No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • GRC Connect U.S.
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Governance

What Does Good IT Governance Look Like?

by David Tilk
April 1, 2014
in Governance
What Does Good IT Governance Look Like?

There is currently a lack of consensus as to exactly what good IT governance looks like. Multinational professional services firms, worldwide associations of IT professionals and top universities have all weighed in with significant contributions, producing some agreement, a lot of disagreement and occasional innovations on what constitutes leading practices. But even through all this ambiguity, companies that successfully implement governance realize greater value from their IT investments and increase their corporate competitiveness.

Needless to say, the lack of consensus makes it difficult to define which real or conceptual framework for IT governance will work best in your organization. This difficulty is further compounded by your organization’s unique abilities, culture, structure and objectives, as well as any deficiencies. Cleary, when it comes to governance, one size does not fit all.

Based on our experience, we have been able to identify some commonalities of good IT governance practices. Among firms that are considered more mature, the focus has not necessarily been on implementing a specific industry framework, but on three common areas designed to underpin IT decision making. Their focus, really, is on how IT creates value that fits into the overall corporate strategy. In this model, the governance process is not seen as an IT discipline on its own, but instead requires partnership between IT and the business.

Three areas of leading practice

Firms that have more mature IT governance have made a commitment to excellence in the areas of strategic decision making, IT investment management and effective controls for IT value delivery. This is not a simple task to achieve. However, through these commitments, a firm will be able to leverage its technology for business growth, revenue generation and business agility.

  • Strategic decision making is a firm’s commitment to decide on its overall strategic direction and what role technology has to play in supporting that direction—aligning IT initiatives to business goals and objectives.
  • IT investment management is a firm’s commitment to communicating with the IT investing business community as well as using clearly defined measures to make its investment decisions—focusing on value contribution and making hard decisions about priorities.
  • Effective value delivery controls are a firm’s processes and tools for implementing the portfolio successfully, managing risk, realizing the benefits and remaining in compliance with regulatory obligations.

Strategy

All leading industry frameworks for IT governance emphasize the importance of applying business strategy in choosing how a firm should operate in order to optimize IT investment business value generation and mitigate IT-related risks. Strategic decisions help focus and establish clear priorities for IT investment and business management. Strategic decision making means not only that a firm is committing to a particular direction, but also that it is choosing not to pursue potential alternatives or stop projects.

There are several key factors to consider when structuring your IT governance strategy:

  • Integration with corporate strategy. An effective corporate governance strategy allows a firm to manage all aspects of its business in order to meet its objectives. The corporate strategy should therefore provide the framing for the IT strategy and decision-making processes. That is, any IT governance approach should be integrated into the overall governance process and not create additional non-value-added processes.
  • Mature organizational structures. The effectiveness of IT governance committees and advisory boards is directly influenced by their use of shared leadership, the involvement of non-biased members and the application of well-defined roles and responsibilities. Maturing the process speeds decision making and reduces ineffective governance overhead.
  • Balanced IT supply and demand. The impact of corporate needs and business demands on the supply and demand of IT is understood and provides IT with the ability to make better business-supporting decisions and communicate the value delivered back to the business. The key is to balance innovation, control and risk.

Investment

While strategy dominates the IT governance body of work, competing industry frameworks begin to diverge at the point where companies begin implementing strategic choices. Research shows that over 76 percent of IT investments fail to achieve their promised return on investment (ROI)[1]. Most of this shortfall can be prevented through a disciplined investment process focused on finding and stopping these avoidable value leaks. It is essential to have strategies that maximize the business payoff from IT projects and confidence in qualifying the true business value of funding a desired IT project, along with its benefits realization.

Like any good investment portfolio, your IT investments should be well structured, diversified and designed to maximize your value. There are several key factors to consider when structuring your IT investment management:

  • IT service, investment and project valuation. The organization needs to clearly define the value it places on IT services and investments and how this value links back to the overriding strategy. The valuation process needs to consider risk in addition to other monetary measures. Effective investment processes look to balance good business risks with the potential value to be accrued.
  • Standard set of measures. To focus on value measures that really matter, the organization needs to move away from a simple-to-understand, yet complex-to-calculate measure like ROI. Value measures will vary based on industry and business objectives. To measure and benchmark performance, each firm needs to use standard terminology and metrics that allow for effective comparison of proposed investments and give the ability to measure delivered value on an ongoing basis.
  • IT investment portfolio. Use the understanding of the value created or maintained by IT services and investments to make value-based decisions about the content of a balanced portfolio, designed to provide the greatest support to corporate strategy. Focusing too much on spend related to operations will not enable transformation goals. There needs to be a balance among investments related to run, grow and compliance initiatives.

The key enabler for the processes above is open and transparent two-way communication between IT and the investment community. This communication needs to provide the right information to the right stakeholders at the right time. It is especially important that it provides transparency into the decision-making process and the ability to influence that process.

Value delivery controls

In order to realize the value that the investment portfolio is designed to deliver, companies need effective governance controls over the management of the portfolio. This is important to ensure the continued alignment of the portfolio with day-to-day decision making, project delivery and overall strategic direction and business value drivers.

There are several key factors to consider when structuring your IT governance process in value delivery:

  • Comply. The integration of risk, compliance and regulatory obligations in the responsibilities of a firm ensures that business and IT regularly assess and report IT-related risks and their organizational impact. In addition, mature organizations will use technology to help manage and automate solutions for their compliance and regulatory obligations.
  • Grow and transform. An agile governance structure will speed effective decision making over growth investments, from the original business case through the life cycle to the ultimate measurement of value.
  • Run. Ensuring the continued alignment of day-to-day operations with corporate and IT strategies will require mature, yet flexible governance processes with clearly defined roles and responsibilities. It is also important to hold the right people accountable.

Conclusion

Effective IT governance requires a mature, stable overall governance structure and strong, well-functioning committees and Boards. The focus must be on achieving results from strategic choices and helping the IT investment community and stakeholders navigate through the most challenging financial and implementation issues. Enhancing value creation by getting the most out of your IT portfolio requires making the difficult decisions about how to allocate finite resources among all of the potential opportunities and then sequencing the ones that are approved. The business needs to be accountable for the delivery of value from IT-enabled operational capabilities.

Solving this challenge is not simply a matter of implementing an industry-leading IT governance framework. Instead, real solutions are custom-tailored. A key first step is understanding where your governance processes are on the maturity curve and what strengths you have that can be leveraged. Understanding this can help you begin to design a governance approach that is tailored to your organization, along with strategic goals based on the mix of your portfolio. Don’t be surprised if multiple frameworks may need to be blended to meet your unique needs.


[1] The Standish Group, The Chaos Report (2009)


Previous Post

LRN 303 – Insights From LRN’s 2013 Ethics & Compliance Leadership Survey Report

Next Post

FCPA Year in Review 2013, Part 3

David Tilk

David Tilk

About the Author Dave Tilk is the Cleveland-based lead partner for PwC’s Project Assurance practice where he is the National Project Risk and Project Governance practice leader.  As part of Dave’s responsibility, he leads the maintenance of the Firm’s System Development and Implementation Assurance tool kit (methods, tools, training), maintaining close alignment with industry standards such as ISO, IEEE, Cobit, CMMI, D and PMI. Dave helps organizations successfully deliver large-scale business, operational and IT projects on-time, within budget, and to specification, with the achievement of business benefits and organizational acceptance. Dave’s expertise in the areas of project risk management and enterprise project management have resulted in improved project success rates and reduced overall costs for both business process and technology projects. Dave’s professional experience spans over 20 years in project portfolio management, project assurance, systems implementation management, information technology management, and external and internal audit with clients in the automotive, industrial products, chemicals and consumer products industries. Dave possesses an MBA in Management Information Systems from Cleveland State University. He is a Certified Information Systems Auditor (“CISA”) and was certified a Project Management Professional (“PMP”). He is also a member of ISACA, the American Society for Quality (“ASQ”), and the Project Management Institute (“PMI”). Dave resides in Cleveland, Ohio where is on the Board of Directors of the Western Reserve Historical Society.  

Related Posts

Cable Product Launch

Cable Launches Tool to Automate Transaction Testing

by Corporate Compliance Insights
November 30, 2023

Financial crime assurance platform Cable has launched a new product, Transaction Assurance, aimed at improving fincrime compliance and transaction testing....

businessperson going over cyber budget

Sagging Budgets Continue to Plague Cybersecurity Teams

by Staff and Wire Reports
November 30, 2023

Report: U.S. budgets grow by just 1%

map of gaza and israel

You’re Reading a Lot About Israel & Gaza. But Not Here.

by Jennifer L. Gaskin
November 29, 2023

Commentary about Israel and Gaza continues to draw swift rebukes — on all sides of the conflict. With corporate boycotts...

qantas planes on ground

How to Lose a Sterling Reputation in 3 Years: The Story of the ‘Lying Kangaroo’

by Calvin London
November 29, 2023

Once a beloved cultural icon, Qantas has a long journey back into the hearts of the Australian public

Next Post
FCPA Year in Review 2013, Part 3

FCPA Year in Review 2013, Part 3

Available SQ

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2023 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • GRC Connect U.S.
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe

© 2023 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT