There is currently a lack of consensus as to exactly what good IT governance looks like. Multinational professional services firms, worldwide associations of IT professionals and top universities have all weighed in with significant contributions, producing some agreement, a lot of disagreement and occasional innovations on what constitutes leading practices. But even through all this ambiguity, companies that successfully implement governance realize greater value from their IT investments and increase their corporate competitiveness.
Needless to say, the lack of consensus makes it difficult to define which real or conceptual framework for IT governance will work best in your organization. This difficulty is further compounded by your organization’s unique abilities, culture, structure and objectives, as well as any deficiencies. Cleary, when it comes to governance, one size does not fit all.
Based on our experience, we have been able to identify some commonalities of good IT governance practices. Among firms that are considered more mature, the focus has not necessarily been on implementing a specific industry framework, but on three common areas designed to underpin IT decision making. Their focus, really, is on how IT creates value that fits into the overall corporate strategy. In this model, the governance process is not seen as an IT discipline on its own, but instead requires partnership between IT and the business.
Firms that have more mature IT governance have made a commitment to excellence in the areas of strategic decision making, IT investment management and effective controls for IT value delivery. This is not a simple task to achieve. However, through these commitments, a firm will be able to leverage its technology for business growth, revenue generation and business agility.
All leading industry frameworks for IT governance emphasize the importance of applying business strategy in choosing how a firm should operate in order to optimize IT investment business value generation and mitigate IT-related risks. Strategic decisions help focus and establish clear priorities for IT investment and business management. Strategic decision making means not only that a firm is committing to a particular direction, but also that it is choosing not to pursue potential alternatives or stop projects.
There are several key factors to consider when structuring your IT governance strategy:
While strategy dominates the IT governance body of work, competing industry frameworks begin to diverge at the point where companies begin implementing strategic choices. Research shows that over 76 percent of IT investments fail to achieve their promised return on investment (ROI). Most of this shortfall can be prevented through a disciplined investment process focused on finding and stopping these avoidable value leaks. It is essential to have strategies that maximize the business payoff from IT projects and confidence in qualifying the true business value of funding a desired IT project, along with its benefits realization.
Like any good investment portfolio, your IT investments should be well structured, diversified and designed to maximize your value. There are several key factors to consider when structuring your IT investment management:
The key enabler for the processes above is open and transparent two-way communication between IT and the investment community. This communication needs to provide the right information to the right stakeholders at the right time. It is especially important that it provides transparency into the decision-making process and the ability to influence that process.
In order to realize the value that the investment portfolio is designed to deliver, companies need effective governance controls over the management of the portfolio. This is important to ensure the continued alignment of the portfolio with day-to-day decision making, project delivery and overall strategic direction and business value drivers.
There are several key factors to consider when structuring your IT governance process in value delivery:
Effective IT governance requires a mature, stable overall governance structure and strong, well-functioning committees and Boards. The focus must be on achieving results from strategic choices and helping the IT investment community and stakeholders navigate through the most challenging financial and implementation issues. Enhancing value creation by getting the most out of your IT portfolio requires making the difficult decisions about how to allocate finite resources among all of the potential opportunities and then sequencing the ones that are approved. The business needs to be accountable for the delivery of value from IT-enabled operational capabilities.
Solving this challenge is not simply a matter of implementing an industry-leading IT governance framework. Instead, real solutions are custom-tailored. A key first step is understanding where your governance processes are on the maturity curve and what strengths you have that can be leveraged. Understanding this can help you begin to design a governance approach that is tailored to your organization, along with strategic goals based on the mix of your portfolio. Don’t be surprised if multiple frameworks may need to be blended to meet your unique needs.
 The Standish Group, The Chaos Report (2009)
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
Dave Tilk is the Cleveland-based lead partner for PwC’s Project Assurance practice where he is the National Project Risk and Project Governance practice leader. As part of Dave’s responsibility, he leads the maintenance of the Firm’s System Development and Implementation Assurance tool kit (methods, tools, training), maintaining close alignment with industry standards such as ISO, IEEE, Cobit, CMMI, D and PMI.
Dave helps organizations successfully deliver large-scale business, operational and IT projects on-time, within budget, and to specification, with the achievement of business benefits and organizational acceptance. Dave’s expertise in the areas of project risk management and enterprise project management have resulted in improved project success rates and reduced overall costs for both business process and technology projects. Dave’s professional experience spans over 20 years in project portfolio management, project assurance, systems implementation management, information technology management, and external and internal audit with clients in the automotive, industrial products, chemicals and consumer products industries.
Dave possesses an MBA in Management Information Systems from Cleveland State University. He is a Certified Information Systems Auditor (“CISA”) and was certified a Project Management Professional (“PMP”). He is also a member of ISACA, the American Society for Quality (“ASQ”), and the Project Management Institute (“PMI”).
Dave resides in Cleveland, Ohio where is on the Board of Directors of the Western Reserve Historical Society.