Friday, March 9, 2012

Drivers behind the need for IT Governance



In the previous post, we laid out a common sense definition of what IT governance is (i.e. - “the what”).  In this post, we will attempt to look at the drivers of IT Governance (or “the why”). The drivers outlined below have collectively contributed to the increasing importance of ITG in the C-suite and have also in one sense led to the framing of the scope of IT Governance needs as well.

Keep Business running:   Modern organizations and business rely heavily on IT. When IT systems become unavailable because of technical failure or other disruptions (e.g. power failure), the impact is usually significant. Even office workers cannot function if support systems (e.g. email, document processing, etc) fail. Similarly, a simple failure, such as a server’s storage capacity being exceeded, can bring an entire department to a standstill.  This level of reliance on IT systems necessitate that appropriate controls be in place to ensure service continuity.

Realizing business value:   There are numerous statistics on failed projects. Some suggest that as many as three out of four projects do not realize their expected benefits. There are many reasons for these failures including - poor definition and planning at the start, compounded by insufficient control during delivery.  Ensuring benefit realization on IT investments is a key area addressed by IT governance.

Rising costs of IT: Despite lower costs of IT hardware, the expenditure on IT as a proportion of the total business cost is increasing and considered by senior business executives as “black hole”. With the market forcing the business to run more efficiently, enterprises are increasing looking at IT costs to better understand them and regulate their allocation. Adopting a portfolio approach to IT spend, assets and investments (addressed in ITG) provides a lever for business executives to control the IT Spend.

Aligning IT with the business:  Business staff does not always take ownership of IT initiatives which leads to a situation where IT staff end up directing many such initiatives. Getting the business into the driver’s seat when it comes to picking the right projects to execute and following through to benefit realization is critical today, especially when IT spend is significant. Achieving this strategic alignment with the enterprise objectives is a key discipline in ITG.

Increased regulatory compliance: Over the past few decades there has been an increase in legislation affecting business and the use of IT. Some examples are the Sarbanes-Oxley Act, regulations around protection of personal data, and sector specific requirements for the healthcare, pharmaceutical and financial industries.  These regulations elevate the relevance of IT operations and controls to the purview of Enterprise Governance, and hence make it a part of the Leadership Agenda.

IT security affecting the business:  This area is often misunderstood by Senior Leadership because of the technical nature of the conversations. Frequently, this area is delegated to an expert. In reality, many weaknesses are not technical, but are instead caused by a lack of awareness of the issues between users and management. Specific control practices are required to address the complexities of security and to reduce damage to business because of risk exposure of security breaches.  This area is addressed within risk management discipline of ITG.

The drivers discussed above provide a flavor of the different dimensions of the role that IT plays in an enterprise. This necessitates that IT be governed as a critical asset by the leadership thereby providing the raison d’etre for IT Governance.


We would really like to hear from you on the relevance of IT Governance to your professional context. Please use the comment feature on this  blog 
to get back to us.