1.

Intro to IT Governance

IT has become crucial in the support, the

sustainability and the growth of the
business
The pervasive use of technology has
created a critical dependency on IT
This calls for a specific focus on IT
governance
Consists of the leadership and
organizational structures and processes
that ensure that the organizations IT
sustains and extends the organizations
strategy and objectives (Grembergen et
2
al., 2004)

What is IT Governance?

IT governance can be defined as

specifying decision rights and
accountability framework to encourage
desirable behavior in the use of IT (Weill
& Ross, 2004)

Other definitions
IT governance is the structures and
processes that ensure that IT supports
the organizations mission
) The purpose is to align IT with the
enterprise, maximize the benefits of IT,
use IT resources responsibly and
manage IT risks
1)

2) A structure of relationships and

processes to direct and control the
enterprise in order to achieve the
enterprises goals by adding value
while balancing risk vs. return over IT
and its processes

3) IT governance is the responsibility of

the board of directors and executive
management (integral part of
enterprise governance) and consists
of the leadership and organizational
structures and processes that ensure
that the organizations IT sustains
and extends the organizations
strategies and objectives
6

4) IT governance is the system by which

an organizations IT portfolio is
directed and controlled
) Describes
) A distribution of decision-making
rights & responsibilities among
different stakeholders, and
) The rules and procedures for making
and monitoring decisions on strategic
IT concerns (Peterson, 2004)

Extensive Definition (ITGI)

IT governance is a board or senior

management responsibility in relation to IT
to ensure that:
IT is aligned with the business strategy
IT and new technologies enable the
organization to do new things that were
never possible before
IT-related services and functionality are
delivered at the maximum economical value
or in the most efficient way
All risks related to IT are known and
managed and IT resources are secured.

Distinction between IT Management &

IT Government

IT management is focused on the internal

effective supply of IT services and
products, and management of present IT
operations
IT governance is much broader, and
concentrates on performing and
transforming IT to meet present and
future demands of the business (internal
focus) and the business customers
(external focus)
9

Fig-1-Distinction between
IT management and IT governance

10

The domain of IT management

focuses on the efficient and effective
supply of IT services and products,
and the management of IT operations
IT governance faces the dual demand
of
Contributing to present business
operations and performance, and
Transforming and positioning IT for
meeting future business challenges
ITG is both internally and externally
oriented
11

ITG encourages desirable behavior

in the use of IT

A desirable behavior is one that is consistent

with the organizations mission, strategy,
values, norms, and culture such as behavior
promoting entrepreneurship, sharing, and
reuse or relentless cost reduction
ITG is not about what specific decisions are
made (that is management)
Rather ITG is about systematically
determining who makes each type of decision
(a decision right), who has input to a decision
(an input right), and how these people (or
groups) are held accountable for their role 12

Good ITG draws on corporate governance

principles to manage and use IT to
achieve corporate performance goals
Effective ITG encourages and leverages
the ingenuity of all enterprise personnel
in using IT, while ensuring compliance
with the enterprises overall vision and
principles
So, good ITG can achieve a management
paradox: simultaneously empowering
and controlling (Weill, 2004)

13

All enterprises have ITG

The difference is that enterprises with
effective governance have actively
designed a set of ITG mechanisms
(committees, budgeting processes,
approvals, IT organizational structure
etc) that encourage behaviors
consistent with the organizations
mission, strategy, values, norms, and
culture
When the desirable behaviors
change, ITG also changes!
14

ITG cannot be considered in isolation

because it links to the governance of
other enterprise assets (such as financial,
human, intellectual property, etc)
Governance of the key assets, in turn,
links to corporate governance and
desirable behaviors
In the models of corporate governance,
one can organize the variables and
concepts used to describe the complexity
of corporate governance mechanisms
into two main categories: capital-related
and labor-related
15

The capital-related aspects contain

variables like ownership structure,
corporate voting, the identity of the
owners, and the role of institutional
owners.
The labor-related aspects refer
mainly to the stakeholding position of
labor in corporate governance
(employee involvement schemes,
participatory management, codetermination etc.
16

Corporate Governance

Became a dominant business topic in

the wake of the corporate scandals of
midyear 2002 Enron, Worldcom, and
Tyco
Interest in corporate governance is not
new, but the severity of the financial
impacts undermined the confidence of
institutional and individual investors,
and heightened concerns about the
ability and resolve of private
enterprises to protect their stakeholders
17

Contributed to the downward pressure on

stock prices worldwide
New US Govt. legislation required CEOs to
personally attest to the accuracy of their
firms accounts and report results more
quickly.
Corporate America increased the level of
self-regulation
Professional investors are prepared to pay
large premiums for investments in firms
with high governance standards
Firms best on corporate governance could
expect an increase of 12% in market value
18

Corporate governance is defined as providing

the structure for determining organizational
objectives and monitoring performance to
ensure that objectives are attained
[Organization for Economic Cooperation and
Development (OECD), 1999]
There is no single model of good corporate
governance, but in many countries corporate
governance is vested in a supervisory board
that is responsible for protecting the rights of
shareholders and other stakeholders
The board in turn, works with a senior
management team to implement governance
principles that ensure the effectiveness of
organizational processes

19

Framework for linking corporate and IT governance (Fig2)

20

The top of the framework depicts the boards

relationships.
The senior executive team, as the boards
agent, articulates strategies and desirable
behaviors to fulfill board mandates
Strategy is seen as a set of choices (targeted
customers, product & service offerings,
unique position targeted, core processes etc.)
Desirable behaviors embody the beliefs and
culture of the organization as defined and
enacted thro not only strategy but also
corporate value statements, mission
statements, business principles, rituals, and
21
structures

Desirable behaviors are different in enterprises.

Behaviors and not strategies create value
For instance, J&J relied on autonomous business
units (individual J&J operating companies) to
create shareholder value for nearly 100 years.
Later, J&J evolved to specify desirable behaviors
like lowering costs, creating mechanisms for
better understanding the unique needs of
individual customers.
Transferring employees across J&J companies to
help them identify with the corporation.

22

The lower half of the fig 2 identifies the 6

key assets thro which enterprises
accomplish their strategies and generate
business value
Senior executive teams create
mechanisms to govern the management
and use of each of these assets both
independently and together

23

Key assets include the following

Human assets: people, skills, career
paths, training, reporting, mentoring,
competencies
Financial assets: cash, investments,
liabilities, cash flow, receivables
Physical assets: buildings, plant,
equipment, maintenance, security,
utilization
IP assets: IP including products, services,
and process know-how formally
patented, copyrighted or embedded in
the enterprises people and systems
24

Information and IT assets: digitized

data, information, and knowledge
about customers, processes
performance, finances, Info systems
Relationship assets: relationships
within the enterprise as well as
relationships, brand, and reputation
with customers, suppliers, business
units, regulators, competitors,
channel partners

25

Governance of the key assets occurs via

organizational mechanisms (structures,
processes, committee, procedures, and
audits)
Some mechanisms are unique to an asset (IT
architecture committee)
Others cross and integrate multiple asset
types (the capital approval process) ensuring
synergies between key assets
Maturity across the governance of the assets
varies
Typically, financial and physical assets are
the best governed, and information assets
are among the worst
26

At the bottom of fig 2 are the mechanisms

used to govern each of the 6 key assets.
Enterprises with common mechanisms
across multiple assets perform better
If the same executive committee governs
both financial and IT assets, a firm can
achieve better integration and create
more value
Some mechanisms will always be unique
to each asset (audit committee for
financial asset and the IT architecture
committee for IT)
But, some common mechanisms lead to 27

Creating common governance

mechanisms across assets will not only
increase integration, but the resulting
smaller number of mechanisms will be
simpler to communicate and implement.
Education of the senior management
team about how governance mechanisms
combine to work for the enterprise, is an
essential and ongoing task for effective
governance
Many tangible benefits await better IT
governance (Weill & Ross)
28

Back to IT governance Insights

In governing IT we can learn from good

financial and corporate governance - CFO
doesnt sign every cheque
Instead, she sets up financial governance (who
can make what decisions and how)
She then oversees the enterprises portfolio of
investments and manages the required cash
flow and risk exposure
Tracks a series of financial metrics to manage
the enterprises financial assets, intervening
only if there are problems or unforeseen
opportunities
Exactly the same approach should be applied to
ITG
29

Desirable behavior and governance

IT governance: Specifying the decision
rights and accountability framework to
encourage desirable behavior in the use
of IT
Aims to capture the simplicity of ITG and
also its complexity
The senior management team designs the
IT decision rights and accountabilities to
encourage the enterprises desirable
behaviors
30

If desirable behavior involves

independent and entrepreneurial business
units, IT investment decisions will be
primarily with the business unit heads.
In contrast, if desirable behavior involves
an enterprise-wide view of the customer
with a single point of customer contact, a
more centralized IT investment
governance model works better.
More centralized models for HR (and
other key assets) would also assist in
achieving a single point of customer
31
contact.

Problems occur when there is a mismatch

between desirable behavior and governance.
Example a particular business unit wanted to
lead its financial services industry segment
with a new IT-enables service providing alerts
to important clients via their handheld devices
The business unit had to pay the entire cost of
the wireless infrastructure plus the application
development cost for the business process
But, other business units and product offerings
would probably use the same infrastructure
Thus the innovator was asked to bear all the
risk and other business units could then utilize
the infrastructure, if successful (irrational?)
32

Rational Solution was to introduce a

dividend system consistent with the firms
culture
For a potential multi-business unit
application for the infrastructure, the CEO
would fund some of the cost (20%) from
corporate funds
The innovating business unit would make
the remaining infrastructure investment
If other business units later utilized the
infrastructure, the innovating business
unit received a dividend of one-third its
cost from each business unit
33

This approach encouraged early adopters

and created infrastructure to foster future
innovation across the enterprise.
The new funding mechanism,
implemented via the executive
management, capital investment, and IT
architecture committees, carefully
balanced risk and reward, encouraging
rather than discouraging desirable
behavior

34

The example highlights two

complementary sides of governance
articulated by OECD
Behavioral side the way managers,
shareholders, employees, creditors, key
customers, and communities interact with
each other to form the strategy of the
company
Normative side the set of rules that
frame these relationships and private
behaviors, thus shaping corporate
strategy formation. These can be the
company law, securities regulation. But,

35

The behavioral side defines the formal

and informal relationships and assigns
decision rights to specific individuals or
groups
The normative side defines mechanisms
formalizing the relationships and
providing rules and operating procedures
to ensure that objectives are met
Enterprises often implement a dozen of or
more mechanisms to make IT decisions

36

Effective IT governance must address three

questions:

What decisions must be made to ensure

effective management and use of IT?

Who should make these decisions?

How will these decisions be made and

monitored?

There are numerous frameworks and

insights that can help management teams
address these questions

37