05 September, 2006

The art (and difficulty) of selecting an IT Governance Framework

IT Governance is one of those concepts that everyone is talking about.

Many companies after having selected a set of IT Governance pillars are looking for solutions to support them and deliver several types of dashboard to either the Corporate and/or IT Management. But, what are these pillars? Some IT department considers one or more components as IT Governance, some other cumulates several components.

IT Managers very often refer to ITIL, or COBIT, or Balance Scorecards or any other frameworks which will improve efficiency and give some visibility to the business.

Let me briefly describe first what I’m considering as components of an IT Governance, but prior to that, I would like to refer to a very simple definition from the Harvard Business School:

“We define IT Governance as specifying the decision rights and accountability framework to encourage desirable behavior in IT”

Fundamentally, IT Governance is concerned about two main things: IT’s delivery of value to the business and mitigation of IT risks.

The components of IT Governance can or should include at least:

- Aligning IT strategy with the business strategy
- Quality Management
- Strategic IT Planning
- Enterprise Architecture
- Project and Portfolio Management (PPM)
- Service Management
- Audit Management
- Security Management
- Risk Management
- Performance Measurement

The list is not exhaustive and could obviously be completed.

I tried to find if there were any IT Governance frameworks available in the market and always ended with specific frameworks related to the components of this IT Governance. ITIL, COBIT, ISO 9000, CMMi and others… Now, from there, where do I start?

What we need is a Framework of Frameworks… where I know where to start, where to pursue, where to end…all of that in an iterative mode..

I recently discovered The Calder-Moir IT Governance Framework http://www.itgovernance.co.uk/page.framework which looks like as a good initiative in terms of standards framing. This has been developed by IT Governance Limited.

Until today, to my knowledge, no single organization has provided a full picture of how to manage IT Governance. Is this framework something which should be seriously be considered or only a way to sell consultancy?

No comments: