/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsBy Robert E. Stroud, CGEIT
Too often, companies tend to view IT governance implementation as a sprint.
They quickly add controls to comply with regulatory requirements, without taking
the necessary preparations and steps. Once that's been accomplished, they feel
their journey is complete. In fact, the opposite approach is much more
successful.
as a runner must prepare for a long race by utilizing proper training, so must
organizations engage in adequate preparation for this. One aspect of preparation
is identifying what issues may hinder the progress. This leads to a discussion
of several hurdles many organizations face when attempting to improve governance
over IT.
|
Direct Hit! |
|
Applies To: CIOs |
No 'agreed-upon' definition of IT governance
An organization embarking on an IT governance implementation program before
agreeing on a clear and widely accepted definition of what it means for the
company is like a runner taking off before the whistle blows-a false start. It
is only when an organization sets a defined scope for its specific IT governance
program that it is ready to begin.
governance as, 'the responsibility of the board of directors and executive
management. It is an integral part of enterprise governance and consists of the
leadership and organizational structures and processes that ensure that the
organization's IT sustains and extends the organization's strategies and
objectives.”ISACA states that five key domains must be considered for effective
IT governance: Strategic Alignment, Value Delivery,
Management, and Performance Management Within each of these domains, the
organization should develop clear policies, procedures and rules. Without these
important preparations, an organization runs the risk of simply adding controls
to address every possible risk-which often quashes innovation-or adding the
minimum number of controls, leaving the organization vulnerable. A clear
definition, scope and set of policies related to IT governance helps ensure that
IT governance plan is integrated with business strategy and everyone is on the
same page.
No governance ownership
The other way to ensure that everyone is running in the same direction is to
set the tone at the top. The second biggest IT governance hurdle occurs when
executive leadership and top management do not take responsibility for
governance and do not demonstrate accountability. If the company leaders are not
fully engaged, they certainly cannot expect the rest of the staff to be
committed to the journey. Governance should leverage the organization's vision,
mission, principles and values. Management must empower staff, but take the
ultimate responsibility for ensuring that processes are followed.
No measurement
A clear definition of governance and commitment from top management are
vital to a successful IT governance journey. However, without metrics,
monitoring and measurement, it's impossible to know whether the implementation
is effective, and where it needs improvement. An IT governance implementation
without those three things in place is like the marathon not having a set course
or mile markers. There is no way to evaluate progress or know when it's
necessary to turn around and head the other way.
/pcq/media/post_attachments/9b9afae9d1a80255d04e9fc73b0f42f52c1ef845bd5ac697ccf041d78c311d8e.jpg)
For effective measuring, organizations should consider creating a balanced
scorecards or dashboards to track the status of key performance indicators in
each IT governance domain. This will enable them to know when they're not doing
enough, or when they're doing too much.
No reliance on established good practices
When implementing a governance program, it is not necessary to reinvent the
wheel. Frameworks, best practices and case studies exist to help organizations
achieve maximum results without maximum work. ISACA, for example, offers the
COBIT framework free of charge from its web site (www.isaca.org/cobit). COBIT is
used globally for IT governance and assurance, and helps organizations evaluate
their IT governance maturity and choose the control processes and objectives
that are most relevant to their organizations. RACI (responsible, accountable,
consulted and informed) charts are provided to clearly indicate who should be
doing what. You can also find resources at www.itgi.org for free.
Both of these resources are based on the research and input of organizations
worldwide that have successfully implemented and are continually improving IT
governance.
About the Author
Robert E. Stroud, CGEIT, is international vice president of ISACA and the IT
Governance Institute. He is also vice president, service management strategy,
and service management and governance evangelist at CA Inc.
Related Articles
1. Compliance to Standards
2.