CIOs will face many challenges in 2003. They must improve ROI, increase service levels, and enhance security—all while maintaining flat budgets and headcount.

How can CIOs meet these objectives while still living with current restrictions? By fundamentally changing how the IT department is run by implementing IT governance. It’s a buzzword you’ll hear a lot about this year. Here’s why this new concept could be exactly what you’ve been looking for to improve processes without increased funds.

Defining IT governance
At its most basic level, IT governance is the set of policies, processes, and procedures that support everything else that IT does. Some disciplines that make up IT governance are change management, problem management, release management, availability management, and service-level management.

IT governance isn’t sexy like the latest technology innovation, and no one is selling IT governance with hundred-million-dollar marketing budgets. Yet IT governance is at least as important as any piece of infrastructure or any application—perhaps more so in an environment where the CIO has to do more with less.

The need for IT governance
Thanks to enterprise applications, e-business, and Y2K, IT organizations were in constant fire-fighting mode from 1995 through 2000. The emphasis was on speed of implementation—even if this meant cutting corners or compromising on quality. This resulted in problems such as missed project deadlines, cost overruns, unanticipated downtime, and security lapses.

IT governance is meant to address and correct these bad habits. It’s based on high-quality, well-defined, and repeatable processes. At a more detailed level, governance outlines policies, highlights procedures, requires meticulous documentation, and establishes a plan for constant improvement.

Models in place
There are several well-established IT governance models. The most popular is the IT Infrastructure Library (ITIL). ITIL has widespread support in Europe but is also gaining popularity in North America. ITIL defines a set of best practices in 24 disciplines.

Another established IT governance framework is the Control Objectives for Information and Related Technology (CobiT). CobiT was created to align IT resources and processes with business objectives, quality standards, monetary controls, and security needs. CobiT is composed of four domains:

  • Planning and organization
  • Acquisition and implementation
  • Delivery and support
  • Monitoring

Each of these domains has a series of subdomains that fill in the details.

The ROI can be high
Many organizations have embraced ITIL and CobiT and have achieved measurable success. Proctor & Gamble adopted the ITIL model in 1997 and claims that through ITIL it has saved more than $500 million over four years. A study of the savings within Procter & Gamble’s finance and accounting IT departments showed a 6 percent to 8 percent cut in operating costs and a reduction in technology staff of between 15 percent and 20 percent. Morton Cohen, Proctor & Gamble’s manager of global service management, said, “When IT processes are done by 5,000 people consistently across one company, service management can deliver tremendous savings.”

The government of Ontario, Canada, also embraced ITIL. Ontario needed to improve service to its 25,000 users at 1,000 locations. By adopting ITIL, the government created a virtual service desk that not only improved response time and reduced trouble tickets but also decreased support costs by 40 percent.

CobiThas its share of success stories as well. The state of Kansas uses CobiT standards as part of its virtual government strategy to keep costs low and deliver consistent service to its customers and constituents. Dell Computer includes CobiT best practices as part of its Control Self Assessment (CSA) corporate policy, a set of auditing checks and balances that helps the company maintain its high quality.

Establishing IT governance
These impressive results from well-respected organizations are clear indicators that IT governance can pay off. But sometimes starting can be the toughest step to take. Here are three tips on proceeding with IT governance:

  • Focus on the biggest weaknesses. Implementing the entire ITIL or CobiT model would be overwhelming for any IT shop. Instead, start with the biggest pain point. For example, if your IT organization is having trouble supporting a large distributed organization, do what Ontario did and execute the ITIL help-desk processes. Work through the training, organizational changes, and implementation challenges in one area as a learning experience, then move on to other problem areas. Remember to benchmark the current environment before you begin the IT governance effort so you can measure progress over time.
  • Get buy-in from executive management and the IT staff. Although IT governance is designed to improve efficiency and business responsiveness, it does involve some formal process changes that may introduce formality and friction in the organization. Senior executives must lead the transition by rallying the company and communicating that any short-term changes are an investment for long-term benefits for the entire organization. The CIO must get the troops behind the effort through compensation changes, where IT bonuses are based on overall metric improvements and budget reductions. Once IT governance standards are in place, experts say you can expect to see positive results in six months.
  • Reach out for help. ITIL best practice volumes cost only $90 to $150 each, and they’re worthwhile to seek out help with baselining, training, and process creation. Hewlett-Packard has a long history of ITIL excellence, while IBM Global Services has also established an IT governance practice. Local specialists such as Pink Elephant in Canada and Treadstone71 in New England are also IT governance experts.

Start now on the path to big rewards
CIOscan’t continue to try to maintain the status quo when they are on the hook to improve results while decreasing staff and overall spending.

IT governance standards such as ITIL and CobiT obviously can help lower costs while improving service. Proctor & Gamble, the government of Ontario, the state of Kansas, and Dell Computer, and others have seen measurable improvements by establishing IT governance. That’s why CIOs should start small and grow, get corporate and IT buy-in, and find service partners to start the governance process.