Forget SOX!

Over the past few years, the frenzy over SOX had dimmed the lights on other issues facing the IT Organization. This latest entrant to the “flavor of the decade” club took over where Y2K left off. IT Organizations lapped it up like junkies in need of a new fix.
Don’t get me wrong. The focus on SOX compliance is not misplaced. However, my disagreement is with that single minded focus causing organizations to overlook other, perhaps more critical, issues. I am also appalled at how SOX has marginalized the rest of IT Governance.
Whatever little space SOX left, ITIL – the new flavor of the month – has taken. Again, the focus on ITIL is not misplaced but it has to be in context of the “big picture” of IT Governance.
So, it is time to revisit, the “big picture” of IT Governance.
What is IT Governance?
IT Governance is a set of management and control processes and organizational structure to manage IT for shareholder value.
IT Governance sits on top of the other elements of IT capability – strategy, processes, infrastructure and organization - making sure that each is individually tuned and collectively coordinated, to deliver shareholder value.
IT Governance process connects – measures, monitors and controls – with every process in IT. At a high level, these IT processes fall under the continuum of identify, select, fund, build and deploy).
Who needs IT Governance?
The objective of IT Governance is to ensure delivery of IT value through a structured system. This system ensures that we make the right decisions at the right time.
Specifically, IT Governance ensures the following:

  1. Smooth i.e. disruption free operations
  2. Effective and Efficient processes
  3. Effective Risk Mitigation

What are the elements of IT Governance?
IT Governance measures, monitors and controls other elements of IT capability. It does so by defining clear set of events, processes, actions, roles and responsibilities and ensures delivery by aligning them with requisite authority and a system of reward and punishment.
IT Governance is part of every IT process. Consequently, it has the following major processes:

  • Business and IT Alignment
  • Enterprise Architecture Planning (including technology standards)
  • IT Service Management
  • Application Portfolio Management
  • Enterprise Data Management
  • Infrastructure Management
  • Project Portfolio Management
  • Budget/funding Management
  • Compliance with EA and standard (Building permit process)
  • Project Management Office (including Project Management for key initiatives)
  • Organization assessment and impact (system of performance based culture; employee satisfaction; employee compensation management etc.)
  • Business impact and change management
  • Strategic sourcing management
  • Legal and Regulatory compliance - including SOX.
  • IT risk management
  • Security

This is not meant to be an exhaustive list. However, I hope we have the critical CxO level IT Governance processes included in it.
There is a hierarchy of IT decisions. For each decision, there is a process including components or sub-process for its governance. Consequently, there are layers underneath these items described above. One can also club them into groups or sub groups.
For IT Governance to be effective, its processes must be meshed with those of the enterprise. This ensures consistency, compliance and conformity on the hand and the sharing of best practices to make the enterprise governance effective and efficient, on the other.
Why IT Governance?
IT provides a promise of shareholder value. How do we ensure the delivery against this promise? The role of IT governance is just that – to make sure business value is delivered in an “orderly” and “predictable” way.
Hence, IT Governance is critical to the success of every IT Organization.
Does every organization need the entire laundry list of IT Governance processes described above? IT Governance is needed wherever IT processes and needed. If your organization does not have one of the processes described above then it does not need governance!
Over the coming weeks, we will take a look at each of the key elements of IT Governance and provide tools and techniques to effectively manage them.
Sourabh Hajela is a management consultant and trainer with over 20 years of experience creating shareholder value for his Fortune 50 clients. His consulting practice is focused on IT strategy, alignment and ROI. For more information, please visit Or feel free to contact Sourabh at [email protected] .

Documents are in common file formats such as Microsoft Word (doc), Powerpoint (ppt), Excel (xls,csv,xlsx), and Adobe pdf. 1

Leave a Reply