it governance overview

uGovernIT™, Inc. Confiden2al ©

Subbu Murthy

IT Governance


Information technology governance is a subset discipline of corporate governance focused on information technology (IT) systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives, for instance Sarbanes-Oxley in the USA and Basel II in Europe, but more so because of the need for greater accountability for decision-making around the use of IT in the best interest of all stakeholders.

Wikipedia

uGovernIT™, Inc. Confiden2al © 3

The scope of IT Governance includes all technology components (IT infrastructure, telecommunications, software applications) and resources (IT personnel, user-IT teams) necessary to effectively develop and manage technology initiatives and resources within the Enterprise. The principal objective of the governance process is to enable the Enterprise achieve its business objectives.

A CIO View


The Big IT Challenge

4

Customers (users) always have issues/changes that require IT technical resources.

Business changes, technology changes, regulatory changes and new ideas constantly create new project requests.

Budget challenges, backlogged work requests and the need to incessantly innovate make resource alloca2ons challenging.


Three Certain7es In Life

5

We know the first two certain2es, the third is known to every IT professional! Marke2ng

HR

Opera2ons

Internal IT Projects

Finance

There is always more work than available $

Compliance


Goal of IT Governance

6

Verifying that I.T. dollars are spent on the right projects, and just as importantly, at the right 2me


CIOs are faced with 3 Concurrent Ac7vity Streams

7

Business As Usual

Innovate Op7mize

“Keep it running”

“Increase Revenues” “Do More With Less”

Changes to opera2ons/problems are managed via service requests

These are typically your strategic ini7a7ves implemented to get the best value

These projects are typically improvements that drive efficiency to the way business operates


How do BIG CIOs cope with this?

8

Customer Support

Technical Services

Project Management

Asset Management

Resource Management

Budge2ng & Planning System

They spend Mega $ on

tools and staff: not just one-‐

2me costs but high recurring

expenses

Tools for managing customer support,

services, projects and a separate tool for Integra2ng Data

& Building Analy2cs

PMOs to manage projects, support staff to analyze performance and generate reports


These solu7ons are not prac7cal for the innova7ve SMB CIOs

9

•  The tools are expensive to acquire and expensive to maintain 1

•  The tools and the associated Governance processes are complex and onerous 2

•  The tools need custom integra2on to get the whole picture 3

•  The tools are complex and need the services of specialized staff 4


SMB IT Governance From a Change Agent Perspec7ve


Who manages IT for SMBs?

11

<$500K < $3M $3M+

10 to 500 employees

100 to 5000 employees

S M

I.T. Director CIO CFO COO

IT Expenditures

Who manages IT?


On-‐Demand CIO Services are gaining Trac7on

12

There is a large pool of experienced CIOs who area ready to bring their expertise to help SMBs

Retainer models ensure that there is a fixed cost but CIOs understand the workload fluctuations typical of SMB needs

Strategy and developing the IT Blueprint for a SMB, and managing it does not require a full-‐time CIO

Costs are typically a fourth of the cost of captive full-‐time CIO


On-‐Demand CIO/CTO Services Model

13


SMB IT Governance From a Process Perspec7ve


The Keep IT Simple Approach

15

SERVIC

E

REQUESTS

PROJE

CT

REQUESTS

RESOURCE

MANAGEM

ENT

How do I?

I have a problem

I need something

Review & Approval Process

Problem Management

Service Management

Service Fulfillment

Change Management

New Project Request

Task Management

Project Management

IT Steering Commijee

New Project Request

Project Implementa2on & Delivery Process

PMO User-‐IT Governance

IT Steering Commijee

Asset Management

Resource Management

Budget Management

Analy2cs & Dashboards Resource

Management

Asset Acquisi2on

Asset Alloca2on

Asset U2liza2on

Asset Disposi2on

Asset Catalog

Asset Management

Budget Review

Budget Approval

Budget Alloca2on

Variance Tracking

Es2mate Budget

Budget Management


IT Governance Framework (1)

16

Efficiency Effec2veness Transforma2onal

Design, develop and deliver IT Services

Con2nuously evolve services to meet user needs

Develop and meet SLAs to improve performance

Design, develop and deliver technology ini2a2ves

Triage and sequence projects to meet business needs

Con2nuously evolve capabili2es to deliver innova2on

Align resource priori2es to business needs Plan and budget with focus on effec2ve resource u2liza2on

Con2nuously evolve to innovate and add business value

Maturity Level

Technology Management

User Benefit

Business Benefit


Another Maturity Framework (2)

17

Reduces Risk Increases Efficiency

Increases Revenues

I

R E

M

Laggards

Trailblazers

Thrims

Leaders

IT is focused on gaining a compe22ve edge. IT Investments are focused on revenue enhancements while minimizing risk.

Efficiency may sacrificed leading to higher budgets than necessary.

IT is focused on just maintaining systems and reducing exposure. Typically IT is limited to back-‐office opera2ons.

User projects do not get priority. IT is rarely used to build a compe22ve edge.

IT is mature and provides the enterprise compe22ve advantage and opera2onal efficiencies.

Smaller projects which can produce high value can get lost in the priority shuffle. IT is innova2ve but could add more risk.

IT is focused on saving costs by enabling the enterprise to be efficient.

IT tends to innovate less and could lead to obsolescence. IT is rarely used to build a compe22ve edge.


SMB IT Governance From a Tool Perspec7ve


Tool Perspec7ve: Need for an Integrated Solu7on

19

A complete solution that is fully integrated and costs a lot less

Out of the box, it should have the features, content and reports CIOs need

It should be based on best practices such as ITIL and other standards but must be simple to use and practical

It must be flexible and configurable to meet the needs today and grow to meet the needs tomorrow


Governance Architecture

20

Configurator

Workflow Processor

Content Manager

Analy7cs

This component helps configure the Governance to enterprise specific needs.

Pre-‐built Work flows can be configured and adapted to enterprise business process.

Pre-‐built policies, procedures, rules, service levels can be customized to meet enterprise specific requirements.

Analy2cs can help managers and execu2ves measure and manage resource u2liza2on, efficiency and effec2veness.


Mar Apr May Jun Jul Aug

Service Requests (past 6 months)

4 3 2 1

Open Service Requests 233

121 168

Low Medium

High

Open Request Types 145 329

38

Issues Services Changes

Closed (past month) 160 229

18

Issues Services Changes

Project Status 23

14 8

On Track Minor Issues Major Issues

Pending Review Pending Approval

New Project Requests

Pending Start

7 4 3

Task Lists 45

19 7

Open New

Closed

Project Costs (past 6 months)

21

Resource Management 93

54 179

Employees Consultants

Vendors

Project A Project B

Top 3 Resource Centric Projects

Project C

25 14 13

Resource Hours 385

619 Infrastructure

Resource U2liza2on

19% 34% 29% 18%

Infra-‐ Apps Projects Other Structure Support

Apps Support Projects Other

548 368

Budget Management $2463K $2445K $18K

Budget Actuals

Variance

Selected Budget Costs

IT Costs (past 6 months)

Costs (current month) $400K $522K

Infrastructure Apps Support

Projects Other

$748K $468K

PC Purchases Consultant Costs Somware Maintenance

$120K $85K $55K

CIO View

uGovernIT™, Inc. Confiden2al © uGovernIT™, Inc. Confiden2al © uGovernIT™, Inc. Confiden2al © uGovernIT™, Inc. Confiden2al ©

Tool should provide integrated dashboards


Services Lens Project

Lens

Ops Lens

Tool should provide three lenses


Priority 1 Priority 2 Priority 3

Priority 2 Priority 3 Defer

Priority 3 Priority 3 Defer

High

Med

ium

Low

Low Medium High

Project Cost

Busine

ss Value

Project ABC

Project AVG

Project BI

Project PMM

Project XYZ

Tool should provide assessment frameworks


Information Systems Audit and Control Association (ISACA) is a set of guidelines and supporting toolset for IT Governance that is accepted worldwide. It’s used by auditors and companies as a way to integrate technology to implement controls and meet specific business objectives.

Control Objec7ves for Informa7on & related Technology (CoBIT)

ITIL from the government of the United Kingdom offers eight sets of management procedures in eight books: service delivery, service support, service management, infrastructure management, software asset management, business perspective, security management and application management. ITIL is a good fit for organizations concerned about operations.

The Informa7on Technology Infrastructure Library (ITIL)


This model for evaluating internal controls is from the Committee of Sponsoring Organizations of the Treadway Commission. It includes guidelines on many functions, including human resource management, inbound and outbound logistics, external resources, information technology, risk, legal affairs, the enterprise, marketing and sales, operations, all financial functions, procurement and reporting. This is a more business-general framework that is less IT-specific than the others.

Commihee of Sponsoring Organiza7ons (COSO)

The Capability Maturity Model Integration method, created by a group from government, industry and Carnegie-Mellon’s Software Engineering Institute, is a process improvement approach that contains 22 process areas. It is divided into appraisal, evaluation and structure. CMMI is particularly well-suited to organizations that need help with application development, lifecycle issues and improving the delivery of products throughout the lifecycle.

Capability Maturity Model Integra7on (CMMI)

it governance overview

Documents

governance

business

resources

services

projects

conden2al

expensive

complex