Best practices to install an IT governance

CONFERENCE PAPER ǀ Governance ǀ 24 April 2013

Duranti, Giancarlo

How to cite this article:

Duranti, G. (2013). Best practices to install an IT governance. Paper presented at PMI® Global Congress 2013—EMEA, Istanbul, Turkey. Newtown
Square, PA: Project Management Institute.

Abstract
The organization of the major mobile companies moved to the initial “project-based” organization, typical of the startup phase, to a more
structured and efficient organization. The capability to build and install a brand, new IT governance requires a detailed knowledge of the
organization not only related to its strategic plan. Being able to assess the maturity level is essential to reaching the goal. The project-based
organization, the use of standards as well as the process view, are critical factors to setting up an effective governance system.

The case outlined through this paper presents the real life scenario in which two mobile operators, already on the market, were merged into the
parent company. A new Mobile Business Unit was created. Different organizations, different methods, different IT systems, and different people
and cultures converged in the new organization.

As a typical approach of every kind of start-up, tasks are accomplished as fast as possible with the main objective of firing up systems in
production and guaranteeing the service to customers as soon as possible. After this first fundamental step, however, it was mandatory for the IT
department to achieve a higher level of organizational maturity through:

- Better efficiency

- Costs optimization

- Cut down time to release new services to customers

- Improve the overall quality of the IT services provided

Introduction
IT governance (ITG) is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. IT
demand governance (ITDG — what IT should work on) is the process by which organizations ensure the effective evaluation, selection,
prioritization, and funding of competing IT investments; oversee their implementation; and extract (measurable) business benefits. ITDG is a
business investment decision-making and oversight process, and it is a business management responsibility. IT supply-side governance (ITSG —
how IT should do what it does) is concerned with ensuring that the IT organization operates in an effective, efficient and compliant fashion, and
it is primarily a CIO responsibility. For more details on the IT glossary see http://www.gartner.com/it-glossary/it-governance/

IT governance focuses specifically on information technology systems, their performance, and risk management. The primary goals of IT
governance are to assure that the investments in IT generate business value, and to mitigate the risks that are associated with IT. This can be
done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications,
and infrastructure (Brisebois, 2011, §3).

IT governance also implements processes and conventions that address alignment to the strategy and priority; accountability through structures,
processes, and measurements that ensure control over assets, risks, value delivery, and performance; communication that is how decisions and
information are communicated upward and outward, to customers and stakeholders, and downward and inward, to those who do the work
(Jaques, 2009, §2).

The Project
Before going through the case, let's take a look to what happen when a traditional IT model (Exhibit 1) adjusts itself to the organization
evolution.
Exhibit 1 – Traditional IT model

In a non-structured organization, the business user forwards its requests to the IT department without the support of any structured process. As
a typical approach, once the requirements are “frozen” the IT department processes the requests. The only further point of contact between the
two is at the user acceptance test, the UAT stage, when it's too late to intervene. Over time, organizations introduced improvements in
organizational processes and methodologies applied but still the request-to-delivery cycle remains critical. Some of the drawbacks of this
approach are listed below:

Business user to IT department

▪ The business user keeps feeding the IT department with requests; the requests emerge following the emotional, ever changing, sense of urgency
that the business area accountable feels towards the requests; the busy business area does not follow a precise request strategy, does not have
the time (or all the elements) necessary in order to correctly prioritize their requests.

▪ The business area is accountable, based on its own sense of urgency, to perform the same request to more than one person within the IT
department with the hope that at least one will do it. The consequence is that several requests are forwarded to the IT department, often
disguised and included within other initiatives. In the best of cases, after an increasing confusion and misunderstandings, a rationalization process
starts, requiring several meetings, time and effort to clarify the requests and formulate them correctly. In the worst ones, the same functionality
or process is implemented inefficiently in more than one system or IT process.

▪ Often the business area perceives its interactions with the IT department as a “thing that we need to do” but that distracts time and effort to
the “real work we should be doing”; “I‘m a marketing guy, what I should do is marketing and not analysis for the IT department.” This
understandable complaint results in poor user requirement specification and to a final solution that does not meet the expectations of the
business community.

IT department in handling user requests

▪ It happens that the IT project people do not have the visibility on the overall resources availability and commit to requests that will not be
handled or will be carried out only partially. This kind of behavior, not only damages the relationship between the business user and the IT but
introduces, as a consequence, several inefficiencies on the IT side.

▪ IT analysts interpret user requests according to what they think is reasonable or worse; in time of scarcity or resources, they plainly simplify the
business requests. Both, business users and IT professionals are happy in the beginning; the first does not receive continuous requests for
clarifications that distract them from what they're doing (the request was crystal clear after all) and the second think that “something will be
better than nothing,” often ignoring the impacts of what was left out on complex business processes. The surprise emerges at the user
acceptance test stage when time and effort are lost in explanations, rework, development of patches, and so on.

▪ IT operates in a “continuous emergency” that in the long run takes a toll on resources, on the quality and efficiency of what is delivered, which
results in less than optimal use of resources and a long time spanned between the business request and the delivery of the solution in
production.

***

The case of the company described in this paper was at a stage of its evolution in which the start-up phase still permeates the IT department
organization and processes. The project-based organization of the IT department was vital in this phase in which the drive was toward “doing
things” as fast as possible, moving systems into production and granting at least the basic services to be delivered. The organization needed now
to move to a further maturity level, to a different organizational and process based setup. Among the imperatives were:

▪ Reduce the cost of IT while creating greater value

▪ Speed up the product design and delivery cycle

▪ Better support and meeting the business user requirements.

It is proved that, at the end of the start-up phase, the “Project-Based” organizational model shown in Exhibit 1 is not able to evolve. In addition, it
becomes the origin of several kinds of problems that increase their impacts by the time the environment becomes bigger and more complex:

▪ There is no clear ownership and understanding of the business requests that impact more than one system.
▪ There is a lack of a process view.

▪ There is a lack of reuse with regard to several important domains: analysis, people experience and software components.

▪ There is a lack of standard and clear-cut interfaces between the phases of the software life cycle.

▪ There is an inefficient use of IT resources.

In order to overcome these issues and manage a more complex environment, a new model was proposed (Exhibit 2):

Exhibit 2 – IT governance model proposed

Benefits in applying this model were among others:

▪ The business initiatives are properly managed through the use of a portfolio management process through which the analysis of all the relevant
factors allows undertaking and prioritizing the initiatives relevant to the organization strategy.

▪ The IT management has a full control of all relevant aspects that impact the IT department (costs, efficiency and relevance of the initiatives,
timeliness, etc.).

▪ Since Demand Management area has good knowledge of the business processes, it is able to structure the requests towards IT in the most
efficient way. In addition, it is in charge of monitoring the realization and release of each solution.

▪ Each competence area (i.e., billing, sales, etc.) is focused on its own duties and effectively uses standards and tools that are known and well
used within the adjacent areas.

The Approach
In order to enhance the maturity level of the IT department, a step-by-step approach driven by the information collected after an assessment
phase has been applied. As a result, two new key areas have been introduced — Demand Management and Program Management Office, and the
existing three — Development, Test and Rollout, and Operations — have been reinvigorated.

Exhibit 3 – The new IT organizational model

In order to understand how the model has been applied, a detailed description of each area is provided as follows.

Demand Management: Facilitating the Request to Delivery Cycle

The organization needed to structure a straightforward but formal process that ensures that business user requests were prioritized, understood
and formalized according to mutually agreed standards, and worked upon according to a company-wide well known and shared process. This was
mandatory in order to deliver value to the business user and to the organization with the best accuracy, cost efficiency, and time.
The IT Demand Management organization and processes have acquired more and more relevance in all industries in the last few years. This is
mainly due to the high speed change of the IT market, to the continuous new products and services development cycle and to the shorter time
to market requests by the business communities.

In addition to the external pressure on companies, what is pushing the Demand Management paradigm is the need for efficiency and a growing
attention to cutting costs and increasing value within the IT department and the whole organization. In more detail, Demand Management has
the responsibility for:

▪ Creating and maintaining relationships with the internal client (starting from understanding their business needs through feasibility analysis,
costs/benefits evaluation, and the functional analysis).

▪ Defining IT budget and prioritizing the internal client needs.

▪ Estimating, together with the development area, the effort for developing business requests.

▪ Negotiating agreement among the business community, development, operations, and other technical areas or sometimes vendors on
priorities.

▪ Monitoring on behalf of the internal client that solutions are developed and released in accordance with the service level agreements in the
terms of quality, time, and functionalities requested.

Exhibit 4 – Functional demand management

The Functional Demand Management structure (Exhibit 4) specializes in a specific internal client area to better cover internal client business
needs by understanding their business better and better and, by doing so, validating user requests while keeping the “big picture” in mind. People
working in this area know their internal client and can act as consultant and facilitator on both sides of the fence. With this organization, each
business unit (e.g., Sales department) interacts with its Demand Management office. For example, if price modifications needs to be introduced,
the request is handled by the Sales Demand Management area. The Sales Demand Management area cooperates then with the billing
Development people (the most impacted) to identify the most appropriate solution. The Sales Demand Management is in charge of following
the business request end-to-end from the requirements phase through the implementation in production and to validate the benefits expected.

Program Management Office: Monitoring for Execution

The objective here was to be able to control the most relevant initiatives that the management wanted to start. The program management office
put in place processes and tools that allowed the organization to undertake and monitor all the initiatives that will participate within the IT
Strategic Program.

Exhibit 5 represents the “value creation” building blocks. The set up of these “building blocks” and their fine tuning have the goal of making sure
that the projects that are being carried out by the organization, are executed well and all are making significant contributions to the organization
key objectives.

In summary, the process that underlies the set of disciplines represented is the following:

▪ Management defines the company strategic objectives and defines the drivers that impact those objectives.

▪ Portfolio Management has the goal of defining which set of initiatives/projects are better aligned with the business imperatives and maximize
the value for the company given the resources available per year.

▪ Program Management constitutes a monitoring and enabling infrastructure that ensures the selected projects are carried out in an efficient and
coordinated way.

▪ Project Management applies the set of tools and techniques to execute the projects according to the expectations.
Exhibit 5 – Value creation building blocks

The Program Management Office represents a stable organizational unit responsible for:

▪   Controlling and managing issues, risks, and quality assuring program benefits achievement

▪   Reporting to management the IT planning and results

▪   Approving program/projects and managing resources appropriately

▪   Guaranteeing communication and coordination between programs/proj ects

▪   Developing project management processes and tools

▪   Coaching and training center for all program/project related matters

A centralized PMO makes great sense to ensure that all project managers have a core set of project management skills, common processes, and
tools. It provides the organization with a view of the status of all projects and reports on the improvements made to project delivery capabilities
over time. The PMO facilitates project team communication by using common processes, deliverables, and terminology.

Development
The development area has the objectives of implementing new software solutions in the company development pipeline, maintain solutions
already deployed in order to keep them effective and enhance their support of business processes. In addition, they support Demand
Management throughout the process of evaluating business requests by expressing suggestions on feasibility studies and in evaluating technical
alternatives to better address business needs and issues. The Development area also has the important task of documenting the detailed design
of the solutions that will be implemented and to keep the documentation updated over time. More specifically, the Development area has the
responsibility of:

▪   Managing development projects, following a structured project management methodology

▪   Performing systems or functionalities analysis and design

▪   Configuring and tuning the development environment (i.e., development tools, databases, etc.)

▪   Supporting IT management in making or buying analysis and in COTS solutions evaluation

▪   Developing, configuring and integrating applications/systems functionalities

▪   Performing unit and system test of the software solutions implemented

▪   Providing systems functionalities document and reports

▪   Developing user procedures and handbook

▪   Correctly and timely releasing the software solutions and documentation to the Test and Rollout area

▪   Supporting the Test and Rollout area in software testing and releasing

Test and Rollout: Solutions Validation and Verification

Ensuring that the software released in production responds to requirements:

▪   It is correctly and thoroughly documented

▪   Works correctly according to the functional and non-functional requirements initially agreed upon

▪   It is correctly integrated with all the systems/components it is supposed to interface

More specifically, the Test and Rollout is responsible for:

▪   Planning, defining and sharing the detailed test plans

▪   Designing the test cases to check new functionalities guaranteeing that the software released is compliant with them

▪   Performing the test cases, tracing each dysfunction, and following up with Development to have it fixed properly

▪   Maintaining traceability during the test phase and reporting on test status/progress

▪   Supporting the end user in the user acceptance test activities, guaranteeing the correct configuration of the test bed environment;

▪   Supporting the operations department personnel in the deployment phase

Operations
The Operations area ensures IT operations are up and running and that all measures have been taken to ensure non disruption of services. It will
also ensure that service delivery is competitive compared to industry standards. More specifically, the Operations department has the
responsibility for:

▪   Running the company applications (SW, HW, infrastructures, etc.) so that the company activities can be performed as expected

▪   Guaranteeing SLA and OLA compliance agreed through continuous application monitoring and controlling

▪   Guaranteeing that security policies are applied to assure the information protection level expected

▪   Managing business interruption risk and defining disaster recovery procedures

▪   Managing operations budget

▪   Supporting end users through the establishment of a help desk

The Methodology
The methodology applied was the result of the tailoring of different approaches proved to be efficient in several previous initiatives. The
reference structure is the IT Value Framework presented in Exhibit 6.

Exhibit 6 – IT Value Framework

This is a three-layer framework that encompasses all relevant aspects of an efficient and well-structured IT department.

The Manage phase includes the disciplines that bring strategic and operative direction to the IT department.

▪   Strategic planning — Conduct decision making to address IT strategy and investment and to plan developments

▪   IT business management — Manage IT business unit, assuring leadership and coordination inside the different IT services lines and outside IT
department.

▪   IT governance — Maximize return on IT investments in the present and in the future

The Create phase includes the competency domains that contribute to the release of solutions meeting business needs.

▪   Architectural guidelines — Develop a flexible technological framework to support systems and innovation

▪   Innovation management — Design and develop new products and services and a new business model to support a profitable development

▪   Sourcing management — Define a sourcing strategy to involve suppliers and make them become partners for higher value contribution.

▪   Program management — Assure that IT projects and programs become available to clients in the time and manner agreed, guaranteeing an
acceptable risk level.

▪   Delivery management — Optimize client requested IT products and services development and release.

The Realize phase is where value becomes available for the whole organization.
▪   Human resources management — Make available the right resource in the right moment. Handle the evaluation process and the professional
development.

▪   Demand management — Guarantee that the internal client maximizes its benefits from the IT business unit and enables IT to satisfy requests
in the best way for the entire organization.

▪   Operations management — Administer effectively and efficiently the technological environment, assuring business continuity at an
acceptable risk level.

References
Brisebois T. (2011). What is IT Governance? And why is it important for the IS auditor. INTOSAI. Retrieved from
www.intosaiitaudit.org/intoit_articles/25 p30top35.pdf

Jaques, T. (2009). Get ready for governance: What you need to know about presenting to a project governance committee. PMI Community Post.
Retrieved from www.pmi.org/eNews/Post/2009_01-23/Governance_PresentingToProjectGovernanceCommittee.html

Project Management Institute. (2008). A guide to the project management body of knowledge (PMBOK® guide) — Fourth edition. Newtown
Square, PA: Author.

Weill, P., & Ross, J. W. (2004). IT governance: How top performers manage IT decision rights for superior results. Boston, MA: Harvard Business
School Press.

This material has been reproduced with the permission of the copyright owner. Unauthorized reproduction of this material is strictly prohibited.
For permission to reproduce this material, please contact PMI or any listed author.
© 2013, Giancarlo Duranti, PMP, CBAP
Originally published as a part of 2013 PMI Global Congress Proceedings — Istanbul, Turkey

Related Content
ARTICLE ǀ Innovation, Strategy, Governance ǀ 1 April 2019

Project Management Journal

Projects in the Business Ecosystem
By Eriksson, Kent | Wikström, Kim | Hellström, Magnus | Levitt, Raymond E. ǀ This article develops a conceptual framework to analyze
the governance of projects within a business ecosystem. The framework is applied to the case of a vessel delivery project in the
short sea…

ARTICLE ǀ Change Management, PMO, Governance ǀ 1 April 2019

PM Network
Empathic Problem-Solvers
By Mustafa, Abid ǀ As the digital revolution continues to sweep through organizations, there is a real danger that enterprise project
management offices (EPMOs) will be left behind. EPMOs traditionally have excelled…

ARTICLE ǀ Agile Practices, Governance ǀ 1 December 2018

Project Management Journal

Toward an Improved Understanding of Agile Project Governance
By Lappi, Teemu | Karvonen, Teemu | Lwakatare, Lucy Ellen | Aaltonen, Kirsi | Kuvaja, Pasi ǀ The purpose of this study is to provide
understanding of project governance practices in agile projects. A systematic review of the previous agile literature is conducted to
identify and categorize…

ARTICLE ǀ Methodology, PMO, Strategy, Governance ǀ 1 November 2018

PM Network
Best of Both
By Graetsch, Ulrike Maria ǀ When leaders at rapidly growing organizations establish a project management office (PMO), they're
often seeking better control over which projects are started, more oversight of projects in…

ARTICLE ǀ Strategy, Governance ǀ 1 November 2018

PM Network
Deep Dive
PM Network interviews Shaun Roedel, VP, Subsea Manufactured Products, Oceaneering, Houston, Texas, USA.

© 2019 Project Management Institute, Inc. USA