it best.

    Referencing runaway IT costs as often having very little governance, he said, Its much harder to get a return on an

    investment if you have to support separate applications, environments, and databases. (Adams, 2003)

    Figure 4. State of Organizational Capability Maturity

    According to the American Society of Quality, at CMM 1 the organization is flying by the seat of its pants

    with very little or nothing in terms of defined processes. Continuing to level 2, the organization has fundamental

    processes in place, still in a reactive mode, but is working to manage their operations. At level 3 of process maturity,

    the organization has established formal processes and is starting to leverage the quality results to improve processes

    and procedures (Cobb, 2003). Regarding Level 4 Capability Maturity (Managed), leadership and management

    should be able to effectively control the respective process and set quantitative goals. This can be accomplished by

    leveraging effective tools, such as process metrics (e.g., ITIL) and other continuous improvement techniques (e.g.,

    Six Sigmas DMAIC rule) (Benbow, 2005).

    It is equally important to note that although there are five levels, the fifth level is streamlining operations in

    its purest form. However, the second and third level should be the initial goal, considering it could take as long as

    18-months to attain level 3 capabilities.

    Metrics

    There is an old management adage that remains accurate even today, You can't manage what you don't

    measure (Knowledge@Wharton, 2006). Good metrics and measures provide the ability to see which processes are

    AREYOUHERE

    ?

    DESIREDSTATE?

    XLevel 1Ad Hoc

    Level 4

    Managed

    BESTPOSSIBLE

    STATE

    Level 5Streamlining

  • 8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT

    8/11

    Page 8

    improving and which are not. The table below is an example of an Enterprise Balanced Scorecard taken from the

    Information Systems Audit and Control Association (ISACA).

    Perspective Objective Sample Metrics

    Financial Short /Long Term $ SuccessLong Term Change Success Return of InvestmentSuccess of Change

    Stakeholders

    Ethics and Legal ComplianceGovernance and AccountabilityManaging Stakeholders' Needs

    Number of Ethical/Legal ViolationsNumber of Voluntary DisclosuresNumber of Stakeholder Meetings

    Internal Processes

    Risk and Crisis ManagementPerformance Evaluation SystemsReview of Strategic PlansFunctioning of the Governance Board

    Number of Risk Audits PerformedNumber of Hours Spent on

    Strategic IssuesOverall Attendance at Meetings

    Learning and GrowthComposition of the Governance BoardSkills and Knowledge

    % Directors Financially LiterateExistence of Training Programs

    Table 1. Enterprise Balanced Scorecard Metrics (Grembergen and Haes, 2005)

    Similar to the previous table, the table below is an example of an Enterprise Balanced Scorecard taken from the

    ISACA.

    Perspective Objective Sample Metrics

    Executive

    Level

    Business/IT AlignmentValue DeliveryCost ManagementRisk ManagementIntra-Govt Agency Synergy

    Operational Budget ApprovalBusiness Unit PerformanceExpense/Recovery TargetsResults of Internal AuditsSingle System Solutions

    Internal

    Customer

    Customer SatisfactionCompetitive CostsDevelopment PerformanceOperational Performance

    Business Unit Survey RatingsAttainment of Unit-Cost TargetsMajor Project ScoresAttainment of Targeted Levels

    Operational Excellence

    Development ProcessOperational Process MaturityEnterprise Architecture

    Change Management EffectivenessLevel of IT ProcessesState of Infrastructure Assessment

    FutureResource ManagementKnowledge Management

    Staff TurnoverImplementation of Learned Lessons

    Table 2. IT Program Balanced Scorecard Metrics (Grembergen and Haes, 2005)

    Risks

    Risk management is the process of identifying events or situations that can adversely affect the stated goals or

    objectives and developing strategies to avoid or minimize these negative outcomes. Without formal risk

    management, leaders can easily find themselves reacting to negative events rather than anticipating those events in

    ways that decrease the probability of the negative events occurring. The risks in driving IT governance include:

    Lack of management action on recommended improvement opportunities

  • 8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT

    9/11

    Page 9

    Not involving the right people at all levels to plan, build, test, and implement governance process

    improvements

    Being overly-ambitious it is very important that the framers of this endeavor not try to improve

    everything at once. Be realistic with timelines and expectations.

    Not performing all steps of the roadmap it is important that all steps of the improvement process be

    followed; missing any one step can lead to a poor decision on what and how to improve. This includes the

    risk of not discussing improvement opportunities with IT leadership. Both IT and the business have to be

    involved in improvement decisions that will impact one another.

    Benefits of a Sustained Approach

    Fundamentally, establishing and maintaining sustainable IT governance processes and procedures can provide

    several benefits including:

    Executive Leadership gains insight into the overall enterprise relationship between business and IT, thereby

    increasing the capability to improve cross-functional communication, control, and effectiveness.

    Governance processes make it easier to consolidate the separate operational and IT functions into one,

    making it simpler to find ways to use fewer and more common parts, thereby saving money.

    Leadership can control objectives to assess how well groups are maintaining policies, ensuring consistent

    practices and leveraging consistent processes to manage changes.

    Organizations can better prepare for audit processes like Sarbanes-Oxley and HIPPA by leveraging

    industry standards (i.e., ISO and IEEE) and best practices (i.e., PMI, Six Sigma, and COBIT).

    There are real-world success stories, whereby the common denominator seems to be that the framework is

    organized by summary controls objectives, which then break out into detailed controls. IT leaders then leverage

    collections of controls and create checklists to assess current operations and incorporate them into due diligence

    activities.

    Skip Philson, Nebraskas Project Office Manager, described managing more than 1,300 new projects with

    better risk control and cost reduction to increase the value provided back to their taxpayers (CA, 2007).

  • 8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT

    10/11

    Page 10

    Michigans Child Support Enforcement System was able to avert $147M in federal penalties for FY 2001-

    2003 and report out a Return on Investment value of 2.1 (money earned / money spent). They also reported

    the establishment of their Governance Model and Project Control Office (NASCIO, 2006).

    The DoD cited benefits including eliminated overlapping and/or redundant data creation efforts, reduced

    cycle time, and improved legal compliance (DTIC, 2006).

    Conclusion

    This paper demonstrated how leveraging formal governance best practices, guidelines, and standards can

    lead to achieving goals the right way the first time to ensure that the state government leadership sustains and

    extends the organization's strategies and objectives. This evolutionary approach will help to gain formal and cultural

    buy-in from both senior executive leadership and individual team members.

    The need for IT governance is growing along with the demand for greater accountability of IT activities

    and expenditure. Executive management can successfully establish a sustainable IT governance to manage IT

    infrastructure, systems, services and projects efficiently and effectively.

    Shane Molinari, PMP

    is president of Molinari Technical Solutions, LLC specializing in systems approach to project recovery and Change

    Management consulting. He received his MSc in Technology Management with a focus in Systems Engineering and

    Design. Mr. Molinari has more than 10 years of international experience, leveraging professional certifications

    including Project Management Professional, Six-Sigma Master Black Belt, Rational Unified Process Software

    Designer, and IT Service Management. His extensive background includes Department of Defense, State

    Government, industrial, and commercial organizations. Recently, his work has extended beyond consulting to

    lecturing on IT strategic planning and establishing sustainable IT governance. He can be reached atshanem@mts-

    llc.org.

  • 8/8/2019 20080326-SMolinari-Bridging the Gap Between Enterprise Business and IT

    11/11

    Page 11

    References

    1. Benbow, D. (2005). The Certified Six Sigma Black Belt Handbook. Milwaukee: ASQ Quality Press

    2. CA, Inc. (2007). Success Stories: State of Nebraska Improves Efficiency of its Projects with IT

    Governance. Retrieved January 31, 2008 from http://ca.com/us/success/collateral.aspx?cid=153761)

    3. Cobb, C. (2003). From Quality to Business Excellence: A Systems Approach to Management. Milwaukee:

    ASQ Quality Press

    4. Collins, J. (2001). Good to Great. New York: HarperCollins

    5. Defense Technical Information Center (DTIC). (2006, April). Department of Defense Guidance for

    Implementing Net-Centric Data Sharing. Retrieved January 30, 2008 from

    http://www.dtic.mil/whs/directives

    6. Duncan, W. (1996). A Guide to the Project Management Body of Knowledge. Newtown Square: PMI

    7. Information Systems Audit and Control Association. 2008. http://www.isaca.org

    8. IT Governance Institute (ITGI). (2007). COBIT 4.1: Framework-Control Objectives-Management

    Guidelines-Maturity Models. Rolling Meadows: IT Governance Institute

    9. IT Infrastructure Library Version 3. 2008. http://www.best-management-practice.com

    10. Knowledge@Wharton. (2006, September). You Can't Manage What You Can't Measure: Maximizing

    Supply Chain Value. Retrieved January 30, 2008 fromhttp://knowledge.wharton.upenn.edu/article.cfm?

    articleid=1546

    11. National Association of State Chief Information Officers (NASCIO). (2006). Michigans Project

    Management and Governance Model. Retrieved February 3, 2008 from

    www.nascio.org/awards/nominations/2006Michigan10.pdf

    12. Palmer, R. (2005). IT Service Management Foundation: ITIL Study Guide. Corinth: Gulf Stream Press

    13. Van Grembergen, W. & De Haes, S. (2005). Measuring and Improving IT Governance Through the

    Balanced Scorecard, Volume 2. Retrieved February 2, 2008 from

    http://www.isaca.org/Content/ContentGroups/Journal1/20058/Measuring_and_Improving_IT_Governance

    _Through_the_Balanced_Scorecard.htm

    14. Adams, C. (2003, November/December). iQ Magazine: Seven Leadership Strategies for IT Success.

    Retrieved February 3, 2008 from www.xynomedia.com/media/Seven_Leadership_Strategies.pdf

    http://ca.com/us/success/collateral.aspx?cid=153761http://knowledge.wharton.upenn.edu/article.cfm?articleid=1546http://knowledge.wharton.upenn.edu/article.cfm?articleid=1546http://knowledge.wharton.upenn.edu/article.cfm?articleid=1546http://www.nascio.org/awards/nominations/2006Michigan10.pdfhttp://ca.com/us/success/collateral.aspx?cid=153761http://knowledge.wharton.upenn.edu/article.cfm?articleid=1546http://knowledge.wharton.upenn.edu/article.cfm?articleid=1546http://www.nascio.org/awards/nominations/2006Michigan10.pdf