The Result Data Newsletter   
Volume 806 - June 2008   
© Copyright 2008 Result Data Consulting, Ltd.  614-505-0770  www.resultdata.com   

    Result Data Home Page  |  Newsletter Archive  |  Upcoming Events  |  Classes & Workshops  |  Request Information
Upcoming Events:  Mid Ohio BusinessObjects User Group: 8/6

Return to Newsletter Contents...

Are You Running IT or is IT Running You?

by: Michael Wallace, VP, MBA

Information Technology (IT) departments have long struggled with providing the level of service that the "business" side of the organization has demanded. IT exists but to serve the rest of the organization, and yet customers always demand more. In addition, IT consumes a large share of the company's operating budget and has a voracious appetite for ever more resources.

To make matters worse, how often have IT users and business executives complained that the various IT teams seem to work at cross purposes? How often has one team completed something and "tossed" it to another IT group and walked away? How often has one IT team "slipped in" a change that no one else knew about, and that brought important IT systems to a halt?

Managing IT complexities, while maintaining customer satisfaction, is a difficult task. Companies typically do a few things well, a few things poorly and the rest falls somewhere in the middle. IT is typically not the core competency of the company, yet the very survival of the company may depend on how well its IT operation supports the goals and objectives of the business.

IT governance is an attempt to apply structure and control over how IT is managed within the organization. It includes proper controls over how resources are allocated, how change is managed, and how services are delivered. While IT has its own unique problems, applying basic management and governance principles to how IT is delivered allows the organization to get the most return for its investment in IT.  IT governance can include the following activities:

  1. Defining how money should be spent.

  2. Justifying and prioritizing the investments in IT.

  3. Defining the controls on spending.

  4. Managing and controlling projects.

  5. Deploying IT staff.

  6. Using service level agreements (SLAs) to define appropriate levels of service from IT.

  7. Managing the change control process.

  8. Complying with regulatory requirements such as Sarbanes-Oxley.

While there are several different IT governance models to choose from, they all attempt to bring order to the chaos of IT by some combination of the following activities:

  1. Measurement of results.

  2. Justification of resources used.

  3. Accountability and transparency.

  4. Control of the work being performed.

  5. Coordination of work being done in different areas.

  6. Compliance with internal and external policies or regulations.

  7. Ensuring that IT meets the needs of the organization.

 

IT governance becomes reality with the creation of the appropriate policies and procedures to ensure that the IT governance model used by your organization is being followed. With the right IT governance model and well thought out policies and procedures in place, you can properly control and manage IT to ensure that it brings the maximum value to the business. 

There are several different IT governance models that have been developed, some driven from a strategic viewpoint and others developed from tactical processes such as project management. Each has its strengths and weaknesses; the business and IT management must select the appropriate governance model based on the unique needs of the business. The following are some of the most widely used governance models: 

  • COSO - COSO (the Committee of Sponsoring Organizations) was originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, which was a private sector initiative to study the causes of fraudulent financial reporting by public companies. In 1992, COSO established a framework for the proper authorization, recording and reporting of transactions. The Securities and Exchange Commission (SEC) officially recognizes the COSO framework as adequate for establishing internal controls over financial reporting. COSO is the basis for COBIT's professional standards for internal controls and auditing.

  • COBIT - COBIT™ (Control OBjectives for Information Technology™) is a framework of IT management best practices. It was originally released by the Information Systems Audit and Control Association (ISACA) in 1992 as an IT process and control framework for linking IT to business requirements. In 1998, "Management Guidelines" were added to COBIT providing management tools such as maturity models and metrics, making it more appropriate as a framework for IT governance.

  • ITIL - ITIL™ (Information Technology Infrastructure Library) is a collection of IT service management best practices developed by the government of the United Kingdom. It began as an effort to collect the best IT practices used by the most successful companies into one guideline for efficient IT Operations. An important aspect of this framework was that it be independent of any particular vendor.

  • CMMI - The Capability Maturity Model® Integration (CMMI) is a process improvement approach developed by the Software Engineering Institute at Carnegie Mellon University. It provides organizations with guidelines for developing effective processes at the project level, by a division, or by an entire organization. It helps connect business and IT functions, provides guidance on setting process improvement goals and priorities, offers advice for improving the quality of processes, and provides a mechanism for evaluating current processes.

  • PMBOK - PMBOK (Project Management Body of Knowledge) was developed by the Project Management Institute (PMI) as ‘the sum of knowledge within the profession of project management.’ PMBOK documents and describes the current best practices for managing projects. While not specific to IT projects, it is heavily used in IT as a guide for managing complex IT projects.

  • PRINCE2 - PRINCE2 (Projects IN Controlled Environments) is a project management methodology that provides a structured method for project management. It was initially developed in 1989 by the Central Computer and Telecommunications Agency (CCTA) of the United Kingdom government as a standard for information systems project management.

  • TOGAF - TOGAF (The Open Group Architecture Framework) provides a detailed method and a set of supporting tools for developing an enterprise architecture. Developed by The Open Group in 1995, TOGAF is based on work done by the US Department of Defense.

  • TickIT - TickIT is a software quality assessment system developed primarily by the software industry in the United Kingdom and Sweden. Its purpose is to improve the effectiveness of the quality management process used to create quality software. TickIT is designed to improve quality of software by improving the effectiveness of auditors working in IT through training and subsequent certification. Software development organizations seeking TickIT Certification are required to show conformity with ISO 9001:2000.

Next month we’ll dive deeper into the governance models available and help you determine which one is best for your organization.

Adapted with the permission of Wolters Kluwer Law & Business, from IT Governance: Policies & Procedures, 2008 Edition by Michael Wallace and Larry Webber, 2008.

Go to Top  |  Return to Newsletter Contents
 

The Result Data Newsletter is published approximately once a month to share the latest information on business intelligence, data management and CRM. There should be a link below to allow you to change or remove yourself from our list. We take your requests very seriously. If you have any difficulty please contact us at 614-505-0770 and we will make sure that your request is handled properly. This is not intended to be an unsolicited message and you can reach us in person if needed.

© Copyright 2007 Result Data Consulting, Ltd. - All Rights Reserved
All trademarks and copyrights are the property of their respective owners. This information is provided without warranty.
Announcements
Save Big $$ On Gas This Summer!
 Schedule and attend any one of our qualifying public training classes from July through September 30th to receive up to $385 in gas cards OR  receive 10% off the normal class price.  Please contact our office for further details on promotion amounts and qualifying classes.   Restrictions apply and you must mention the promotional code Gas08 at the time of registration to receive the promotion.  Call 614-505-0770 for further details and restrictions.
Coming Soon...Microsoft SharePoint Workshop
 This two day hands-on workshop covers the most important concepts and topics surrounding how to use Microsoft SharePoint. It is appropriate for both users of Windows SharePoint Services 3.0 (WSS) and Microsoft Office SharePoint Services 2007 (MOSS). Call 614-505-0770 or click here for more information and to reserve your seat.
Mid Ohio BusinessObjects User Group
 Join us for the Spring MOBOUG User Group meeting on August 6th. Call 614-505-0770 or click here for more information and to reserve your seat.
Looking for a Few Good Men and Women
 Join our award winning team of Business Intelligence consultants and .Net Software developers.
Send your resume and salary requirements to: jobs@resultdata.com