Forget SOX!

Are "flavors of the month" such as SOX and ITIL taking away focus from IT Governance?

Over the past few years, the frenzy over SOX had dimmed the lights on other issues facing the IT Organization. This latest entrant to the “flavor of the decade” club took over where Y2K left off. IT Organizations lapped it up like junkies in need of a new fix.
Don’t get me wrong. The focus on SOX compliance is not misplaced. However, my disagreement is with that single minded focus causing organizations to overlook other, perhaps more critical, issues. I am also appalled at how SOX has marginalized the rest of IT Governance.
Whatever little space SOX left, ITIL – the new flavor of the month – has taken. Again, the focus on ITIL is not misplaced but it has to be in context of the “big picture” of IT Governance.
So, it is time to revisit, the “big picture” of IT Governance.
What is IT Governance?
IT Governance is a set of management and control processes and organizational structure to manage IT for shareholder value.
IT Governance sits on top of the other elements of IT capability – strategy, processes, infrastructure and organization - making sure that each is individually tuned and collectively coordinated, to deliver shareholder value.
IT Governance process connects – measures, monitors and controls – with every process in IT. At a high level, these IT processes fall under the continuum of identify, select, fund, build and deploy).
Who needs IT Governance?
The objective of IT Governance is to ensure delivery of IT value through a structured system. This system ensures that we make the right decisions at the right time.
Specifically, IT Governance ensures the following:

  1. Smooth i.e. disruption free operations
  2. Effective and Efficient processes
  3. Effective Risk Mitigation

What are the elements of IT Governance?
IT Governance measures, monitors and controls other elements of IT capability. It does so by defining clear set of events, processes, actions, roles and responsibilities and ensures delivery by aligning them with requisite authority and a system of reward and punishment.
IT Governance is part of every IT process. Consequently, it has the following major processes:

  • Business and IT Alignment
  • Enterprise Architecture Planning (including technology standards)
  • IT Service Management
  • Application Portfolio Management
  • Enterprise Data Management
  • Infrastructure Management
  • Project Portfolio Management
  • Budget/funding Management
  • Compliance with EA and standard (Building permit process)
  • Project Management Office (including Project Management for key initiatives)
  • Organization assessment and impact (system of performance based culture; employee satisfaction; employee compensation management etc.)
  • Business impact and change management
  • Strategic sourcing management
  • Legal and Regulatory compliance - including SOX.
  • IT risk management
  • Security

This is not meant to be an exhaustive list. However, I hope we have the critical CxO level IT Governance processes included in it.
There is a hierarchy of IT decisions. For each decision, there is a process including components or sub-process for its governance. Consequently, there are layers underneath these items described above. One can also club them into groups or sub groups.
For IT Governance to be effective, its processes must be meshed with those of the enterprise. This ensures consistency, compliance and conformity on the hand and the sharing of best practices to make the enterprise governance effective and efficient, on the other.
Why IT Governance?
IT provides a promise of shareholder value. How do we ensure the delivery against this promise? The role of IT governance is just that – to make sure business value is delivered in an “orderly” and “predictable” way.
Hence, IT Governance is critical to the success of every IT Organization.
Does every organization need the entire laundry list of IT Governance processes described above? IT Governance is needed wherever IT processes and needed. If your organization does not have one of the processes described above then it does not need governance!
Over the coming weeks, we will take a look at each of the key elements of IT Governance and provide tools and techniques to effectively manage them.
Sourabh Hajela is a management consultant and trainer with over 20 years of experience creating shareholder value for his Fortune 50 clients. His consulting practice is focused on IT strategy, alignment and ROI. For more information, please visit Or feel free to contact Sourabh at [email protected] .

Documents are in common file formats such as Microsoft Word (doc), Powerpoint (ppt), Excel (xls,csv,xlsx), and Adobe pdf.


*!#@ The E-Mail. Can We Talk? Face-to-face meetings can trump technology. Some companies call for "no e-mail Fridays"
10 best practices for your enterprise SOA SOA's benefits are seldom, if ever, questioned. However, one must embark on this journey carefully. This article provides some pointers. Read the arti...
11 Leadership Competencies of the IT Leader “With speed so important, IT leaders have to be much more decisive when addressing rapid changes to technology and business drivers. They need to be m...
12 Tips to More Effective Communications There are two types of leaders - ones who can communicate and others who fail. Effective communications are indeed that important to leadership. Are ...
20 Dumb Mistakes Organizations Make This article is funny but makes an excellent point - do not assume your employees are dumb. Leaders make dumb mistakes because they underestimate thei...
5 Critical Requirements Steps that get Missed: Wha... Over the years, I have worked with, mentored, trained, managed and interviewed hundreds of Business Analysts. What I am about to tell you will shock y...
5 Reasons For Outsourcing Failure Why do outsourcing relationships fail? Here are five reasons to watch out for... Read on>>
7 things a CxO should know about eBusiness Over a decade after Senator Al Gore invented the internet2, organizations are still struggling with leveraging it effectively. The “old economy” or “b...
A blind man crosses the road – Budgeting in ... Ever seen a blind man cross the road..? – or is that just Exco (The executive committee) trying to decide on the IT budget? There is something g...
A Blueprint for Strategic Leadership The title suggests that the article will give out the leadership "formula." It doesn't. Still it is an excellent read because it provides very good ex...
A Business Model Framework to Analyze the Impact o... eBusiness Strategy Issue No 1: What is the place of eBusiness in our business model? This paper presents a framework to address this issue - from shou...
A Business-Oriented Foundation for Service Orienta... SOA must be firmly grounded in business. It is a business imperative that SOA is addressing. This article provides a good introduction to that connect...
A Case for SOA Governance A very good primer on goverance in general and its application to SOA. If you are just getting started, then this might be a good place to get rolling...
Do NOT follow this link or you will be banned from the site!
WtN YeE vyBwRpyUkTW r c