From: www.itworld.com

Getting Started With IT Governance

by Jason Cole

September 27, 2006 —

Everyone seems to be talking about IT Governance (ITG) these days, and they all seem to agree that it's good for you, like taking your vitamins or getting 30 minutes of exercise each day. We like the way it sounds, we'd vote for it, we'd even buy it if someone would just tell us what the heck it is.

Q: Is IT Governance a program to improve my IT operations?

A: Sure, sounds good.

Q: Is it improved audit compliance?

A: Why not? If it will allow you to tell the guys in the corner office that you're Sarbanes-Oxley compliant (whatever that means for an IT department), then I'm all for it.

Q: If I create a Project Management Office, then do I have ITG?

A: According to some CIOs, yes. But even the prettiest project methodology won't save your job if your maintenance budget balloons every year due to poor management of your daily operations.

Q: All right, what if we just download all of the best practice documents from ITIL and CobIT, e-mail them to everyone in the department, and tell them to implement whatever they read? Will we have ITG then?

A: It depends: Do you want to do anything else - like answer production support requests - in the next six months?

Q: Will I get ITG if I spend half of next year's budget on a software package that claims to offer ITG in a box?

A: Well, maybe. What do your IT operations look like now? Automating bad processes just helps you waste your time slightly more efficiently.

Q: OK, smart guy, then what is it? How do I get IT Governance, and do I even need it?

A: I'm glad you asked. The fact is, all of these ideas have some merit: they're just not the whole picture. ITG could be any of these things, depending upon where your organization stands today. Here's a general definition: IT Governance is a holistic, profit-driven approach to IT operations that encompasses organizational structure, decision-making processes, management controls, and automation to most effectively align IT efforts with the business of the company at large and manage IT like a business.

There. Perfectly clear, right?

Successful IT Governance requires effective portfolio, project, process, financial, resource, risk, and communication management. It requires the IT organization to switch its mentality from that of a cost center - "We're just here to keep the lights on" - to that of a profit center - "We're a strategic business partner, and you can't live without us." This shift also requires the IT organization to take on some of the entrepreneurial characteristics of an independent business: seeking profit opportunities, reorganizing itself to take advantage of them, and then selling them to the rest of the company.

IT organizations can no longer hide behind their support desks and hope that no one bothers them, nor can they afford to focus solely on the cost side of the balance sheet. In other words, they can't act like a monopoly utility company. If you haven't noticed it yet, allow me to be the first to tell you: you have competition. It's not enough to see if you can squeeze another 5-10% in efficiency gains out of your staff next year. You need to start thinking about making money, not just trying not to spend it. You need to start showing your business partners how you can help them meet their revenue goals and proving yourself to be a valuable business partner.

Q: Hey, remember those production support requests you mentioned earlier? They're piling up even as I read this. How am I supposed to act like an entrepreneur when I can't even keep the database from crashing once a week?

A: Baby steps, my overworked friend, baby steps…

Before you can figure out where you're going, you need to know where you are. This isn't a gentle, self-actualizing exercise in mindfulness, though; it's a cold, hard look at your organization in the bright, white light of day. You need to perform an organizational audit:

• Start with daily operations. How efficient are they? Do you have defined processes, and do they reflect reality? Does your staff have time to make improvements in your systems, or are they too busy putting out fires all day, every day?
• You need to be objective, so quantify your performance if you can. Do you have meaningful performance metrics in place, and do you check them? If you do, what do they tell you? If you don't, then choose two or three metrics per functional area and start gathering data.
• Now, how about those strategic projects? Are they, in fact, strategic, or do you just spend all of your time upgrading everything to the latest patch? Do you know why you're doing each project? Do your business partners know, and could they convince your CEO that these projects will help him get his bonus this year?
• Do your projects ever end? If they do, is it when you expected them to? Do you know what you would do to run those projects more effectively next time, and do you take your own advice?
• How about your systems: Do you know what value they bring to the company? Are any of them doing the same job as another system? Would anyone notice if you unplugged a few of them? What if someone tripped over the plug of one of the critical systems: Do you know how you would recover?
• How is your relationship with the rest of the company? Do they see you as a necessary evil or do they look to IT as a source of competitive advantage?
• Which areas of your business keep you up at night, either literally -- by paging you every hour -- or figuratively?

The point of this exercise is to identify the points of greatest pain for your organization, the points where improvements would have the maximum positive impact. You will probably end up finding more problems than you can reasonably fix right away, so start with the critical ones.

You may also be surprised by the severity of some of the problems that you find when you take the time to look. It usually turns out that the guy who's been complaining the loudest for the past two years isn't actually the top priority: He's just the loudest. You may also discover to your surprise that the daily operations are actually in decent shape, but that your ability to think strategically has atrophied over the years. In IT as in middle age, it's the silent problems that can kill you, so pay attention and find the real issues.

The areas where you could start fall into two camps: strategic and tactical. Some of the strategic areas include:

• Strategic and organizational alignment
• Project portfolio management
• Executive visibility and dashboards

The primary tactical areas are:

• Project/program management
• Application rationalization
• Demand management
• Resource management

Once you know where to start, don't launch a three-year, multi-million dollar effort to address all of the problems at once. Remember: change is hard, and huge change is next to impossible. Look more closely at your problem areas and use those new metrics that you just created to find some quick wins. If you fix one or two of those nagging problems, then your whole organization will be much more willing to accept the bigger changes that come next.

If this is a new way of thinking for you, then it is probably doubly so for your colleagues on the other side of the fence. You are going to need to sell the value of IT Governance to your business partners and convince them that you want to make their jobs easier. Work with them as a consultant, not as an auditor, because no one likes the guy who shows up with a thick binder and a disapproving look on his face. Show them that you want to help them, that you have tools at your disposal that will help them achieve their business goals, and that you're open to change. Prove to them that it's in their best interest to change with you. Then you'll have the opportunity to prove your worth on both sides of the balance sheet, and that's where you want to be.

IT Governance isn't a global panacea, there's no handbook that will tell you how to get it, and no one can tell you what form it will take for your organization. But if you are ready to examine the way that you do business, to seek opportunities where others see threats, to change the areas that need change the most, then you, too, can have IT Governance. And it will be good for you.

The ideas expressed in this article are solely those of the author and do not necessarily reflect the opinions of ITworld.com.

Ascend Consulting