Many business executives, senior IT staff and even directors are confused about how IT decisions are made. Most business executives have a standard question – “what's the ROI (Return on Investment)?” The very next question shows the problem – IT is seen as a cost with benefits that will be realised over a period of time. More significant questions that business executives should be asking are:
Alignment of IT strategy to business strategy
Strategy is about positioning and owning a space within the overall corporate strategy. Organisations get stuck on the idea that IT is an enabler and it must be therefore support the business processes. Whilst this may be true for most organisations, it is those organisations that deem IT as a driver that develop sustainable competitive advantage. Whether an enabler or a driver IT strategy is chosen, the IT strategy must be aligned to organisational strategy and signed off by the accountable parties.
Various governance forums can be set up (or joined) to articulate, and track after progress of the strategy, such as project steering committees, architecture councils, risk committees, strategy committees, etc. More importantly, the terms of reference of these forums must outline the decision making criteria and the rights of the roles of the players. Accountability at this stage must be clear and relentless support must be given to the relevant stakeholders.
Guiding principles are important and help organisations to guide their decision making. The rationale and impact of the guiding principles not only helps with the decision making process but also helps with change management from a communications perspective. An example of a guiding principle on purchasing computers could be: the organisation will purchase Dell machines that fit into the technology roadmap.
The rationale of this principle decision means the purchasing from one vendor would leverage economies of scale and lower the total cost of ownership. Buying only one brand would mean that the support technicians will understand only the one technology set and cross skilling becomes easy, alleviating the problem of training in multiple brands. Developing supplier relationships is equally important as suppliers are likely to become partners rather than vendors, creating a win-win situation for both parties.
However, the implications of this principle could mean signing long-term contracts committing the organisation, and a limited product range.
At the most basic level understanding of IT architecture, it boils down to what standards our organisation adheres to from an infrastructure, information and application perspective. IT architecture from a governance perspective is about documenting how all the information and applications “talk” to each other in the most effective and efficient manner. The storage and retrieval mechanisms are equally important and require design principles and architectural artefacts.
Whilst technology implementations mitigate risk, they also bring new risks to the organisation. Proper risk schedules must be developed and plans to mitigate these risks must be monitored. Generally, IT mobilises its strategy through project methodologies and individual risk schedules are maintained. A consolidated risk schedule of the projects should be incorporated into the enterprise risk schedule.
Good IT governance also addresses the risk appetite of an organisation. A broad generalisation is that IT folk are like kids – they are adventurous, ambitious and want to try anything new –cool! Whilst the rest of the organisation is cautious and sometimes scared that data may be lost and technology may fail at the wrong time, a good balance must be found by understanding the risk profile of the projects.
Good IT governance dictates that benefits must be identified early in projects and strategies. These benefits must then be realised and tracked. I have seen all too often that business cases being developed as motivation for finances which are then shelved once the funds have been approved.
Good IT governance is about creating a learning organisation and culture of effective IT decision making.
SAICA has developed an IT Governance Toolkit called GovernIT that will assist organisations to assess themselves and improve their IT Governance.
Rakesh Beekum, ND CDP, MBA, is Chief Information Officer, SAICA.