Why CIOs must adopt IT governance

Chief information officers will face many challenges in 2003.

Among other things, they will need to improve returns on investment, increase service levels, and enhance security--all while maintaining flat budgets and head count. But just how are they supposed to meet these objectives while still living within imposed fiscal restrictions?

I submit that CIOs will need to fundamentally change how they run their information technology departments by adhering to a new approach summed up by the umbrella term "IT governance." You'll hear a lot about this over the next year, as companies look to improve their processes without the benefit of bigger budgets. Indeed, I believe IT governance is destined to become as important as any piece of infrastructure or any application--perhaps more so in the current environment, where CIOs must do more with less.

Thanks to enterprise applications, e-business and the buildup to the Year 2000 bug, IT organizations were in constant fire-fighting mode from 1995 through 2000. The emphasis was on speed of implementation--even when that meant cutting corners or compromising on quality. This resulted in problems such as missed project deadlines, cost overruns, unanticipated downtime and security lapses.

IT governance is meant to address and correct these bad habits. It's based on high-quality, well-defined and repeatable processes. At a more detailed level, governance outlines policies, highlights procedures, requires meticulous documentation, and establishes a plan for constant improvement.

There are several well-established IT governance models. The most popular is the IT Infrastructure Library (ITIL), which was formulated by the U.K. government's Central Computing and Telecommunications Agency (CCTA) and is now overseen by its Office of Government Commerce (OGC). ITIL has widespread support in Europe but is also gaining popularity in North America. It defines a set of best practices in 24 disciplines.

Another established IT governance framework is the Control Objectives for Information and related Technology (COBIT).

I submit that CIOs will need to fundamentally change how they run their information technology departments by adhering to a new approach summed up by the umbrella term "IT governance."

COBIT was created to align IT resources and processes with business objectives, quality standards, monetary controls, and security needs.

Many organizations have embraced ITIL and COBIT and have achieved measurable success. Procter & Gamble adopted the ITIL model in 1997, which it claims has helped the company save more than $500 million over four years. A study of the savings within Procter & Gamble's finance and accounting IT departments showed a 6 percent to 8 percent cut in operating costs and a reduction in technology staff of between 15 percent and 20 percent.

The government of Ontario also embraced ITIL. Ontario needed to improve service to its 25,000 users at 1,000 locations. By adopting ITIL, the government created a virtual service desk that not only improved response time and reduced trouble tickets but also decreased support costs by 40 percent.

COBIT has its share of success stories as well. The state of Kansas uses COBIT standards as part of its virtual government strategy, to keep costs low and to deliver consistent service to its customers and constituents. Dell Computer includes COBIT best practices as part of its Control Self Assessment (CSA) corporate policy, a set of auditing checks and balances that helps the company maintain its high quality.

Establishing IT governance
These impressive results from well-respected organizations are clear indicators that IT governance can pay off. But sometimes starting can be the toughest step to take.

Implementing the entire ITIL or COBIT model would be overwhelming for any IT shop. Instead, start with the biggest pain point. For example, if your IT organization is having trouble supporting a large distributed organization, do what Ontario did and execute the ITIL help desk processes. Work through the training, organizational changes and implementation challenges in one area as a learning experience, then move on to other problem areas. Remember to benchmark the current environment before you begin the IT governance effort, so you can measure progress over time.

IT governance is designed to improve efficiency and business responsiveness. It does involve some formal process changes that may introduce formality and friction into the organization. Senior executives must lead the transition by rallying the company and communicating that any short-term changes are an investment for long-term benefits for the entire organization. The CIO must get the troops behind the effort through compensation changes, in which IT bonuses would be based on overall metric improvements and budget reductions. Once IT governance standards are in place, experts say you can expect to see positive results in six months.

Once IT governance standards are in place, experts say you can expect to see positive results in six months.

ITIL best practice volumes cost only $90 to $150 each, and they're worthwhile for seeking out help with baselining, training and process creation. Hewlett-Packard has a long history of ITIL excellence, while IBM Global Services has also established an IT governance practice. Local specialists such as Pink Elephant in Canada and Treadstone71 in New England are also IT governance experts.

CIOs can't continue to try to maintain the status quo when they are on the hook to improve results while cutting staff and overall spending. IT governance standards such as ITIL and COBIT can help lower costs while improving service. Procter & Gamble, the State of Kansas, Dell and others have seen measurable improvements by establishing IT governance. That's why CIOs should start small and grow, get corporate and IT buy-in, and find service partners to start the governance process.