1. © 2009 IBM Corporation Applying IT Governance to Enterprise Initiatives : ISACA Bangalore Shrikant Patil – Senior Advisory Consultant, Strategy & Change 09 January 2009

2. © 2009 IBM Corporation2 Learning Objectives  Understand Basic IT Governance Concepts  Review Relevant Organizational Constructs and Best Practice Frameworks  Discuss Critical Role of IT Governance in Enterprise Initiatives ISACA Bangalore : Applying IT Governance to Enterprise Initiatives

3. © 2009 IBM Corporation3 Agenda IT Governance Concepts IT Organization Design Principles Applying IT Governance Case Studies Q&A

4. © 2009 IBM Corporation4 Governance Definition  “Governance is process of decision making in the exercise of authority for direction and control” - G.E.P. Shailer  Implies that –Board knows the strategic direction of the company –Board is responsible for relevant actions and decisions –Board holds ultimate authority over the affairs of the organization –Board is should include oversight and control as part of governance

5. © 2009 IBM Corporation5 Components of Enterprise Governance Doing the right things ? Doing the right way ?

6. © 2009 IBM Corporation6 IT Governance Definitions  It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.  IT governance is the responsibility of the board of directors and executive management  Relationship Mechanisms (within business units) play catalytic role in implementation of Governance Source : IT Governance Institute The distribution of IT decision-making rights and responsibilities among enterprise stakeholders, and the procedures and mechanisms for making and monitoring strategic decisions regarding IT — Source: Luftman and Brier, 1999; Sambamurthy and Zmud, 2000; Weill, 2004 CISR MIT Sloan

7. © 2009 IBM Corporation7 What needs to be addressed within IT Governance? According to COBIT there are five IT governance focus areas that executive management needs to address to govern IT within their enterprises:  Strategic alignment  Value delivery  Risk management  Resource management  Performance measurement Source : IT Governance Institute

8. © 2009 IBM Corporation8 IT Governance is embedded within Enterprise Governance  Internal Environment –Value Statements : Core beliefs and philosophies that shape the organization’s vision and mission –Guiding Principles : Durable statements that encapsulates the role IT will play and how decisions will be driven in both business and IT organizations  Entrustment Framework –Accountability / authority framework across the organisation –Designated decision authorities : individuals or bodies –Organization constructs & functional interrelationships  Decision Model & Framework –Clear (transparent) assignment of decisions rights –Sequence of actions and decision path in decision processes Source:Many faces of IT Governance by Nick Robinson CISA, ISACA Journal Volume 1 2007

9. © 2009 IBM Corporation9 3 Key Questions for IT Governance 1.What decisions must be made ? 2.Who should take these decisions ? 3.How these decisions are made and monitored ?

10. © 2009 IBM Corporation10 MIT CISR Arrangement Matrix  The Governance Arrangements Matrix is used to describe, analyze and communicate an organization’s IT governance  The framework uses a set of political governance archetypes for five principle decision domains  The matrix also identifies the set of mechanisms used to implement the governance arrangements (eg. committees, approval processes, relationships and organizational structures) Five Key IT Decisions IT PrinciplesHigh level statements about how IT is used in the business IT Infrastructure Strategies Strategies for the base foundation of budgeted-for-IT capability (both technical and human), shared throughout the firm as reliable services and centrally coordinated IT ArchitectureAn integrated set of technical choices to guide the organization in satisfying business needs Business Application Needs Business applications to be acquired or built. IT Investment and Prioritization Decisions about how much and where to invest to IT including project approvals and justification techniques IT Governance Archetypes Business Monarchy “C” level executives as a group or individuals IT MonarchyIndividuals or groups of IT executives. FeudalBusiness unit leaders, Key Process owners, or their delegates IT DuopolyIT executives and one other group FederalShared by “C” level executives and one other business group AnarchyEach individual user Source: MIT CISR

11. © 2009 IBM Corporation11 Governance and Alignment…”Six IT Decisions Your IT People Shouldn’t Make,” HBR – Ross and Weill 1.How much should we spend on IT? 2.Which business processes should receive IT dollars? 3.Which IT capabilities need to be companywide? 4.How good do our IT services really need to be? 5.What security and privacy risks will we accept? 6.Whom do we blame if an IT initiative fails?

12. © 2009 IBM Corporation12 For each organization type there are different possible IT decision making mechanisms („archetypes“). Federal IT Business MonarchyIT MonarchyFederalIT Duopoly Different archetypes of IT decision rights* Source: IT Governance, P. Weill, Jeanne W. Ross, Harvard Business School Press, 2004 Coordinated decision making including all business units. IT may be involved. Bilateral agreements between IT and business units. IT makes IT decisions.Business executives make IT decisions.

13. © 2009 IBM Corporation13 Allocation of IT Decision Making Authority across Business & IT Functions Source: Weill & Boradbent 1998

14. © 2009 IBM Corporation14 In most organizations the decision rights are implemented differently, depending on the different IT domains. Source: based on MIT Sloan, Center for Information Systems Research (CISR) IT Domains Good Practice 1 Federal IT Monarchy Federal Business Monarchy IT Strategy Application architecture System architecture Specialized architecture IT investments IT risk management Often, each IT domain has its own mechanisms to make decisions

15. © 2009 IBM Corporation15 IT Governance Models Source: Peterson 2000

16. © 2009 IBM Corporation16 Summary : To set direction and make it stick across the organization IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives. — Source: The IT Governance Institute Term used to describe how those persons entrusted with governance of an entity will consider IT in their supervision, monitoring, control and direction. How IT is applied within the entity will have an immense impact on whether the entity will attain its vision, mission or strategic goals — Source: Prof. Robert S. Roussey, University of Southern California A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes. — Source: Cobit Executive Summary

17. © 2009 IBM Corporation17 IT Governance Drivers IT Principles & Policies Performance Management Value Management Accountability Framework Processes & Decision Models Strategic Alignment, Risk and Resource Management Guiding Principles Standards and procedures Organizational structures & functional interrelationships Individuals or bodies.e.g. committees, boards, empowered to make IT decisions Sequence of activities and decision paths In line with the number and type of decision Demand mgmt : ensure alignment / manage portfolio and investments Supply management : provisioning and supply of products and services Outcome focused – Is IT Function meeting the objectives? Process focused – Are the IT processes operating effectively Delivery of business value from IT investments

18. © 2009 IBM Corporation18 Program Management Office (PMO) types  Temporary PMO –For achieving specific business benefits –Decision of formation of PMO is taken based on size of the program (most economical for min 30 associates) –Largely Administrative –PMO disbanded post program retirement –E.g. ERP Rollout Program Office  Permanent PMO –For continuous organizational improvement –Decision is based on the criticality of the objectives –Establishes the best practice framework and rolls out across the organization –E.g. Corporate Program Office, Chairman ’ s Program Office, Office of the CIO (OCIO)

19. © 2009 IBM Corporation19 The Office of the CIO (OCIO)  OCIO is Permanent type of PMO  5 % of 2000 CIOs participating in Gartner’s Executive Program (EXP) have OCIO  OCIO acts as the mouth piece of centralized IT  Provides transparency of IT to business  Extremely important step towards Business – IT Alignment  Mostly popular in Governments & large distributed organizations  The US Departments of Commerce and Agricultural leverage the OCIO –Standardization of IT roles and responsibility execution –Processes application development to help desk support are developed and standardized –This consistency supports stronger and more accurate reporting Strategy planning, lessons learned and financial IT performance are formally reviewed quarterly which is facilitated by the office of the CIO — Zack Hicks, corporate manager at Toyota's office of the CIO Torrance, California

20. © 2009 IBM Corporation20 PMO Within OCIO

21. © 2009 IBM Corporation21 COBIT Framework - Activities and Responsibilities PO1 CARS: Compliance, audit, risk and security (groups with control responsibilities who do not have operational IT responsibilities) Source : ISACA, COBIT

22. © 2009 IBM Corporation22 VAL IT Recommended Organization Chart Source : ISACA, Val IT Framework

23. © 2009 IBM Corporation23 Role Definitions for VAL IT Source : ISACA, Val IT Framework

24. © 2009 IBM Corporation24 VAL IT Framework RACI Source : ISACA, Val IT Framework

25. © 2009 IBM Corporation25 Ref : Capgemini Outsourcing Report Governance of Outsourcing

26. © 2009 IBM Corporation26 Client-Vendor Engagement : Governance of Outsourcing Ref : Gartner

27. © 2009 IBM Corporation27 “Top performing enterprises generate returns on their IT investments up to 40 percent greater than their competitors.”  they clarify business strategies and the role of IT in achieving them  they measure and manage the amount spent and value received  they assign accountability for changes and decisions required to benefit from IT capabilities  they become adept at sharing and reusing IT assets - IT Governance, Peter Weill & Jeanne W. Ross, HBS Press “Firms with above average IT governance combined with a specific business strategy (eg. customer intimacy) had >20% higher profits than firms pursuing the same strategy” Why focus on IT Governance? Source: 2005 MIT SeeIT/CISR survey (625 firms); Peter Weill & Stephanie Woerner Investors have acknowledged their awareness of importance of governance, demonstrating a willingness to pay premium of up to 20 percent on shares of enterprises known to have a governance framework in place - McKinsey Report 2000

28. © 2009 IBM Corporation28 Applying IT Governance to Enterprise Initiatives  Strategy Operationalization  IT Enabled Enterprise Transformation Program  Underlying Organizational Change Management  Portfolio / Investment Management  Framework Implementations e.g. COBIT, ITIL (IT Control Establishments)  Collaborative Innovation

29. © 2009 IBM Corporation29 Enterprise Initiatives Classification Source : W. “ RP ” Raghupathi August 2007/Vol. 50, No. 8 COMMUNICATIONS OF THE ACM

30. © 2009 IBM Corporation30 Enterprise Initiatives Landscape Source : W. “ RP ” Raghupathi August 2007/Vol. 50, No. 8 COMMUNICATIONS OF THE ACM Portfolio / Investment Management : Stage 1 Framework Implementations e.g. COBIT, ITIL (IT Control Establishments) : Stage 1 & 2 Collaborative Innovation : All Stages Audits & Assessments : All Stages Strategy Operationalization : Stage 1 & 2 IT Enabled Enterprise Transformation Program : All Stages Underlying Organizational Change Management : All Stages

31. © 2009 IBM Corporation31 IT Governance for Enterprise Transformation Programs

32. © 2009 IBM Corporation32 Case Study 1 : Manufacturing - Europe  Global organization with revenue of US$ 9 BN  First time in the life span started multi million dollar ERP program and did not succeed in 3 previous attempts  Integrations within applications growing out of hand  Program Office not established  Low awareness and practice of Project Management Methodology  Business frustrated due to consistent failures and not supportive of the initiative  Processes adequate for managing small project but not sustainable for large programs  a) Creation of program office b) Program Sponsor to undertake the OCM c) Revalidation of vendor commitment and customized framework for vendor and application evaluation  Operationalization plan of IT strategy objectives related to program  Mentoring the Program Manager  Creation / implementation of Business- IT alignment initiatives  Establishment of core processes such as risk and quality at the program level  Definition of process maturity framework Problem StatementSolution Provided

33. © 2009 IBM Corporation33 Case Study 2 : How Org Context Affects the IT Governance Source: Carol V Brown Graduate Business School Indiana University

34. © 2009 IBM Corporation34 How Leading firms behave differently  Greater top mgmt commitment to IT  More integrated business and IT planning  Less political turbulence  Higher user satisfaction with IT  More experience managing IT

35. © 2009 IBM Corporation35 Thank you Contact Shrikant Patil Senior Advisory Consultant, IBM India shrikpat@in.ibm.com 9620201083