IT GOVERNANCE - How are the decisions managed?

how are decision managed picture.JPG

We’ve been discussing IT Governance over the last few weeks.  We will cover managing decisions today before we wrap up the IT Governance topic next week.  

As we go into the final stretch of this conversation I am going to recap the objectives behind IT Governance to assure it is well understood.  I find planning IT Governance to be the fun part.  It is much harder to execute and monitor it.  A firm foundation of understanding the objective is necessary to adoption of the practice and realizing the true value.

Again - IT Governance is a framework that insures information technology decisions are aligned with the business goals and objectives.  It is very similar to corporate governance goals of ensuring that key decisions are consistent with corporate vision, values, and strategy.  Both are driven by the need for transparency of enterprise risks and the protection of shareholder value.  The overall objective of IT Governance is to understand the issues and the strategic importance if IT, so that the Company can compete now and in the future as well as to assure decisions made support company policy and the right to operate.   Hence IT governance exists within corporations to ensure IT initiatives and the performance of IT meets the following the following corporate objectives:

  • Strategic Alignment – Link IT & Business Goals
  • Value Delivery – Optimize the Cost & Value of IT Services
  • Resource Management – Optimize Resource Investment
  • Risk Management – Understand the Enterprise’s Appetite for Risk
  • Performance Management – Track & Monitor Achievements

Now that I’ve emphasis the WHY IT GOVERNANCE IS IMPORTANT let’s move on to discuss how we manage the decisions.

Simply put there are three general categories of IT Governance decision management mechanisms - the decision making itself; the process assignment; and the communication approaches.  Typical techniques used to manage within these mechanisms include: 

  • Business IT Relationship Managers
  • IT leadership committee composed of the IT executives
  • IT Councils composed of business and IT executives
  • Senior business leadership committees (of which the CIO should be a standing member)
  • Capital approval committee (led by a senior business executive and comprised of senior business leadership including the CIO)
  • Architecture committee

Managing the alignment of the decision to the overall corporate strategy and objectives may utilize the following techniques:

  • Tracking of IT projects and resources consumed
  • Formalized Service level agreements (SLA) or objectives (SLO)
  • Formal project management lifecycle that includes tracking of business value of IT and decisions made
  • Chargeback or cost tracking arrangements

Approaches to communicating may include:

  • Office of CIO or Office of IT Governance
  • Address failures in the process early on
  • Communicate adoption through announcements from Senior Management
  • Create, manage and monitor web-based portals and intranets articulating IT programs and progress

All companies and especially publically held (or for those aspiring to issue an IPO) companies should look to develop a Governance System Framework within IT.  A recommendation for this framework would best be based on the latest CobIT v5 (Control Objectives for IT) governance model with supporting ITIL v3  (IT Infrastructure Library) system management operating practices.  

COBIT 5 is a globally accepted  framework for providing a business view of the governance of IT. Most often SOX audits are based on its controls.  You can learn more about CobIT 5 at: 

ITIL is the most widely accepted approach to IT service management.  It provides a cohesive set of best practices drawn from a global community of IT leadership. To learn more about ITIL 3 visit:

Neither of these frameworks were meant to stand alone (at least in my opinion).   CobIT provides the framework of policy, process, procedures and metrics that give direction to ITIL systems management framework for driving IT Operations, I like to think of CobIT as the WHY and the WHAT you must do and ITIL as the HOW you will manage IT.  Perhaps in a future conversation we will discuss these frameworks further.

In addition the TOGAF 9 (The Open Group Architecture Framework) framework provides an industry approach for designing, planning, implementing and governing enterprise information architecture decisions. TOGAG is a high level and holistic approach to design, which is model at four levels: Business, Application, Data and Technology.   It provides a common set of tools and language for developing and managing architecture.  So that I don’t go too far into an area that I am not well versed, let me direct you to a better source of information:  . 

In my research I found an awesome white paper that describes the supporting relationship between ITIL and TOGAF.

With this we will pause today's IT Governance conversation  with a memory of Steve Jobs

"People think focus means saying yes to the thing you’ve got to focus on. But that’s not what it means at all. It means saying no to the hundred other good ideas that there are. You have to pick carefully.” 

Think about it!  

We will pick up our conversation next time with "How are these decisions monitored?",  In the meantime, please reach out with clarifying questions or thoughts on the topic to date. 

Conversations sponsored by – an IT management consulting practice targeting CIO’s challenge of leading and delivering business solutions with a focus on effective people, process, and technology management.