IT GOVERNANCE - How are decisions monitored?

path 3.jpg

We wrap up our IT Governance conversations today with a discussion on monitoring decisions made. 

Why is it so important to monitor decisions made?  Monitoring plays a key role in by enabling transparency of decision actions, progress, and outcome as well as informs lessons learned for continual improvement of decision making.   

Notice I did not use Governance in that last sentence.  There is a trend towards eliminating Governance from our management vocabulary. There are some people who claim Governance is passé.  Personally I find that these people also don’t feel then need to manage their own career or plan for retirement.  Without it – success is an accident. 

I am the first to admit it overused and misused at time.  At the same time decision are made, thus they need to be managed and monitored.

Okay, now that I got that off of my chest – what is monitoring IT Governance all about…

Think about this - business leaders are accountable for making decisions required to support the corporate objectives.  In pursuit of building the capability required to meet the objectives they are delegated the authority to make and approve design decisions.  Along with the design decisions the business leader is authorized to approve the funding needed to support within their designated delegation of authority.   

Without monitoring the organization would be blinded to the quality of the actions and return of the investments made. It would be akin to building and mortgaging a home without bank approval, without an architected plan, without quality inspections and without a bank appraisal.   Does that resonate? 

In the IT space various techniques have proven useful in monitoring IT decisions made.  More important these practices are fundamental to running IT as a business.

IT Portfolio Management

Portfolio Management ensures that technology projects complement overall business strategy and value. IT utilizes a project prioritization methodology that reflects the enterprise’s strategic goals and monitors changing circumstances throughout the portfolio lifecycle.

The fundamental objective of the IT Portfolio Management process is to determine the optimal mix and sequencing of proposed projects to best achieve the organization's overall goals - typically expressed in terms of hard economic measures, business strategy goals, or technical strategy goals - while honoring constraints imposed by management or external real-world factors (such as disasters, funding, and resources).

Typical attributes of projects being analyzed in a portfolio management process include each project's total expected cost, consumption of scarce resources (human or otherwise) expected timeline and schedule of investment, expected nature, magnitude and timing of benefits to be realized, and relationship or inter-dependencies with other projects in the portfolio.

IT Balanced Scorecard

The IT Balanced Scorecard is a methodology for assessing the state of an IT Department. This could be a conversation on itself. 

The IT balanced scorecard was developed in the early 90’s by Kaplan and Norton as a set of measures that would give management a view into the business.  The Information Systems Audit and Control Association gives a great history and explanation of its value on their site:

Simply put  - it reports on four key perspectives – The customer, internal processes, employee learning and growth, and financials. In my opinion it is one of the most impactful maturing process an IT organization can take to articulate the value IT provides to the organization.

IT Project Management

Project managers (PM) need to report project status weekly on a Red/Yellow/Green scale across multiple categories, including: Delivery, Resources, Budget, Technical, and Overall.  Written updates on costs, key milestones, ongoing issues, and next-step action items are also included.

Project information should be kept up to date on a weekly basis in whatever systems the company deems appropriate.  I am agnostic to what is chosen as long as the process allows the PM to track schedules, actual work performed, budgets, spend, forecasts, issues, risks, and project changes.  Each week, the PM evaluates the information in the tracking system to ensure that it is accurate and provide an assessment of the overall project performance using this suggested rating scale:

  • Green – Project is performing within expected thresholds
  • Yellow – Project is at risk for missing delivery expectations
  • Red – Project will miss delivery expectations

Here I ask you all for your thoughts and recommendations for implementing these or other methodologies for monitoring decisions made. 

While you are thinking about that I want to outline additional policy, processes and organizations that contribute to the success of the IT practice:  

  • The IT Policy is a formal management policy that governs corporate practice with respect to the authority of the Chief Information Officer (CIO).  The policy sets out the principles under which ALL services relating to electronic information and technologies (Information Technology Services, or ‘IT’) are provided in the company.  It should outline the authority and the responsibility of the CIO clearly. This is a key policy needs to be sponsored by the CEO or highest leader of the organization on behalf of the CIO and IT.  It is the policy that all IT, Accounting, Sourcing, and Legal policies should link back to.   The power of this policy is applied to internally and externally hosted systems and should outline the guidance and ramifications of obtaining IT services outside of the central IT decision making process. For example – if a department decides to take advantage of a software-as-a-service offering without engaging IT technically there is nothing IT can do to stop it.  The question one must ask - who is accountable if there is a breach of privacy. Who is the steward and accountable for the contractual and financial liability? Let’s talk if you want to learn more about it.
  • The Information Security Policy establishes mandatory requirements that assure the confidentiality, integrity and availability of electronic information and the systems which store and process that information.
  • The Portfolio Management Process facilitates development of enterprise portfolio prioritization, recommendation and portfolio approvals.  It is designed to ensure timely processing of approvals for all projects and initiatives while ensuring alignment with IT principles and the business strategies and goals of the company.
  • The Project Management Process, which utilizes the IT Project Delivery Methodology (IS PDM) provides ongoing governance of approved projects.
  • Change Management is the process of scheduling, coordinating and monitoring all changes to an information system resource.  Its’ objectives are to assess, prioritize and authorize all changes, and to ensure that changes are made with minimum disruption to the system availability.
  • The Capital Expenditure Request (CER) Process outlines the steps for the procurement of all capital assets and how to get funding.
  • An IT Solution Design and Delivery practice is responsible for the design and delivery of IS systems acquisition, development, deployment, and maintenance activities.  IT develops and delivers a variety of systems and applications ranging from stand-alone systems to server-based systems, commercial-off-the-shelf (COTS) to custom-developed software.  It also manages external and contractual partnerships for vendor-hosted solutions and managed service agreements.
  • The Architecture Review Board (ARB) is a governing body that provides a technical review and reporting for all IS projects.  Call it anything you want but hopefully you can see the value.
  • Audits and Risk Assessments are integral parts of both corporate and IT governance. The CIO will work with the head of Internal Audit department and the IT leadership to ensure that the benefits of audit and risk assessment activities are maximized and institutionalized.
  • Office of General Council, Finance, and Sourcing and Procurement are integral parts of the IT governance process and will be involved in all major procurement decisions. The focus of sourcing is to leverage the buying power of the company and to leverage assets across the organization while assuring financial and contract obligations are understood and managed.

I've given you a great deal to consider today and across all of the IT Governance conversations. Let me help by adding a simple thought as you contemplate how to best apply all that I have shared.

The role of IT and the potential value IT brings to the company is ever increasing. Competition is driving the need for innovation at the same time shrinking profit margins call demand scrutiny of every dollar invested.  The role of IT governance is critical to both – are we investing in the right systems that will enable the right capability at the right cost?

This ends our series on IT Governance.  Stay tuned to next week’s conversation where I just might surprise you with a less intense conversation. 

Until next time – enjoy life!

Conversations sponsored by – an IT management consulting practice targeting CIO’s challenge of leading and delivering business solutions with a focus on effective people, process, and technology management