Ensuring that value is realized from IT investments is an essential component of enterprise governance. IT governance in practice ensures that IT investments deliver the promised benefits against the strategy at an agreed risk exposure. It also concentrates on optimizing resources throughout the economic life cycle—including the initial investment and the resulting IT services and other IT assets.
Business executives of many client organizations review proposed business cases for technology projects and commonly ask questions like, “I see what I am being asked to pay, but what value I will get?”
On the other hand, IT executives react in turn with, “The business case I built was comprehensive and sensible, but the business executives did not see the value.”
This is a critical dilemma confronting enterprises today, and a common concern to ensure value realization in large-scale investments in technology. This involves both selecting which investments to make and managing the complex challenges involved in ensuring that these investments deliver enterprise value.
One of the single most important challenges to gaining value is a clear and common understanding of business strategy and objectives. There should be common strategic objectives for both business and technology. These objectives need to become part of the daily decision-making process and should be communicated to all relevant levels of the organization to prevent a delivery that falls short of expectations. This can be facilitated by having the business take ownership of technology investments to ensure consistency with business objectives or, at a minimum, work in concert with technology to ensure appropriate allocation.
Challenge: The Absence of a Structured Approach
In the absence of proper IT governance structure and practices, realization of value in IT investment becomes a challenge. IT without governance is reactive and unplanned, lacks appropriate priority, and prohibits the ability to acquire or develop the correct skill sets. For instance, without a structured process, all projects are number-one priorities. With budgets being flat or minimally increasing, it is difficult to know where to focus. Figure 1 reveals the IT governance premise.
Figure 1—IT Governance
Source: ISACA, COBIT 4.1, USA, 2007, based on figure 5.
IT governance processes enable the business to determine priorities and define investments, which allows IT to understand and manage IT-enabled business changes, ensuring value to the organization.
A successful approach can be developed leveraging guidance from the COBIT 5 framework with a focus on ensuring value from IT-enabled investments. This approach provides organizational leaders a clear way to define and consider IT investments at the early stages and to monitor and evaluate the potential success or failure of these investments at the later stage (figure 2).
Figure 2—IT Investment Management
Source: A. Jamil. Reprinted with permission.
Agree on Strategic Goals
Unless IT is aligned to the business needs, value cannot be realized. The business and IT alignment starts with the clear understanding and agreement on strategic goals. There should be processes in place to mediate between business and IT imperatives so priorities can be mutually agreed.
To direct and manage all IT services or resources in line with the business strategy and priorities, IT strategic planning is required. The IT strategic plan should clearly translate business requirements into service offerings. It is necessary to:
- Define strategies and tactics to deliver IT services in a transparent and effective manner.
- Provide a clear understanding of IT opportunities and limitations for key stakeholders.
- Assess current capability and resource requirements, and clarify the level of investment required.
Control IT Investments
IT investments should be controlled in line with the IT strategic plans. This can be done by managing the portfolio of IT investments, ensuring that the enterprise portfolio of IT-enabled investments contains programs that have solid business cases. A business case should document desired business outcomes, define stakeholders impacted, clarify how program objectives support achievement of the outcomes, articulate potential alternatives and risk, and provide the full scope of effort required to achieve the outcomes. Establishing fair, transparent, repeatable and comparable evaluation of business cases, including financial worth, the risk of not delivering a capability and the risk of not realizing the expected benefits, enables the efficient decision making and prioritization. It is necessary to:
- Categorize the portfolio by mandatory, sustaining and discretionary investments, as these categories differ in complexity and degree of freedom in allocating funds.
- Prioritize the allocation of IT resources to maximize IT’s contribution to optimizing the return on the enterprise’s portfolio of IT-enabled investments.
- Establish a process to engage stakeholders in effective and efficient IT investment decisions.
To manage the value of IT, processes must be established to monitor delivery of the programs and alert when deviations from plan, including cost, schedule or functionality, arise that might impact the expected outcomes of the programs. Where changes to other related projects impact the program, appropriate actions should be defined and taken, and the program business case should be updated.
Ensure Project Results
The value of IT investments cannot be ensured by selecting and controlling the portfolio of IT-enabled investments only. It is necessary to maintain the program of projects by identifying, evaluating, prioritizing, selecting and controlling the individual projects as well. Therefore, the following activities are required:
- Establish a framework to ensure that the projects support the program’s objectives by coordinating the activities and interdependencies of multiple projects, and resolving resource requirements and conflicts.
- Define a standard approach for managing projects, and ensure stakeholder participation in monitoring of project risk and progress.
- Establish a project governance structure that can include the roles, responsibilities and accountabilities of the program sponsor, project sponsors, steering committee, project office and project manager, and the mechanisms to ensure project risk management and value delivery to the business.
- Make sure all IT projects have sponsors with sufficient authority to own the execution of the project within the overall strategic program.
This approach reduces the risk of unexpected costs and project cancellations, improves communications to and involvement of business and end users, ensures the value and quality of project deliverables, and maximizes their contribution to IT-enabled investment programs.
For the business, the successful delivery of IT projects equates to the realization of promised benefits alone. The value for the business lies in the resultant IT services delivered and how they are effectively managed at levels that satisfy business requirements in alignment with the business strategy. To achieve that, it is necessary to:
- Establish a formalized process to manage services by identifying service requirements, agreeing on service levels and monitoring the achievement of service levels.
- Provide timely reports of accomplishment of service levels to stakeholders and enable alignment between IT services and the related business requirements.
- Regularly review service level agreements (SLAs) and dependencies with internal and external service providers to ensure they are effective and updated for any change in business requirements.
IT Performance Reporting
“Are we getting the benefits?” This is one of the most fundamental IT governance questions and is defined by the COBIT framework, which focuses on value delivery. The business and other relevant stakeholders need to understand the return on IT-enabled investments. Without measuring and reporting performance, the IT value proposition cannot be recognized.
A framework for measuring IT’s contribution to the business should be established, specifically in terms of the performance of the IT-enabled investment portfolio, investment programs, and delivery of the solutions and services of individual programs in support of business objectives. The process for systematic and timely reporting of performance results to the business and relevant stakeholders should be created and should include the status of achievement of planned objectives and mitigation of identified risk. The cause of any identified deviations should be analyzed and implementation of remedial actions ensured to address the underlying causes.
GEIT ensures benefit realization to the stakeholders by optimizing risk and resource utilization. This approach covers the economic life cycle of IT investment, provides immediate value to the stakeholders and is practical to the practitioners in the field.
The COBIT 5 framework and COBIT 5: Enabling Processes can be used to obtain additional references to this suggested approach.
Aamir Jamil, CISM, CGEIT
Is a specialist in IT governance and information security management. He is an IT governance consultant at the Information Technology Authority, Sultanate of Oman. He provides thought leadership on establishing IT governance ecosystems for sustainable e-government services. He can be reached at firstname.lastname@example.org.