Now that technology has such an essential role in business, the alignment of IT and business strategies has become an indispensable feature for any organisation’s success and functionality.
The formal way of aligning the IT and business strategies is through IT governance, where organisations can produce quantitative results to achieve their goals by implementing a formal framework. This formal structure or scheme also takes into account the interest of stakeholders and employees, making IT governance an integral part of the overall enterprise governance.
Here we review what IT governance is all about and which are the most used frameworks.
What’s IT governance and why is it important?
Global research and advisory firm Gartner defines IT governance (commonly abbreviated as ITG) “as the processes that ensure the effective and efficient use of IT in enabling an organisation to achieve its goals.”
The firm expands the definition into IT demand governance (ITDG) - what IT should work on, and IT supply-side governance (ITSG) - how IT should do what it does. IT governance responsibility lies under the CIO.
Any business which depends on IT (which is the vast majority) can’t have a healthy corporate governance unless it has a good IT governance as well. According to a study by research organisation Governance Metrics International, 1,600 companies indicated that businesses with strong governance outperform those with weak ones in terms of shareholder return.
IT governance is a requirement of both the public and private-sectors, and a formal IT governance schedule should be on the radar of all organisations. Regardless of the industry they are in, they need to comply with regulations related to financial and technological accountability.
At the same time, implementing a comprehensive IT governance programme can be costly and time-consuming. Where very small entities might practice only essential IT governance methods, the goal of larger and more regulated companies should be to have a fully-fledged IT governance schedule.
As Abdul Rahman Ahlan, researcher in the International Islamic University Malaysia, explains in his paper on the necessity of efficient IT governance in Malaysian public universities, “the need for ITG [...] arose based on the fact that organisations have to think beyond IT and its infrastructures as a department, and that, there should be justifications for budget committed to the sustenance of such IT products and services.”
An IT Governance case study
“When I started my career, an issue impacting IT could be contained within the IT department, most people within the organization wouldn't even have known (we got away with it!),” David Cotgreave, Professional Services Director at Stoneseed, wrote in sister title CIO.com. “Now such an event can have an impact on your whole business. Things like a breach of security, failure of infrastructure, extended downtime, loss or corruption of data can all have serious consequences for your organisation's reputation or its ability to achieve strategic business goals.”
“The point is,” he added, “[...] IT and your business are inextricably linked – your IT and business strategies need to be equally so.”
Neil Crocket, CDO of Rolls-Royce, flew to one of the company’s factories in Singapore shortly after being appointed to understand how the organisation works as a business.
Crockett watched the jet engines that power Airbuses being assembled, and learned how these powerful machines withstood incredible temperatures and air pressure to keep planes flying through the sky.
Their complexity and cost explains why the Rolls-Royce business model relies on long-term service contracts and showed there was enormous potential for predictive analytics.
"Ninety-seven percent of the faults found on our engines are automatically predicted," said Crockett. "By planning and understanding how our engines work, we have reduced disruption to our customers by 40 percent in the last 13 years, and we've reduced our maintenance burden by 30 percent since 2012."
If a company has its IT strategy in tune with the business, you can usually tell by its success and overall results.
“The difference between firms that have aligned IT and business strategy and those that have not is quite stark,” continued Cotgreave. “To be honest, you can usually tell after spending a really short time with them which category they fall into. Firms with aligned IT feel dynamic and agile, they feel current, connected and one step ahead of their own needs. Meanwhile, the ones who have not aligned the two are increasingly getting left behind – that’s the “or else” I referred to in my header.”
CEOs and their corporate boards expect to harness technology to search for new pockets of growth. As a result, CIOs must adopt a broader strategy called "unbounded IT," says Bill Briggs, CTO and managing director of Deloitte Consulting.
As Deloitte explains, an unbounded IT organisation requires that CIOs think beyond their own experiences and domain expertise and begin viewing IT through a different operational and strategic lens.
Unbounded IT essentially means breaking down the bureaucratic silos between IT and business and forming a closer collaboration with stakeholders.
"We're in a moment now of [asking], how do you reinvent what it means to deliver technology?" Briggs says. "Technology is at the heart of business strategy and at the heart of next-generation products and services, customer engagement and how work gets done."
Ways of implementing IT governance programmes
Organisations have been using IT governance frameworks for years and there's a history of frameworks created by industry experts. Here are some of the most used ones:
- ITIL: Formerly an acronym for Information Technology Infrastructure Library, ITIL focuses on IT service management. It aims to ensure that IT services support core processes of the business. ITIL comprises five sets of management best practices for service strategy, design, transition (such as change management), operation and continual service improvement.
- COBIT: Published by ISACA, COBIT is a comprehensive framework of "globally accepted practices, analytical tools and models" designed for governance and management of enterprise IT. With its roots in IT auditing, ISACA expanded COBIT's scope over the years to fully support IT governance.
- FAIR: Factor Analysis of Information Risk (FAIR) is a relatively new model that helps organizations quantify risk. Its focus is on cyber security and operational risk, with the goal of helping organisations make more well-informed decisions. Although it's one of the newer frameworks, it has already gained great traction with Fortune 500 companies.
- CMMI: The Capability Maturity Model Integration method, developed by the Software Engineering Institute, is an approach to performance improvement. CMMI uses a scale of 1 to 5 to gauge an organisation's performance, quality and profitability maturity level.