Entity Management: IT Governance Best Practices

IT problems can come in all shapes and sizes. Perhaps you can’t find a saved email or an archived document. Perhaps your airline’s computer outages have caused massive delays. Or perhaps your credit agency has experienced a data breach, sharing your information with countless others across the globe.

Clearly, IT affects every aspect of business activity, whether you are a C-level executive, a small businessperson or a customer who just wants what was promised.

How can you help protect your company from the costs and complications of IT failure? How can you help ensure that your company has the IT resources it needs to meet the demands of today and to take advantage of the opportunities of the future?

These questions should be on the mind of anyone considering IT governance. Forming a solid, forward-looking IT governance strategy is essential for any organization hoping to succeed in today’s technology-dependent environment.

What Is IT Governance?

Simply put, IT governance is a formal framework that aligns IT processes and functions with business strategies and objectives. IT governance arises from the demands placed on organizations to efficiently and effectively handle their data. While, in the past, the benefit of successful IT governance may have simply been a competitive advantage, in recent years, regulations have made IT governance a necessity. IT governance now includes protocols related to data retention, the processing of confidential information, financial accountability and disaster recovery.

Steps Toward Implementing IT Governance

1) Take a multidisciplinary approach from the onset

Too often, the creation of an IT governance committee falls upon select members of the board, who write up a kind of wish list without understanding the present capabilities of the IT department. Conversely, it can also become the job of the IT department, who certainly know the IT capabilities, but who may not have a deeper understanding of the organization’s business strategies.

Rather than creating a situation rife with speculation and second-guessing, it is best to include members of the board, the legal team and the IT department early in the conversation about IT governance. This allows one side of the room to educate the other side and encourages everyone to solve common problems.

IT changes don’t just affect the IT department. They affect everyone across the organization. Therefore, including IT in the planning and strategy sessions allows the IT department to remain predictive rather than reactive, anticipating future needs rather than scrambling to meet present demands.

2) Adopt a Portfolio-Style Mindset for IT Investments

One forward-thinking approach to IT governance calls for conceptualizing IT assets and investments from a portfolio perspective, rather than looking at it on a project-to-project basis. This allows management to assess the risks and values of each investment and understand their relative worth.

Under this rubric, one can separate IT investments into three main bodies, according to their functions: Operations, Business Enablement and Innovation.

Operations Programs manage data center technologies that improve information systems and support services.

Business Enablement Programs are tools that work to enhance your business’s core processes, including any changes that may lower cost or improve profitability.

Innovation Programs are tools designed to encourage breakthroughs in competitive strategy or market dynamics.

Understanding IT investments as a portfolio, rather than a monolithic, expense helps IT executives communicate the value and effectiveness of each tool to the broader organization and explain its relevance to the overall success of the company.

3) Include Ways to Measure and Monitor IT Performance

Once your company begins to understand the value of the IT investments, it is necessary to be able to evaluate what is working and what is not. How effectively is IT delivering the required business services?  How do these performance benchmarks stack up against competitor performance and industry trends?

One way to obtain an accurate measure of your IT programs is to perform a Total Cost of Ownership (TCO) analysis. A TCO gives the overall, eagle-eye view of your IT functions, including costs and areas of possible improvement. This allows senior managers to understand which aspects are working best and which are in need of further investment.

Popular Third-Party IT Governance Frameworks

Unless you have an exceptionally gifted IT department and an exceptionally open-minded executive committee, it is perhaps best to use IT governance tools developed by third-party companies and used by thousands of other clients. Below are some brief attributes of some of the more popular IT Governance Frameworks.

  • COBIT: Produced by ISACA, COBIT offers a comprehensive framework of globally accepted practices, models and tools that focuses on auditing, risk management and mitigation.
  • ITIL: Formally known as Information Technology Infrastructure Library, ITIL zeroes in on IT service management and constantly updated service improvement.
  • COSO: Published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), this framework focuses less on IT and more on risk management and fraud deterrence.
  • CMMI: The Capability Maturity Model Integration (CMMI) method introduced by the Software Engineering Institute provides a method for gauging an organization’s performance, quality and profitability.
  • FAIR: The Factor Analysis of Information Risk is particularly structured to help an organization protect itself against operational risk and cyber-attack.

Considerations for Choosing an IT Governance Framework

With so many options available, choosing the appropriate framework for your organization may seem like a shot in the dark. All of them work toward the basic goal of IT governance –aligning IT functions with business needs – but some stress measurements and analytics, while others focus on risk and security.

The important things to keep in mind may be what you hope these frameworks will accomplish for your particular organization. Does your company need a new way of gauging performance? Is there an increased concern among your shareholders about cyber-attack?

Time spent taking the temperature of your company culture and assessing its needs will pay off in the form of valuable, across-the-board buy-in to new programs or protocols. If the users of the new framework understand that these changes offer a remedy to a problem they’ve identified, they are much more likely to adopt them easily.

It is also important to note that some of these frameworks can be used in tandem, so it is possible to gain the benefits of more than one simultaneously.

Need More Help With IT Governance?

Contact a Blueprint representative today. Blueprint would be happy to help you find the right solutions to your IT Governance issues and ensure your company greater success and security.