Rajesh Bhatia, CISA, CGEIT, PMP, MDP
In most organizations, IT governance models are old and obsolete. They were implemented using a siloed mentality without using modern best practices. The end result is an inefficient, unproductive and reactive IT organization unable to meet the strategic demands of the business units. Hence, redesigning and modernizing governance models become necessary.
Social operating mechanisms (SOM) include any channel through which a dialog takes place, including forums, meetings, governance structures or emails. An effective governance model enables the organization’s SOM1 by aligning the different functions and business units of the organization and allowing them to work together in a cohesive, proactive, collaborative and productive manner. Only then will the resources, risk factors and performance be effectively managed to deliver better value to the customers and meet the strategic and tactical goals of the business units. This article discusses the benefits of using the framework of the five IT governance focus areas2 (strategic alignment, value delivery, risk management, resource management and performance measurement) to design governance models.3, 4
A difference between top-performing organizations and their competitors is the ability to generate large returns on IT investments.5 The difference can be traced to effective usage of IT governance to support business strategies. Effective IT governance consists of leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.6
The governance structures (decision-making structures such as committees, councils and senior management roles) act like the SOM7 of the organization, ensuring information flow, working relationships, transparency and cross-functional collaboration. Along with the processes and communication tools, they act like the social operating system8 of the organization, driving its culture and embedding it in the DNA of the organization by promoting proper accountability, desirable behaviors and cultural values.
Once the governance structures, processes and tools are deployed and institutionalized within the organization, silos and redundancies are eliminated. Accountabilities, roles and responsibilities are firmly established. The business units within the organization are better able to exchange information, align and collaborate efficiently. The organization becomes lean, mean and more efficient. This leads to effectiveness in the overall governance, performance and productivity of the organization.
The purpose of IT governance can be categorized by the five IT governance focus areas,9 which encompass the entire gamut of scope and issues that management needs to address in order to govern IT effectively:
In obsolete and ineffective governance models, the governance structures are not balanced, not set up properly and/or do not function properly. This leads to ineffective social operating mechanisms of the organization, resulting in a lack of communication, collaboration and dissemination of information flow.
Consequently, the different business units and functions of the organization do not share information effectively because they work and function in a siloed manner. A duplication of roles and responsibilities among the different functions and business units of the organization ensues and, as a result, leads to high operating costs and lower margins. In short, the organization functions in a reactive manner and is slow to respond to macro and microeconomic changes.
Thus, the major problems noted due to ineffective (or even the absence of) governance models are:10
It is important for the organization to become a lean, mean and well-oiled machine. Toward this end, redesigning or modernizing governance models is necessary.
The major task while redesigning governance models is to ensure ownership, accountability, communication, cross- functional collaboration, and alignment between the business and IT. Many times governance models are implemented, but miss the big picture by focusing on a few important requirements and missing the others.
The main components to address in the design of the governance models are:12
The objective of the governance models is to improve and standardize the components to achieve the business unit objectives. What is needed is a framework on which the components of the governance models can be built to ensure consideration of the entire gamut of requirements. The five IT governance focus areas (strategic alignment, value delivery, risk management, resource management and performance measurement) described earlier come into play since they describe the main perspectives and requirements that IT management needs to manage and govern effectively to create a balanced system.
Inability to address any of the five IT governance focus areas will lead to an unbalanced system and problems later on, as shown in the following examples:
Redesigning governance models by taking into consideration the five IT governance focus areas (strategic alignment, value delivery, risk management, resource management and performance measurement) leads to the following benefits:
The end result is that the organization has a balanced social operating system. Effective governance structures, alignment processes and communication approaches result in fluent collaboration, dissemination of information and removal of silos. Consequently, better decisions are made and the organization becomes proactive in dealing with the macro- and microeconomic changes. Thus, the organization becomes agile, healthy, lean and more productive.
The governance models in many organizations are old, obsolete and unbalanced. The result is a siloed organization in which the different business units do not work in a cohesive, collaborative and proactive manner due to limited and ineffective communications. Improving governance models requires a revamping of the governance structures, accountabilities, roles, responsibilities, alignment processes, communication approaches and metrics. A way to redesign and improve them is to consider the use of the five IT governance focus areas (strategic alignment, value delivery, risk management, resource management and performance measurement). Using the five IT governance focus areas ensures consideration of a holistic picture of the different problems and areas management needs to address. This leads to a balanced system that addresses the entire range of requirements. Due to better designed governance structures, roles and responsibilities, communication is improved and siloing of the different business units is removed. The result is a cohesive organization with effective social operating mechanisms.
1 Bossidy, Larry; Ram Charan; Execution: The Discipline of Getting Things Done; Crown Business, 20022 IT Governance Institute (ITGI), Board Briefing on IT Governance, 20033 This article is based on the experience of the author in redesigning IT governance models.4 The five IT governance focus areas are based on the thinking from the 2003 ITGI Board Briefing on IT Governance publication that has now been refined and improved in the 2012 COBIT 5 framework, which establishes five principles and seven enablers that underpin an effective governance approach to enterprise IT.5 Weill, Peter; Jeanne Ross; IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, HBS Press, 20046 Op cit, ITGI, 20037 Op cit, Bossidy8 Ibid.9 Op cit, ITGI, 200310 This is based on the experience of the author in redesigning IT governance models.11 IT Governance Institute (ITGI), Global Status Report on the Governance of Enterprise IT (GEIT), 201112 Op cit, Weill and Ross
Rajesh Bhatia, CISA, CGEIT, PMP, MDP, is the supply chain business process owner at Safeway Inc. in Pleasanton, California, USA. Previously, Bhatia worked as senior manager of strategic demand management at CSC, where he was involved in institutionalizing demand management processes, tools and metrics in the health care accounts.
Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
© 2013 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.