Companies depend on IT to stay competitive, so it’s no
surprise there is a big push to provide the same level of oversight to IT that
is traditionally reserved for areas such as finance and accounting. However,
governing IT is more involved due to its technical nature, and poses unique
challenges for board members and management. Some of the areas management must
take into account are: understanding the impact IT has within the company,
providing boundaries for IT professionals to do their jobs, establishing performance
measurement, and reassuring shareholders that the IT investment is performing
according to preset goals.

To help you get your IT governance program moving in the
right direction, you need a plan that suits the company’s particular needs. To begin,
the board must take the lead in developing an IT governance agenda for
management to follow. IT governance must have complete board member buy-in and
even the non-technical members must be made aware of its importance. The
following steps should help with this process:

  • Create
    an IT strategy committee for better communications between the board and
  • Each
    board meeting includes IT as an agenda item.
  • The
    board should align IT projects with business goals.
  • Measurements
    should be established by the board regarding IT performance.
  • The
    board should challenge management on IT initiatives by benchmarking
    measurable results.

After the board has established the direction for an IT
governance program, it is up to management to put it into action. To help
management decide where to begin, the following steps are suggested:

  • Create
    an outline that will move IT governance forward with clear
    responsibilities for all IT professionals.
  • Management
    should promote responsibility among the IT staff for the success of IT
  • Establish
    a scoring technique to measure current performance results. Monitor these
    key points: organizational support for the implementation, risk management
    responsibilities within the organization, the need for interdepartmental
    sharing of business information, and project communication.
  • Drill
    down and define the process areas in IT that are critical to managing high
    risk areas.
  • Manage
    expectations among IT staff by making it clear this is not an overnight
  • Understand
    the risks associated with IT investment. Consider the company’s previous
    patterns of performance, current IT staff qualifications, complexity of IT
    environment, and the type of new IT initiatives being considered.
  • Analyze
    current capability and identify gaps. Find out where improvements are
    needed most.
  • The
    program should consist of a series of continuous improvement phases rather
    than a one- or two-step process.
  • Decide
    which improvement strategies are the highest priority projects. This
    decision should be based on the most potential benefit and ease of
    implementation of an IT project.
  • Align
    IT strategy with business goals by asking tough questions such as: where
    does IT fit in the overall strategy for the company, what is management’s
    risk tolerance level with IT investments, and what are the major IT issues
    facing the organization at the moment.

Putting an IT governance program in place is no small task
and may seem like overkill when IT makes up only a small portion of the
company’s overall budget. However, with today’s budget constraints and tight
margins, coupled with IT’s increasing role in running and growing an
enterprise, the work involved in establishing an IT governance program can
provide dividends by enabling a more responsive and cost-effective organization.
By using these tips to implement your governance program, you should have a
clearer picture of your IT organization’s strengths and weaknesses.