Maximizing Business Value Through Effective IT GovernanceImplementing a holistic IT governance model not only helps IT deliver business value but also advances confidence with business.

Executive SummaryBusiness is getting only more IT intensive, and IT is getting more complex. Some of the factors contributing to this increased complexity include: expansion of business processes and models requiring greater IT involvement, adoption of emerging technologies such as the SMAC StackTM (social-mobile-analytics-cloud) to drive business innovation, coordination with multiple business and technology partners across various geog-raphies and a greater focus on regulatory and audit compliance to meet industry and corporate standards.

Maximizing value from IT investments has always been an imperative for business. From our experience, more than 50% of today’s IT invest-ments are wasted or fail to deliver returns to the business. With the increase in complexity, the cost of IT failure has become all the more significant. For IT investments to deliver business value in today’s complex landscape, IT must:

• Be more tightly aligned with business objectives than ever before.

• Carefully control risks, both strategic and oper-ational.

• More effectively manage IT assets.

• Continuously improve IT performance.

Therefore, effective IT governance must be a top item in the CIO agenda in order to maximize IT’s contribution to business value.

Based on our experience with one of the largest U.S. insurers (see sidebar), the key benefits of implementing an IT governance model include:

• Strategic alignment, resulting in increased business partner satisfaction in the order of 15% to 20%.

• Enhanced value delivery, driven by improved project prioritization, leading to reduction of IT budget by 8% to 10%.

• Improved performance and resource manage-ment, lowering the total cost of IT ownership by 10% to 15%.

• Better quality of IT output, resulting in a reduction in IT control issues by 50%.

Our experience of working with Fortune 1000 clients suggests that CIOs need to focus on the following five key imperatives while implementing a successful IT governance model (see Figure 1):

1. Align IT governance with corporate governance and business objectives.

2. Define IT governance objectives1 around strate-gic alignment, value delivery, risk management, resource management and performance man-agement.

• Cognizant 20-20 Insights

cognizant 20-20 insights | may 2013

2

3. Establish holistic governance across disciplines spanning the entire IT value chain: IT strategy, architecture, project and portfolio, application lifecycle, infrastructure and data, vendor and sourcing, service lifecycle and modern SMAC technologies.

4. Identify the appropriate IT governance control practices2 to help achieve IT governance objectives.

5. Establish continuous tracking, monitoring and improvement of the IT governance model.

Subsequently, this paper details the five key imperatives for designing an IT governance model.

Designing an IT Governance Model The five key imperatives that underscore an effective IT governance model include:

Align IT Governance with Corporate Governance and Business Objectives

CIOs should focus on this to improve transpar-ency for corporate management, and to ensure business objectives are realized.

For example, aligning IT risk management with corporate risk management practices, and aligning IT security standards with corporate security policies, drive consistency and compliance across the organization. Similarly, IT governance aligned with business objectives, such as achieving greater return on investments and reducing business risks, helps deliver business benefits.

Define IT Governance Objectives Around Strategic Alignment, Value Delivery, Risk

Management, Resource Management and Performance Management

IT governance objectives should be defined along the following dimensions:

• Strategic alignment: Align IT strategy with business strategy, and ensure advancement of business priorities.

• Value delivery: Maximize value of IT invest-ments.

• Risk management: Identify and mitigate IT risks in a timely manner.

• Resource management: Ensure availability of appropriate IT resources to meet current as well as projected business demand.

Figure 1

Achieving Effective IT Governance

Corporate Governance

Business Strategies and Objectives

IT Governance

….

1

2

3

4

5Continuous Improvement

IT Governance Disciplines

IT Governance Objectives

Value Delivery

IT Governance Control Practices

Risk and Compliance Office

Information Security Office

Strategic Alignment

Risk Management

Resource Management

Performance Management

IT Strategy Governance

Architecture Governance

Project and Portfolio

Governance

Application Lifecycle

Governance

Infrastructure & Data

Governance

Vendor and Sourcing

Governance

Service Lifecycle

Governance

New Age Technology Governance

Governance Committee/Body

Governance Initiatives/Meetings

Documentation Controls/

Repositories

Approvals/Control Checks

Align IT governance with corporate governance and business objectives.

Define IT governance objectives around strategic alignment, value delivery, risk management, resource management and performance management.

Establish holistic governance across governance disci-plines spanning the entire IT value chain.

Identify the appropriate IT governance control practices to help achieve the IT governance objective.

Establish continuous tracking, monitoring and improvement of the IT governance model.

Co

nti

nu

ou

s Im

pro

vem

ent

Align StrategicallySet Direction

e

cognizant 20-20 insights

1

2

• Performance management: Monitor IT perfor-mance effectively.

In our experience, the above-mentioned objectives are relevant for all IT functions and disciplines.

Establish Holistic Governance Across Disci-plines Spanning the Entire IT Value Chain

The IT governance model should focus on estab-lishing oversight and control across all key IT governance disciplines. Figure 2 illustrates the

typical benefits and impacts we have seen when implementing IT governance for clients across various industry sectors.

Identify the Appropriate IT Governance Control Practices to Help Achieve

IT Governance Objectives

Based on our experience, in order to establish the right level of governance, organizations should define measurable IT governance control practices aligned with the IT governance

3cognizant 20-20 insights

Note: Indicated impacts are based on our experience with clients with a moderate level of organizational maturity.Figure 2

Eight Disciplines for Effective IT Governance

IT Governance Discipline Typical Benefits and Impacts

1 IT Strategy Governance:Ensure alignment of IT investments with business priorities, and tracking, monitoring and improvement of business-IT engage-ment.

•Strategic Alignment: 10% to 15% improvement based on en-hanced perception of value from IT.

•Value Delivery: Enhancement in overall value from IT through better management of IT investments.

2 Architecture Governance:Promote standardization in the applica-tion and technology portfolio and drive alignment of solution architecture to overall technology and reference architecture.

•Performance Management and Resource Management: 15% to 20% increase in level of architecture reuse.

•Risk Management: 5% to 10% fewer risks through reuse of time-tested architectural components.

3 Project & Portfolio Governance:Govern sequencing of the project portfolio to maximize operating efficiency, and en-able identification and mitigation of project portfolio risks.

•Strategic Alignment: 10% to 15% improvement based on enhanced value from the project portfolio.

•Performance Management and Resource Management: » 10% to 15% improvement in project quality through peer re-views, phase reviews and project review board governance.

» 15% to 20% improvement in on-budget delivery of projects.

4 Application Lifecycle Governance:Control key facets of introduction, manage-ment and sunsetting of applications.

•Performance Management and Resource Management: 10% to 15% cost avoidance through maintenance of an optimal ap-plication portfolio.

5 Infrastructure and Data Governance:Optimize technology infrastructure costs and establish controls over organizational information assets.

•Performance Management and Resource Management: Reduc-tion in overall infrastructure costs and data/information security costs through improved controls.

•Risk Management: 5% to 10% fewer risks through leverage of standardized infrastructure components.

6 Vendor and Sourcing Governance:Ensure services provided by vendors deliver adequate business value, and reduce the business risk associated with nonperforming vendors.

•Performance Management: Improvement in quality of vendor services through better measurement, tracking and driving uplift of vendor performance.

•Resource Management: 20% to 25% reduction in average vendor onboarding time and effort.

•Risk Management: 10% to 20% reduction in vendor-related risks.

7 Service Lifecycle Governance:Minimize or eliminate unauthorized changes into production environments, and maintain service and operational levels that promote business-IT alignment.

•Performance Management: 20% to 35% reduction in number of unauthorized changes in the production environment.

8 New Age Technology Governance:Improve IT operating efficiency by adopting new age technologies, and minimize any risks associated with the same.

•Performance Management and Resource Management: 20% to 25% improvement in operating efficiency post steady state.

34

cognizant 20-20 insights 4

objectives for each of the eight IT governance disciplines (see Figure 3). They include:

• Governance bodies/committees: Control body or committee to help mandate compliance with IT governance objectives (e.g., an architecture review board).

• Governance meetings and surveys: Formal meetings/established surveys to monitor and track compliance with IT governance objectives (e.g., business satisfaction survey).

• Documentation controls and repositories: Mandating documentation or storage in central

repositories for establishing IT governance controls (e.g., a vendor information repository).

• Approvals and control checks: Adequate approvals and process checks to ensure compliance with IT governance objectives (e.g., UAT signoff before production implementation).

Establish Continuous Tracking, Monitoring and Improvement

of the IT Governance Model

In order to derive maximum benefits from IT governance, organizations should treat it as an ongoing priority (i.e., ensure continuous improve-

Figure 3

Illustrative IT Governance Model

IT Governance Discipline

IT Governance Model

Strategic Alignment

Value Delivery

Risk Management

Resource Management

Performance Management

IT Strategy Governance

Periodic business partner review.

Investment prioritization committee.

Formal business case for funding.

Annual headcount planning.

Formal business case to measure project success.

Architecture Governance

Annual application portfolio planning and technology roadmap definition.

Promote architectural component reuse.

Architecture Review Board (project-wise review of the solution architecture).

Periodic technology roadmap refresh leading to application rationalization.

Total cost of ownership reporting.

Project and Portfolio

Governance

Project change control board to review and approve all changes.

Periodic portfolio sequencing.

Independent project risk review.

Weekly resource change control meetings.

Periodic project metrics tracking and reporting.

Application Lifecycle

Governance

Business requirements document reviewed and signed-off by customer.

Lifecycle tailoring criteria for various work effort types.

Project Review Board to approve phase exits.

Project team to support operations team during warranty support phase for all projects.

Peer review efficiency reporting.

Infrastructure and Data

Governance

Annual infrastructure planning.

Data quality management center of excellence.

Periodic capacity and availability reporting.

Capacity plans fed into the annual budget.

Tool-based infrastructure monitoring.

Vendor and Sourcing

Governance

Annual site visits for strategic vendors.

Semiannual vendor satisfaction survey.

Quarterly business review with strategic vendors.

Contracted staff policies and procedures.

Semiannual vendor performance reviews.

Service Lifecycle

Governance

Service Management Office to track and improve SLA adherence.

Incident resolution trend reporting.

Change Advisory Board authorization of production releases.

Periodic and planned baselines/checkpoints established for configuration items.

Measure and report customer satisfaction with service desk.

New Age Technology Governance

Independent cloud risk council.

Tool-based social media policy.

Mobility security audits.

Application-centric cloud resource accounting.

Big data performance analytics.

Governance Committee/Body

Governance Meeting/Survey

Documentation Control/Repository

Approvals/Control Checks

5

5cognizant 20-20 insights

ments in IT governance practices to adapt to changing business and IT environments). To ensure success of the implemented IT governance model, organizations should focus on continuous planning, monitoring and improvement of the IT governance model. In our experience, along with the CIO and senior IT leadership team, the IT audit and control team should drive continuous improvements to IT governance models with appropriate participation from IT area owners.

Looking AheadImplementing a successful IT governance model has never been easy. Typical challenges range from facilitating organizational change management for greater adoption, to developing

processes and infrastructure to support the governance model.

To realize benefits from implementing the IT governance model, the CIO and senior IT leadership team need to invest in instilling a deep-rooted IT governance culture through effective commu-nication, training sessions for continuous rein-forcement and appropriate incentives for better compliance. Additionally, CIOs should mandate IT functional owners to include IT governance as an integral element of their processes, and leverage governance controls in decision-making. Organizations also need to continuously invest in improving the IT governance model in response to ever-changing business and IT needs.

Quick Take Implementing Effective IT Governance for a Leading U.S. Insurer

ChallengeThe IT group of one of the largest U.S.-based insurers was faced with several governance issues such as suboptimal technology planning, inadequate return on IT investment, increase in the external audit issues, etc. The new CIO wanted to establish an effective IT governance model to alleviate the aforementioned IT risks/issues. Toward this objective, the CIO, along with the corporate team, engaged our business consulting team to leverage our expertise in setting up an effective IT governance model.

ModelOur business consulting team engaged with the client’s business and IT stakeholders to recom-mend an optimal IT governance model. It included:

• An IT governance framework that addressed various IT governance disciplines mentioned above.

> Governance practices which called for a dedicated business relationship manage-ment (BRM) function to conduct business partner reviews.

> A three-year technology roadmap to align IT capabilities with business priorities.

> A project prioritization committee to help prioritize IT investments.

> An architecture review board to provide ar-chitecture guidance.

> A project review board to govern project phase exits.

> A service management office to track and improve SLA adherence.

> An IT audit and control team to lead the implementation of IT governance practices and also drive continuous improvement.

BenefitsThe benefits achieved by implementing a best-in-class IT governance model included:

• Strategic alignment: Roughly a 15% to 20% increase in business partner satisfaction.

• Value delivery: Approximately 8% to 10% decrease in the IT budget through effective project prioritization, thereby increasing the overall value of IT investments.

• Performance management and resource management: About a 10% to 15% reduction in total cost of ownership through effective technology planning.

• Risk management: A 50% year-on-year reduction in IT control issues.

About CognizantCognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process out-sourcing services, dedicated to helping the world’s leading companies build stronger businesses. Headquartered in Teaneck, New Jersey (U.S.), Cognizant combines a passion for client satisfaction, technology innovation, deep industry and business process expertise, and a global, collaborative workforce that embodies the future of work. With over 50 delivery centers worldwide and approximately 156,700 employees as of December 31, 2012, Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world. Visit us online at www.cognizant.com or follow us on Twitter: Cognizant.

World Headquarters500 Frank W. Burr Blvd.Teaneck, NJ 07666 USAPhone: +1 201 801 0233Fax: +1 201 801 0243Toll Free: +1 888 937 3277Email: inquiry@cognizant.com

European Headquarters1 Kingdom StreetPaddington CentralLondon W2 6BDPhone: +44 (0) 20 7297 7600Fax: +44 (0) 20 7121 0102Email: infouk@cognizant.com

India Operations Headquarters#5/535, Old Mahabalipuram RoadOkkiyam Pettai, ThoraipakkamChennai, 600 096 IndiaPhone: +91 (0) 44 4209 6000Fax: +91 (0) 44 4209 6060Email: inquiryindia@cognizant.com

© Copyright 2013, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners.

Footnotes1 IT governance objectives are the stated governance purposes to be achieved for an IT process.

2 IT governance control practices are the actionable activities to achieve an IT governance objective.

Reference

• http://www.isaca.org/cobit/pages/default.aspx.

About the AuthorsPhilippe Dintrans is the Vice President and Practice Leader of Cognizant Business Consulting’s Strategic Services Group for North America. He has led numerous consulting engagements on business transfor-mation, IT transformation and change management for marquee clients at Cognizant. Philippe holds a master of science degree in engineering from the Massachusetts Institute of Technology (MIT) and an M.B.A. from INSEAD. He can be reached at Philippe.Dintrans@cognizant.com.

Amit Anand is a Director with Cognizant Business Consulting’s Strategic Services Practice. He has 12-plus years of experience in leading and managing large IT transformation and governance implementation initiatives for various clients. Amit holds a bachelor’s degree from IIT Delhi and an M.B.A. from the Indian School of Business, Hyderabad. He can be reached at Amit.Anand@cognizant.com.

Madhusudan Ponnuveetil is an Engagement Manager with Cognizant Business Consulting’s Strategic Services Practice. He has nine years of experience in leading IT performance and process improvement initiatives, IT governance framework definition and implementation and change management. Madhu holds an M.B.A. from Asian Institute of Management, Philippines, and a bachelor’s degree in engineering from MSRIT, India. He can be reached at Madhusudan.Ponnuveetil@cognizant.com.

Jayadevan Vijayakrishnan is a Senior Consultant with Cognizant Business Consulting’s Strategic Services Practice, with seven years of industry experience. His specific areas of expertise include IT performance and process improvements, IT organization and operating model redesign and IT strategy development. Jayadevan holds a bachelor’s degree in computer science engineering and an M.B.A. from the Indian Institute of Management, Bangalore. He can be reached at Jayadevan.Vijayakrishnan@cognizant.com.