Transcript Slide 1

IT Governance
John Kresovsky
Executive Partner
Executive Programs
Agenda
What is IT Governance
Governance Self Assessment
IT Governance Framework
What decisions need to be made (5 Domains)
How the decisions get made (Who makes the decisions)
What is the Communication Strategy
IT Governance Project Timeline – Suggested Approach
Case Study
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 2
Facts!
50% of new CIOs are coming from the “business”
Next generation of CIOs deemed ill-prepared for IT Leadership
Many CIOs are not prepared to be the CIO
36% of CIOs report to the CEO
46% of CIOs in well run organizations report to the CIO
CIOs often report service and efficiency metrics and not the business
value of IT
Average CIO is in position 4.4 years
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 3
The CIO needs to build a deep relationship to lead in
changing enterprise dynamics
Closer to the
CEO
Strategic
Transformation
Business Partner
Dynamics
Trusted Ally
Tactical
Improvement
Partnering
Transactional
Value generated by IT
At Risk
Operations
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 4
IT Budget Growth (%)
The World we live in!
30
Business Unit
IT Budget
Central IT Budget
Extended Business Partners
Business, Functional
Organizations
20
Central
IT Organizations
10
Distributed
IT Organizations
Extended IT Partners
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
- 70% of Productivity Gains as defined by the Bureau of Labor
Statistics is from Information Technology
- IT Governance Framework is aligned with business objectives &
organization structure
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 5
CIOs Must Replace 'More With Less' With 'Make a
Difference With What They Have'
CIOs will need to create "enterprise leverage" from agility,
information or innovation
Business demands are increasing
Executives expect CIOs to improve current and new capabilities
CIOs will need to evolve IT to meet these expectations
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 6
What is IT Governance
IT Governance formalizes:
•
•
•
•
What IT decisions are made
Who makes the decisions
How the decisions get made
Communications
IT Governance Framework is aligned with business objectives &
organization structure
Key Success Factors
- CEO & direct reports full buy-in
- Business participation (it’s all about Governing IT)
- Not an IT Project
- Formal change management
- Communicate, communicate, communicate
- Minimal “loop closing“ required to ensure compliance
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 7
Governance Self-Assessment
Ratings
Rate Your Organization: 1 (Never) to 5 (Always)
Guidelines and roles are clear for insourcing and outsourcing
A clearly articulated architecture blueprint is shared between IT and
the business
Governance mechanisms are in place to ensure input from key
internal customers
Priorities for key initiatives are shared throughout the company and
business has clear responsibility for benefits realization
IT principles are driven by business strategy and are broadly shared
throughout corporation
20 to 25
Gold Standard
15 to 19
Evolve
Less than 15
Start Over
IT Governance Case Study
2
2
4
4
1
13
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 8
IT Governance Framework
What decisions need to be made (5 Domains)
How the decisions get made (Who makes the decisions)
Who has decision rights and inputs (6 Styles)
What is the Communication Strategy
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 9
1: What Decisions Need To Be Made?
. . Clarify Five Major IT Decision Domains
IT Principles
High level statements about how IT is used in the business
IT Infrastructure
Strategies
Strategies for the base foundation of budgeted-for IT capability
(both technical and human), shared throughout the firm as
reliable services, and centrally coordinated (e.g., network, help
desk, shared data)
IT Architecture
An integrated set of technical choices to guide the organization in
satisfying business needs. The architecture is a set of policies
and rules that govern the use of IT and plot a migration path to
the way business will be done (includes data, technology, and
applications)
Business Application
Needs
Business applications to be acquired or built
IT Investment and
Prioritization
Decisions about how much and where to invest in IT including
project approvals and justification techniques
© 2002 MIT Sloan Center for Information Systems Research (CISR). This material is adapted from Weill & Woodham's work originally
published and copyrighted by the MIT Sloan CISR as Working Paper No. 326, "Don't Just Lead, Govern: Implementing Effective IT
Governance," April 2002, and is used by Gartner with permission.
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 10
Example of Guiding IT Principles (5-7)
1. IT will enable and provide strategic value to the business.
2. IT architecture & standards shall be governed at the enterprise level to
ensure integrity, planned evolution, and periodic refresh in light of new
technologies and business strategies.
3. Information is our business, so data is one of our most valuable assets.
It must be accessible, managed and protected accordingly.
4. IT will reuse before it buys and buy before it builds.
5. As new applications are developed, we will strive to create reusable
components and processes (in line with the architecture) to facilitate
business reuse where appropriate.
6. IT will strive to reduce complexity in the the technology environment.
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 11
IT Principles - 1
IT will enable and provide strategic value to the business.
 Rationale

IT Services and Solutions must meet business needs and help drive value.
 Implications










IT Governance Case Study
IT will be “students” of the business – to provide appropriate technical solutions and support, IT must
understand the business
IT will manage appropriately within established budget
IT will make provisions to ensure Business is an educated consumer of IT Products and Services
IT Application Leadership will engage with Business in business strategy, planning, and management
IT will partner with Business Unit leadership to support enterprise requirements and business solutions
Business processes need to be optimized to obtain full benefits of technological solutions
IT Business Relationship Managers will represent all facets of the IT function to the Business Units
IT will provide business “consulting” services (alternatives, pros, cons, recommendations) as a partner to
its business clients
IT will evaluate alternative technological and sourcing approaches to provide business solutions
IT must be “easy to do business with” - make IT easy to navigate for business colleagues
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 12
IT Principles - 2
IT architecture & standards shall be governed at the enterprise level to ensure
integrity, planned evolution, and, periodic refresh in light of new technologies and
business strategies.
 Rationale
 A satisfactory control environment is dependent on meeting enterprise architecture and standards with the
aim of reducing permutations of technology and enforcing change management.
 Research and development into new technologies is a costly investment. Sharing the cost among enterprise
activities may permit more technology exploration and further the exploitation of promising technologies.
Economies of scale can be realized by sharing architecture and standards as guidelines.
 Only through local unit compliance with enterprise architecture and standards will we achieve the required
integrity planned evolution and refresh of our technology base.
 Implications
 The creation of and adherence to standards are the joint responsibility of all IT organizations.
 We will strive for consistent and single standard IT processes including: change management, IT security
standards, disaster recovery, ID management, development methodology.
 Business specific architecture and IT architecture shall align with the Enterprise Architecture (EA). EA shall be
our architecture.
 Changes or modifications to the EA architecture will be governed at the greater enterprise-level.
 Enterprise views toward an architectural design or standard such as those effecting compliance and
regulatory needs (e.g., SOX, Privacy) must be considered when designing a technology solution.
 Only one IT project methodology shall exist.
 Continuing investment must be made to keep our infrastructure environment current.
 Infrastructure services are managed at an enterprise level.
• Business Owned Applications (BOAs) are any application not supported by IT. BOAs are
not encouraged and should be the exception. Any BOA must adhere to IT standards, e.g.,
security, project methodology.
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 13
IT Principles - 3
Information is our business, so data is one of our most valuable assets. It must be
accessible, managed and protected accordingly.
 Rationale



Frequently changing business Information dictates information must be easily accessible and
structured for the business .
Regulatory and customer requirements forces ING to manage and protect our data.
Loss of Data or a breach of our clients personal or financial data could result in significant damage to
the ING Brand and our Trust relationship with our customers.
 Implications




IT Governance Case Study
We need to continue to approach Information with an enterprise wide, consistent approach to ensure
that it is structured and managed to promote accessibility.
Security considerations must be taken into account in everything that we do. We will raise awareness
of Information Risk Management and IRM best practices within IT and the business organizations so
that all employees can contribute to a more secure environment.
Business management will serve as the owner for our business applications and data. This requires
active decision making and accountability.
IT will serve as the custodian for our applications and data. In this capacity, IT will provide structure,
processes, and expertise to ensure that we protect our information assets appropriately
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 14
IT Principles - 4
IT will reuse before it buys and buy before it builds.
 Rationale



Reduce IT resources required for implementation and overall support
Increases the delivery effectiveness and efficiency of IT
Lowers the IT enterprise cost structure
 Implications







IT Governance Case Study
IT will have a full understanding of business requirements to determine if reuse is possible & the degree to
which it is appropriate.
IT will play a major up-front role in creating and operating the process to promote what is re-usable; e.g.
components, services.
All software and hardware technology decisions must go through a defined process which applies to both
business and IT generated proposals.
Applies to use of all IT resources: applications, processes, people, and assets.
When selecting solutions, business and IT will check with peers to determine whether or not pre-existing or
leveragable solutions exist.
IT will set up environments that can be leveraged across the US and are easy to use. Adding new
environments is a business decision, but need to leverage existing production, testing & QA environments
as much as possible, to minimize expensive proliferation.
IT will measure reuse to ensure cost-effectiveness.
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 15
IT Principles - 5
As new applications are developed, we will strive to create reusable
components and processes (in line with the architecture) to facilitate
business reuse where appropriate.

Rationale





Implications



IT Governance Case Study
Reduces cost and time to market
Reduce complexity of operating environment
Reduce redundancies
Reduces cost of maintenance and ongoing costs, e.g. maintenance is done once with benefit
to multiple systems.
As new enterprise technology components or services are implemented, the first
implementation sets the standard taking into account other business needs.
First implementations may require additional funding if an enterprise solution may cost more
than local funding will cover. (Examples might include: commodity services, customer facing
business applications)
During MTP planning, IT and Business must account for projects/initiatives that require
“seed” money. A mechanism to share costs for enterprise projects will be required.
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 16
IT Principles - 6
IT will strive to reduce complexity in the technology environment.
 Rationale




Allows us to move more quickly.
Reduces support costs.
Reduced impact to existing business solutions.
Transitions focus from managing the existing complexity to implementing strategic business
solutions as complexity is reduced.
 Implications




IT Governance Case Study
We will have a target architecture and business system roadmaps which guide investment
decisions to make progress towards the target architecture.
We will utilize a life cycle approach to managing the technology environment, sunsetting older
technology as we implement new solutions.
With each investment decision, we will consider how we can reduce the variety of technology
infrastructure components.
Over time, we will decrease the number of vendors, products, and technology configurations in the
environment as cost justified.
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 17
2 . How Are The Decisions Formed, Enacted?
Governance Mechanisms
Objective
Executive committee
Take a holistic view
IT council of business, IT executives
Focus on driving value
IT leadership committee
Coordinate across the enterprise
Architecture committee
Identify strategic technologies
Business/IT relationship managers
Ensure feedback, good iteration
Process teams with IT members
Take a process view
Service-level agreements
Specify, measure IT services
Chargeback arrangements
Shape behavior, recoup costs
Source: Adapted from Weill and Woodham, 2002; M. Broadbent & P. Weill , Leading
Governance, Business and IT Processes, ITEP Findings, 1998
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 18
Who Makes the Decisions
Sample IT Governance Arrangements Matrix
Domain
Style
Overall
IT Infrastructure
IT
IT Principles
Strategies
Architecture
Input
Decision Input
Decision
Input Decision
Business
App Needs
IT Investment /
External
Prioritization Relationship
Input Decision Input
Decision Input
Decision
Senior
Mgmt. Team
CIO / Ent IT
*
BU Leaders
ITLC
Senior Mgmt.
CIO & ITLC
Input rights
Decision rights
* CIO has “Veto” rights
Senior Mgmt Team
Corporate office (CEO and Staff)
ITLC
CIO / Ent IT
CIO office and Enterprise IT
Senior Mgmt & ITLC
BU Leaders
Leaders from the Business Units
IT Leadership Council (includes App Head)
Combined Corp Office and
IT Leadership
© 2002 Gartner, Inc. and MIT Sloan Center for Information Systems Research (Weill) drawing on
the framework of Weill and Woodham, 2002.
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 19
IT Governance Mechanisms
Overall IT Principles
 Major Decisions Addressed
Overall
IT Principles
Domain
Style
Input
Decision
•
•
USFS Sr.
Mgt. Tm
CIO / Ent IT
BU Leaders
 Mechanism
•
•
•
ITLC
USFS Sr. Mgt.
CIO & ITLC
Ensure that IT Principles are aligned with business direction
and objectives
Determine when it is appropriate to revisit and/or revamp IT
Principles
•
Input Forum: ITLC meetings
Decision Forum: Senior Management Team staff meetings
Trigger: Organization Change, Change in Business
Objectives, Annual Review as part of planning process
Sponsor: COO / CIO
Input rights
Decision rights
Refer to Exception process for more information
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 20
IT Governance Mechanisms
IT Infrastructure Strategies
 Major Decisions Addressed
Domain
Style
IT Infrastructure
Strategies
Input
Decision
USFS Sr.
Mgt. Tm
CIO / Ent IT
•
•
•
•
•
•
•
Approve IT Infrastructure Principles & Planning
Decide who will be the provider(s) of infrastructure
Approve strategic infrastructure standards
Decide on new/expanded infrastructure capabilities
Approve changes to Service Levels (major)
Approve Enterprise Infrastructure Demand Management decisions
Approve cost recovery principles & strategies
BU Leaders
ITLC
USFS Sr. Mgt.
CIO & ITLC
Input rights
Decision rights
 Mechanism
•
•
•
•
Input Forum: ITLC meetings
Decision Forum: ITLC meetings & USFS Sr. Management meeting
– ITLC reaches consensus and brings decision forward to
USFS Sr. Management meeting
Trigger: As Needed
Sponsor: Head of Infrastructure
Refer to Exception process for more information
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 21
IT Governance Mechanisms
IT Architecture
 Major Decisions Addressed
IT
Architecture
Domain
Style
Input
•
•
Approve architectural strategies, standards, and solutions
Declare architectural strategies, standards, and solutions
Decision
USFS Sr.
Mgt. Tm
CIO / Ent IT
 Mechanism
•
•
BU Leaders
ITLC
•
•
Input Forum: ITLC meetings
Decision Forum: ITLC meetings & USFS Sr. Management meeting
– ITLC reaches consensus and brings decision forward to
USFS Sr. Management
Trigger: As Needed
Sponsor: Head of Architecture
USFS Sr. Mgt.
CIO & ITLC
Input rights
Decision rights
Refer to Exception process for more information
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 22
Case Study IT Governance Mechanisms
Business Application Needs
(Governed by each Business Unit / Function independently)
 Major Decisions Addressed *
Business
App Needs
Domain
Style
Input
•
•
Decision
Senior Mgmt.
Team
•
•
CIO / Ent IT
•
•
•
BU Leaders
*
ITLC
Senior Mgmt.
CIO & ITLC
Input rights
Decision rights
* CIO has “Veto” rights
Approve application strategy and direction
Determine appropriate application resource allocation; resolve
major resource conflicts
Propose significant application initiatives and projects
Approve and prioritize application initiatives and projects (within
parameters established by Prioritization process)
Sponsor major projects to the Prioritization process
Provide oversight for significant initiatives and projects
Approve business risk mitigation tactics and strategies (with app
impact)
 Mechanism
•
•
•
•
Input Forum: ITLC meetings or CIO staff meeting
Decision Forum: Regularly scheduled business unit leadership
meetings (one per Business Unit / Function)
Trigger: Regularly scheduled (no less than quarterly)
Sponsor: Application Head
Refer to Exception process for more information
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 23
IT Governance Mechanisms
IT Investment / Prioritization
 Major Decisions Addressed
Domain
Style
IT Investment /
Prioritization
Input
Decision
USFS Sr.
Mgt. Tm
•
•
•
 Mechanism
CIO / Ent IT
•
BU Leaders
•
•
•
ITLC
Allocate and release ING Strategic Funds
Prioritize strategic projects and initiatives
Approve strategic projects and initiatives for execution
Input Forum: CIO Staff meetings or business unit leadership
meetings
Decision Forum: Project Prioritization Meetings
Trigger: Regularly scheduled (Monthly)
Sponsor: Executive Sponsor of each strategic project or initiative
USFS Sr. Mgt.
CIO & ITLC
Input rights
Decision rights
Refer to Exception process for more information
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 24
IT Governance Mechanisms
External Relationships
 Major Decisions Addressed
Domain
Style
External
Relationships
Input
Decision
USFS Sr.
Mgt. Tm
CIO / Ent IT
BU Leaders
•
•
•
•
 Mechanism
•
•
ITLC
USFS Sr. Mgt.
CIO & ITLC
Determine scope of outsourcing
Approve selection and/or changes of strategic vendors
Provide oversight of strategic vendor relationships
Resolve executive-level relationship conflicts
•
•
Input Forum: ITLC meetings
Decision Forum: ITLC meetings & USFS Sr. Management meeting
– ITLC reaches consensus and brings decision forward to
USFS Sr. Management
Trigger: As Needed
Sponsor: Relevant ITLC member
Input rights
Decision rights
Refer to Exception process for more information
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 25
Exception Process
Exceptions to the IT Governance processes should be very rare and well-justified. In cases where an involved
party has significant issues or concerns regarding a decision reached via the IT Governance processes, the
following process should be followed:
 For Senior Management Team decisions
•
CEO makes final decision
 For Senior Management Team, CIO & ITLC decisions
•
•
•
Sr. Leader (or designee) approaches appropriate ITLC member with specific
circumstances
CIO & Sr. Leader formally approve exception
Escalate to CEO, if necessary
 For Business Unit Leaders decisions
•
•
•
Sr. Leader approaches Application Head with specific circumstances
CIO & Sr. Leader must formally approve exception
Escalate to CEO, if necessary
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 26
3. Communication Strategy
Purpose: Increase awareness of and compliance with governance
framework through “socialization” of process and content
Key Messages:
 What prompted this activity
 What’s changing/what’s not—principles / decision framework / operating
mechanisms currently in existence, further refinement/enhancements
 What are the benefits for the business?
 Clarification of IT decision-making process, efficiency, cost-saving, consistency of
practice/process.
Audiences:





Senior Business leaders (CEO’s direct reports)
IT Leaders (extended IT leaders team)
Business Relationship Managers (BRMs)
Business leaders
Business & IT colleagues
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 27
Case Communications Components
Executive (CEO leadership team meetings, COO leadership team
meetings) socialization presentations, discussions
Executive anouncement ‘Elevator speech’ (COO to CEO & CEO direct
reports)
Executive summary slide deck
BRM (business relationship manager) communication tools




Slide deck
Suggested talk track
Suggested email announcement
FAQs
Core team continued availability during above
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 28
Approach
Project Approach
Leverage strategic partner (Gartner) to help define Governance
framework
Establish / Confirm IT Governance Principles
Assess / Evaluate effectiveness of current IT Governance
mechanisms
Confirm / Revamp / Replace Governance processes as appropriate
Establish clear relationship between the various IT Governance
components
Validate IT Governance framework and processes with Business
Owners
Implement new IT Governance framework
 Roll out to all of IT & Business
 Thorough communications & PR campaign
Establish IT Governance oversight role to monitor processes,
effectiveness, and compliance
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 29
IT Governance Project Timeline
Milestones
Month 1
Month 2
Month 3
Project Planning & Approval
Governance Requirements
Identification / Review
Governance Assessment /
Design
Transition
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 30
Case Study
Case Study:
McKesson—Turning IT around to reap synergies
McKesson is America’s largest and oldest healthcare services company, ranking 16th on the Fortune 500. It is the leading pharmaceutical distributor in
North America and the leading healthcare IT company in the U.S.
“I perceive IT’s value through business results,” says John Hammergren, chairman and CEO. “No one ever brings me a proposal for IT, per se. They
bring an issue or opportunity, defined around the business, and IT is one of the pillars. We measure the outcome of our investments, going back
repeatedly, up to two years after implementation, to make sure that we get the value.
“The ah-ha moment came for me when I invited the technical people to the table with the business people. I could see firsthand that when I had the
technology and process experts embedded in the leadership team, we were getting better-crafted technology investments—and technology was seen as
a solution, not a cost.”
Making IT business-governed
CIO Randy Spratt has been at McKesson since 1986, but only became CIO in mid-2005. At that time, IT was not aligned with the business. “That’s
changed because we’ve refocused IT as a services business,” says Spratt, “away from the former role of trying to impose the same models on all the
business units. Some units were building their own IT to get what they needed.
“In 2002, John Hammergren began to bring the top BU leaders together to foster cross-BU synergies. As the synergies emerged, it became more
apparent that we were investing in duplicate systems, mostly in IT. That’s when IT began showing up at the CEO’s table. It was a shift from seeing IT as
an IT cost, to seeing IT as a component of business cost.”
To bring IT together, Spratt took three major steps. First, he introduced a business-run IT governance model. At the top, the operating executives sit
on a governance board that functions as a kind of operating committee. “I had to sponsor and support this idea,” says Hammergren, “and recruit the
presidents to serve. Without my influence, I’m not sure it would have gotten off the ground.
“The fabulous thing is that it’s changed the conversation from, ‘You’re killing me with these expenses’ to ‘What’s the value of this investment?’”
Second, Spratt benchmarked McKesson’s IT costs and then got the governance board to agree on allocation policy so that businesses could
see their costs and the drivers. “IT has gone from an opaque cost to an understood cost and value driver,” says Spratt. “The business is comfortable that
we’re measuring expense, quality, customer service—all the things you do to run a good business.”
who live in the business and work primarily with the divisional CIOs. “By doing this, we discovered that we were more organized around technology than
function,” he says. “We reorganized around ITIL plan-build-run functions.
“I’ve modeled IT after service businesses I’ve run. Services are hard to pin a value proposition on. You’re most successful when you move up the value
chain, from help desk to a level of intimacy about the account. You tailor your ability to offer services to the pain points of the business. The ideal state
for IT is at the top of the chain, where you are a consulting partner that’s integrated with the business.”
Based on interviews with, and material from, John Hammergren, chairman and CEO, and Randy Spratt, CIO, McKesson, December 2006.
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 31
IT Governance
John Kresovsky
Executive Partner
Executive Programs
IT Governance Case Study
Contenu en entier © 2005 Gartner, Inc. Tous droits réservés. | Page 32