Forget SOX!


Are "flavors of the month" such as SOX and ITIL taking away focus from IT Governance?


Over the past few years, the frenzy over SOX had dimmed the lights on other issues facing the IT Organization. This latest entrant to the "flavor of the decade" club took over where Y2K left off. IT Organizations lapped it up like junkies in need of a new fix.

Don't get me wrong. The focus on SOX compliance is not misplaced. However, my disagreement is with that single-minded focus causing organizations to overlook other, perhaps more critical, issues. I am also appalled at how SOX has marginalized the rest of IT Governance.

Whatever little space SOX left, ITIL -the new flavor of the month - has taken. Again, the focus on ITIL is not misplaced but it has to be in the context of the "big picture" of IT Governance.

So, it is time to revisit, the "big picture" of IT Governance.

What is IT Governance?

  • IT Governance is a set of management and control processes and organizational structures to manage IT for shareholder value.
  • IT Governance sits on top of the other elements of IT capability - strategy, processes, infrastructure, and organization - making sure that each is individually tuned and collectively coordinated, to deliver shareholder value.
  • IT Governance process connects - measures, monitors, and controls - with every process in IT. At a high level, these IT processes fall under the continuum of identity, select, fund, build and deploy).

Who needs IT Governance?

The objective of IT Governance is to ensure the delivery of IT value through a structured system. This system ensures that we make the right decisions at the right time.

Specifically, IT Governance ensures the following:

  1. Smooth i.e. disruption-free operations
  2. Effective and Efficient processes
  3. Effective Risk Mitigation

What are the elements of IT Governance?

IT Governance measures, monitors, and controls other elements of IT capability. It does so by defining a clear set of events, processes, actions, roles, and responsibilities and ensures delivery by aligning them with requisite authority and a system of reward and punishment.
IT Governance is part of every IT process. Consequently, it has the following major processes:

  • Business and IT Alignment
  • Enterprise Architecture Planning (including technology standards)
  • IT Service Management
  • Application Portfolio Management
  • Enterprise Data Management
  • Infrastructure Management
  • Project Portfolio Management
  • Budget/funding Management
  • Compliance with EA and standard (Building permit process)
  • Project Management Office (including Project Management for key initiatives)
  • Organization assessment and impact (system of performance-based culture; employee satisfaction; employee compensation management etc.)
  • Business impact and change management
  • Strategic sourcing management
  • Legal and Regulatory compliance - including SOX.
  • IT risk management
  • Security

This is not meant to be an exhaustive list. However, I hope we have the critical CxO-level IT Governance processes included in it.
There is a hierarchy of IT decisions. For each decision, there is a process including components or sub-process for its governance. Consequently, there are layers underneath these items described above. One can also club them into groups or subgroups.
For IT Governance to be effective, its processes must mesh with those of the enterprise. This ensures consistency, compliance, and conformity on one hand and the sharing of best practices to make the enterprise governance effective and efficient, on the other.

Why IT Governance?

IT provides a promise of shareholder value. How do we ensure the delivery against this promise? The role of IT governance is just that - to make sure business value is delivered in an "orderly" and "predictable" way.

Hence, IT Governance is critical to the success of every IT Organization.

Does every organization need the entire laundry list of IT Governance processes described above? IT Governance is needed wherever IT processes and needed. If your organization does not have one of the processes described above then it does not need governance!
Over the coming weeks, we will take a look at each of the key elements of IT Governance and provide tools and techniques to effectively manage them.

About the Author

Sourabh Hajela is a management consultant and trainer with over 20 years of experience creating shareholder value for his Fortune 50 clients. His consulting practice is focused on IT strategy, alignment, and ROI. For more information, please visit his IT Strategy Consulting Firm.


Signup for Thought Leader

Get the latest IT management thought leadership delivered to your mailbox.

Mailchimp Signup (Short)

Join The Largest Global Network of CIOs!

Over 75,000 of your peers have begun their journey to CIO 3.0 Are you ready to start yours?
Mailchimp Signup (Short)