“IT Governance”OC CIO Council
5/13/2010
Presented by: Carmella Cassetta
What is IT Governance?
“IT governance and associated issues have been reported as a top 10 CIO management problem area in the Gartner EXP annual CIO survey for at least the past five years”
• Gartner 29 March 2010 ID:G00175053
What is IT Governance?• There are narrower and broader definitions of IT
governance.
• Weill and Ross focus on "Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT.▫ IT Governance, P. Weill & J. Ross, Harvard Press
• The IT Governance Institute expands the definition to include foundational mechanisms: "… the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives." ▫ Wikipedia
What is IT Governance?• Gartner defines "IT governance" as the processes that
ensure the effective and efficient use of IT in enabling an organization to achieve its goals.
• In one Gartner model, ITG addresses two main sets of issues:▫ Demand governance is primarily a business management
responsibility but one in which the CIO plays a major role as a business executive. What should IT work on? Where should the organization's IT resources be invested to produce
the greatest return? How do we ensure that these returns are actually achieved?
▫ Supply governance is primarily a CIO responsibility. How should IT do what it does? What are the constraints, policies, rules and standards that IT
must comply with in delivering what the business needs?
• Gartner 29 March 2010 ID:G00175053
What is IT Governance?
Weill and Ross further elaborate that an effective IT Governance model must address three basic questions:
1.What decisions must be made to ensure effective management and use of IT?2.Who should make those decisions?3.How will those decisions be made and monitored?
IT Governance, P. Weill & J. Ross, Harvard Press
Typically, includes:
• IT Investment strategy▫ Capability matrix▫ Investment targets
• Processes to foster business & IT alignment and ensure allocation of resources to priorities
Project intake and approval process Priority management (Steering Committees) Enterprise portfolio management Engagement model Application Portfolio Management (What do we own? What do we use? )
• Architectural principals & Technology Roadmap▫ Business Application needs
• Processes and Controls▫ Change Management, Project Management, SDLC, Resource management
• Oversight▫ Benchmarks and Metrics/KPI’s & Reporting▫ Steering Committees
Key IT Governance Decisions
7
IT Principles DecisionsHigh-level statements about how IT is used in the business
IT architecture decisions IT infrastructure decisionsIT investment and
prioritizationOrganizing logic for data, applications, and infrastructure captured in a set of policies, relationships, and technical choices to achieve desired business and technical standardization and integration
Centrally coordinated, shared IT services that provide the foundation for the enterprise's IT capability
Decisions about how much and where to invest in IT, including project approvals and justification techniques
Business applications needsSpecifying the business need for purchased or internally developed IT applications
M.I.T. SLOAN CENTER FOR INFORMATION SYSTEMS RESEARCH
Theoretical Process Framework for Building Strategic Business Alignment
Vision
StrategicElements
Business ProcessArchitecture
Application & Information Architecture
Technology, Infrastructure& Organization Architecture
KeyCapabilities
Operationalizing the Business Strategy
IT StrategyIncluding MissionAnd Vision
What we aspire to
What will enable us to achieve the vision
What is required to achieve strategies
How work gets done
What IT must provide
How IT delivers
Business Strategy
Governance – Iterative Process
IT InitiativeIT Initiative RequestRequest
ApprovedApprovedPrioritized Prioritized InitiativeInitiative
Initiative PortfolioInitiative Portfolio
Strategic Business Strategic Business ObjectivesObjectives
GovernanceGovernance
Application PortfolioApplication Portfolio
IT InitiativeIT Initiative
ResourceResource ScheduleSchedule
ScopeScopeRiskRisk
Key Business Capability ModelKey Business Capability Model
Source: Gartner 29 March 2010 ID:G00175053
Governance Arrangements Matrix
IT Principles IT ArchitectureIT Infrastructure
Strategies
Business Application
Needs IT Investment
Business Monarchy
IT Monarchy
Feudal
Federal
Duopoly
Anarchy
Don't Know
Which Governance Archetypes Are Used for Different Types of Decisions?
Decision
Arche-Type
M.I.T. SLOAN CENTER FOR INFORMATION SYSTEMS RESEARCH
Often starts with investment guidelines and capability assessment…
•Enterprise Portfolio Management goes beyond cataloging and prioritizing projects with alignment to strategic business goals.
•Successful EPM includes the integration of enterprise architecture (assumes multi-layer views of business/process, applications, technology, data), resource planning, investment decisions, performance and execution management across the enterprise.
Key Capability RequirementsDetermine Our Business Capability Requirements to
Achieve Our Corporate Strategy. We can’t optimize every function. This helps define our investment strategy.
EXAMPLE
EPM FRAMEWORKS• Asset Class Portfolio (MIT or Weill Model) . Under Peter Weill’s portfolio model,
investments are placed in four categories with the percent of IT expenditures distributed across each class. ▫ Infrastructure. Investments that provide a shared and standardized base of capability
for the enterprise and lead to greater business flexibility and integration. Infrastructure investments are moderately risky because of their technologies' long life-spans and technical uncertainty.
▫ Transactional. IT initiatives that process and automate the basic transactions of a company. They are intended to reduce costs and boost productivity and boast an average internal rate of return of 25 percent to 40 percent. These investments have the least risk of the four classes.
▫ Informational. Systems that provide information for managing a company. Payoff comes from shorter time-to-market, superior quality and the ability to set premium prices. They are moderately risky because companies often have difficulty acting on information to generate business value.
▫ Strategic. These investments, almost always external-facing systems pay off in sales growth, competitive advantage and stronger market positioning. But they are the riskiest of the classes: 10 percent will produce spectacular results, but 50 percent will fail to break even.
• Investment proportions may differ based on cost-control, agility, or balanced.
• M.I.T. SLOAN CENTER FOR INFORMATION SYSTEMS RESEARCH
15
… And expands to include engagement & supporting processes
Technology Investment Governance Model
• All IT investments will be managed by the IT organization• Projects are defined as >160 resource hours or >$10,000 capital• Small Enhancements are defined as <160 resource hours or <$10,000
capital• IT investment is defined as procurement of any IT hardware, software,
consulting or service excluding standard, budgeted pc or server purchases completed by the Purchasing Dept.
• IT Steering Committee (ITSC) will govern the approval of IT investments & projects >$75,000.▫ The committee consists of CEO, CFO, COO, CIO & EVP Ops▫ The IT Steering Committee will evaluate for:
Applicability across divisions, consistency with strategic initiatives, ROI, projects value, timing and cost
• Projects $10,001-75,000 can be approved by the CFO, CIO and department head.
• Small enhancements (SE’s)▫ Business SE’s are approved by business steering committees▫ IT SE’s are approved by the CIO
• Scoping: Projects can be scopes (estimated) without prior approval from the ITSC but must be approved by the local steering committees
• The preferred solution options will be off the shelf, vendor supported packages with minimal customization
1
2
3
5
6
4
7
The Business submits an ITER to IT with VPapproval
IT Project Lead accesses ITER as Project or Small Enhancement
Steering Committee reviews, approves, prioritizes ITER ITER is approved as a Small
Enhancement (SE)
SE is prioritized and moved In Stream
ITER is approved as a Project for Scoping
Project is scoped and a *ROM is created
Project is re-scoped as a Small Enhancement (SE) and 2nd page of ITER is completed
EXAMPLE: IT Project Intake and Approval Flow “Phase 0”
See p. 4
ITER is put into the Pipeline
>160 hrs
<160 hrs
<160 hrs
19
8
9
10
11a
12
11b
14
13
ROM is approved by
CIO and Business VP
A *CER is created If project is capitalizable or requires external consulting, new hardware, and/or new software
> $50K < $50K
Business Steering Committee
ITSC
Approved projects are prioritized and moved In Stream
Project is Active
From p. 3
IT Project Intake and Approval Flow “Phase 0”
20
SRVP
IT Collaboration
High levelevaluation
Approval tomove forward
AFCECapital
Committee
IT CollaborationRequirements
AnalysisDesign
EXAMPLE: IT Project Process Flow
| 5 working days |
| 5 working days
| project plan| 5 working days | 5 working days
The determination is made whether or not North America wants to a) engage IT and b) invest its limited capital on this proposed project
The business secures conditional approval to move forward
The project receives final approval or is re-evaluated
0. Scoping 1. Elaboration 2. Architect & Design
3. Construct 4. Test 5. Deploy 6. Verify
Align project request with CCi Strategic Objectives
Provide clear vision for project goals & objectives
Obtains VP or above approval on ITER
Submit ITER to appropriate IT staff
Attend Steering Committee to represent project, as required
Open Work Order in Altiris with ITER attached
Add project to Leader Board with a Requested status
Complete high level estimate
Present ITER at Steering Committee for prioritization (present to ITSC if > $25K)
Update Leader Board status to Approved, Pending Recourses, or Scoping based on Steering Committee
Generate a ROM & CER (if required) for all approved projects
Develop initial RAID
Develop Project Charter with Business Owner
Phase Gate Approval
Publish artifacts to the project folder on SharePoint
Verify appropriate levels of planning & controls are applied
Participate in Project Kickoff
Ensure project resources are allocated & engaged
Facilitate approval of Project Charter
Develop Resource Plan
Present project at the next IT Resource Planning Meeting
Plan & facilitate Project Kickoff
Facilitate approval of Project Charter
Conduct Project Kickoff
Generate Business Requirements Document
Generate Project Schedule
Establish budget
Develop Risk Management Plan
Create Roles & Responsibilities Matrix
Phase Gate Approval
Update RAID
Update Leader Board & SharePoint
Participate as necessary to ensure work is produced & performed well
Provide resources for test planning and the development of training materials
Act as escalation point for issues
Set priorities
Evaluate technical solutions
Create technical blueprint
Perform Technical Walkthroughs
Generate Technical Design Specification
Generate Test Plan
Generate training plan
Phase Gate Approval
Update RAID
Update Leader Board & SharePoint
Verify project objectives & deliverables are met
Ensure smooth transition to Operations
Participate in Project Closure Activities
Provide support for 30 day warranty period
Solicit formal Project Acceptance from Business Owner
Document Lessons Learned
Conduct Project Evaluation
Ensure smooth transition to operations
Complete project recognitions
Complete Phase Gate Approval
Archive all relevant project artifacts on SharePoint
Close project in Leader Board
Develop, upgrade, and/or install product
Conduct code reviews
Unit test code
Create system documentation
Continue development of Test Plan
Continue development of training plan
Phase Gate Approval
Update RAID
Update Leader Board & SharePoint
Provide resources for User Acceptance Testing (UAT)
Act as escalation point for issues
Set priorities
Execute Test Plan
Track and remediate issues found during test
Obtain user approval for UAT
Prepare environments for deployment
Generate Support Plan
Phase Gate Approval
Update RAID
Update Leader Board & SharePoint
Execute Training Plan
Place system into production
Provide user support
Phase Gate Approval
Update RAID
Update Leader Board & SharePoint
Ensure resources are available to receive training
Provide the resources necessary to
Act as escalation point for issues
Set priorities
Bus
ines
s O
wne
rP
roje
ct T
eam
Project Management Framework and SDLC
22
Change Management Process Flow
1. The Business or IT initiates a project that requires a change to a CCi production environment
2. IT associate creates an online Production Migration Request
3. Testing is completed and approval signature is entered on the Production Migration Request form 4. The Business Owner
(director or above) enters approval signature on the Production Migration Request form
7. The CCB reviews each migration request for approval
8. IT Associate ensure migration is complete and updates status both on SharePoint and the Production Migration Request form
5. The IT Owner (director or above) enters approval signature on the Production Migration Request form
Approved
6. IT associate ensures form is complete and all signatures are in place by 12pm PDT on Monday
… and ARCHITECTURAL PRINCIPALS How we build our systems
• We will provide an efficient and effective IT platform that supports and enables the objectives of the business, at the best possible cost.
• Total Cost of Ownership (TCO) Perspective. ▫ Cost matters▫ Right sized solutions at an appropriate cost level ▫ Tiered solution options (low, med, high)
• Our approach▫ Build, buy, assemble and/or provision (SaaS/ASP):
Conduct analysis for all new applications, infrastructure or services. Approach selected is based on a build/buy/provisions selection matrix
▫ Reuse or extend what we have first (technologies, infrastructure & applications)
▫ Design for simplicity ▫ Adoption of package solutions with strict limits on acceptable customization.
Products will be off the shelf, vendor supported packages with minimal customization
• Our solutions will: ▫ Incorporate appropriate security▫ Adhere to published technology standards ▫ Include proactive monitoring & management ▫ Embrace open standards and non proprietary approaches/solutions▫ Incorporate appropriate levels of scalability & redundancy
• All inbound and outbound data exchanges will be via the IT Partner Gateway• Solutions must address both the US and Canada. 24
Guiding IT Architectural Principals
Guiding IT Architectural Principals
Build Buy SaaS Hybrid•Core competency of
the company
•Solution/functionality provides competitive advantage
•Technical expertise available
•Transactional and custom to the business (ordering, manufacturing)
•Functionality is available to purchase (COTS)
•Vendor packages provide necessary capability
•Time to market is key
•Solution type: •Payroll•GL/Finance•HR•Operating systems•Email•Security tools•Analytical/Reporting•Productivity Tools•Collaboration Tools•Non – transaction
(ie Altiris)•WAN/LAN•LMS•Student Admin.
• Time to market• Non critical• Data is not
sensitive or private
• Need to segregate from internal operations (eg student email)
• Limited internal expertise
• High volume
• Cannot easily be supported by internal infrastructure
• Outsourcing opportunity
• Competitive advantage can be accomplished with tight integration to package solutions or back office systems:
•E-commerce•Portals•ERP•Websites• intranets
25
Oversight and Metrics
• Oversight ▫ Steering Committees that
approve and prioritize IT investment
▫ Ensure alignment ▫ Ensure appropriate
resources and roles/responsibilities
▫ Escalation and issue resolution
▫ Visibility
• Metrics and KPIs▫ Project Delivery▫ Resource Allocation▫ ROI measurements▫ Throughput
• Availability and SLA’s
27
FY10 Project Metrics FY10 Q3 YTD
0
2
4
6
8
10
12
14
16
18
Finance Campus Ops
IT HR Marketing Online Real Estate Operations Purchasing
6 57
14 3 3
1
6
21
2
3
5
62
51
1
Completed Projects, Small Enhancements, and Quick Wins by Function
Project Small Enhancement Quick Win
BusinessStrategy
Business Initiatives
IT Initiative Request
Portfolio AssessmentCriteria
Application Lifecycle
Phase
Investment Decision
Update Application/Initiative Portfolio
RepeatProcess
Project Reporting
•Executive Committee•Plan•Prioritize
•Project Life-cycle Cost•Return on Investment•Payback Period
•Invest•Reduce/Maintain•Retire•Replace
•Align with Business Objective•Business Case•Benefit Value versus Risk
•Value•Efficiency•Cost•Risk
•Profitable Growth•Best-in-class Op-ex/working capital•Customer Loyalty•Attract//retain best-in-class assoc Re-architecture Plan
Technical Standards
GOVERNANCE – ITERATIVE PROCESS
Top Related