Professional Documents
Culture Documents
Best Practices To Install An IT Governance
Best Practices To Install An IT Governance
Abstract
The organization of the major mobile companies moved to the initial “project-based” organization, typical of the startup phase, to a more
structured and efficient organization. The capability to build and install a brand, new IT governance requires a detailed knowledge of the
organization not only related to its strategic plan. Being able to assess the maturity level is essential to reaching the goal. The project-based
organization, the use of standards as well as the process view, are critical factors to setting up an effective governance system.
The case outlined through this paper presents the real life scenario in which two mobile operators, already on the market, were merged into the
parent company. A new Mobile Business Unit was created. Different organizations, different methods, different IT systems, and different people
and cultures converged in the new organization.
As a typical approach of every kind of start-up, tasks are accomplished as fast as possible with the main objective of firing up systems in
production and guaranteeing the service to customers as soon as possible. After this first fundamental step, however, it was mandatory for the IT
department to achieve a higher level of organizational maturity through:
- Better efficiency
- Costs optimization
Introduction
IT governance (ITG) is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. IT
demand governance (ITDG — what IT should work on) is the process by which organizations ensure the effective evaluation, selection,
prioritization, and funding of competing IT investments; oversee their implementation; and extract (measurable) business benefits. ITDG is a
business investment decision-making and oversight process, and it is a business management responsibility. IT supply-side governance (ITSG —
how IT should do what it does) is concerned with ensuring that the IT organization operates in an effective, efficient and compliant fashion, and
it is primarily a CIO responsibility. For more details on the IT glossary see http://www.gartner.com/it-glossary/it-governance/
IT governance focuses specifically on information technology systems, their performance, and risk management. The primary goals of IT
governance are to assure that the investments in IT generate business value, and to mitigate the risks that are associated with IT. This can be
done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications,
and infrastructure (Brisebois, 2011, §3).
IT governance also implements processes and conventions that address alignment to the strategy and priority; accountability through structures,
processes, and measurements that ensure control over assets, risks, value delivery, and performance; communication that is how decisions and
information are communicated upward and outward, to customers and stakeholders, and downward and inward, to those who do the work
(Jaques, 2009, §2).
The Project
Before going through the case, let's take a look to what happen when a traditional IT model (Exhibit 1) adjusts itself to the organization
evolution.
Exhibit 1 – Traditional IT model
In a non-structured organization, the business user forwards its requests to the IT department without the support of any structured process. As
a typical approach, once the requirements are “frozen” the IT department processes the requests. The only further point of contact between the
two is at the user acceptance test, the UAT stage, when it's too late to intervene. Over time, organizations introduced improvements in
organizational processes and methodologies applied but still the request-to-delivery cycle remains critical. Some of the drawbacks of this
approach are listed below:
▪ The business user keeps feeding the IT department with requests; the requests emerge following the emotional, ever changing, sense of urgency
that the business area accountable feels towards the requests; the busy business area does not follow a precise request strategy, does not have
the time (or all the elements) necessary in order to correctly prioritize their requests.
▪ The business area is accountable, based on its own sense of urgency, to perform the same request to more than one person within the IT
department with the hope that at least one will do it. The consequence is that several requests are forwarded to the IT department, often
disguised and included within other initiatives. In the best of cases, after an increasing confusion and misunderstandings, a rationalization process
starts, requiring several meetings, time and effort to clarify the requests and formulate them correctly. In the worst ones, the same functionality
or process is implemented inefficiently in more than one system or IT process.
▪ Often the business area perceives its interactions with the IT department as a “thing that we need to do” but that distracts time and effort to
the “real work we should be doing”; “I‘m a marketing guy, what I should do is marketing and not analysis for the IT department.” This
understandable complaint results in poor user requirement specification and to a final solution that does not meet the expectations of the
business community.
▪ It happens that the IT project people do not have the visibility on the overall resources availability and commit to requests that will not be
handled or will be carried out only partially. This kind of behavior, not only damages the relationship between the business user and the IT but
introduces, as a consequence, several inefficiencies on the IT side.
▪ IT analysts interpret user requests according to what they think is reasonable or worse; in time of scarcity or resources, they plainly simplify the
business requests. Both, business users and IT professionals are happy in the beginning; the first does not receive continuous requests for
clarifications that distract them from what they're doing (the request was crystal clear after all) and the second think that “something will be
better than nothing,” often ignoring the impacts of what was left out on complex business processes. The surprise emerges at the user
acceptance test stage when time and effort are lost in explanations, rework, development of patches, and so on.
▪ IT operates in a “continuous emergency” that in the long run takes a toll on resources, on the quality and efficiency of what is delivered, which
results in less than optimal use of resources and a long time spanned between the business request and the delivery of the solution in
production.
***
The case of the company described in this paper was at a stage of its evolution in which the start-up phase still permeates the IT department
organization and processes. The project-based organization of the IT department was vital in this phase in which the drive was toward “doing
things” as fast as possible, moving systems into production and granting at least the basic services to be delivered. The organization needed now
to move to a further maturity level, to a different organizational and process based setup. Among the imperatives were:
It is proved that, at the end of the start-up phase, the “Project-Based” organizational model shown in Exhibit 1 is not able to evolve. In addition, it
becomes the origin of several kinds of problems that increase their impacts by the time the environment becomes bigger and more complex:
▪ There is no clear ownership and understanding of the business requests that impact more than one system.
▪ There is a lack of a process view.
▪ There is a lack of reuse with regard to several important domains: analysis, people experience and software components.
▪ There is a lack of standard and clear-cut interfaces between the phases of the software life cycle.
In order to overcome these issues and manage a more complex environment, a new model was proposed (Exhibit 2):
▪ The business initiatives are properly managed through the use of a portfolio management process through which the analysis of all the relevant
factors allows undertaking and prioritizing the initiatives relevant to the organization strategy.
▪ The IT management has a full control of all relevant aspects that impact the IT department (costs, efficiency and relevance of the initiatives,
timeliness, etc.).
▪ Since Demand Management area has good knowledge of the business processes, it is able to structure the requests towards IT in the most
efficient way. In addition, it is in charge of monitoring the realization and release of each solution.
▪ Each competence area (i.e., billing, sales, etc.) is focused on its own duties and effectively uses standards and tools that are known and well
used within the adjacent areas.
The Approach
In order to enhance the maturity level of the IT department, a step-by-step approach driven by the information collected after an assessment
phase has been applied. As a result, two new key areas have been introduced — Demand Management and Program Management Office, and the
existing three — Development, Test and Rollout, and Operations — have been reinvigorated.
In order to understand how the model has been applied, a detailed description of each area is provided as follows.
In addition to the external pressure on companies, what is pushing the Demand Management paradigm is the need for efficiency and a growing
attention to cutting costs and increasing value within the IT department and the whole organization. In more detail, Demand Management has
the responsibility for:
▪ Creating and maintaining relationships with the internal client (starting from understanding their business needs through feasibility analysis,
costs/benefits evaluation, and the functional analysis).
▪ Estimating, together with the development area, the effort for developing business requests.
▪ Negotiating agreement among the business community, development, operations, and other technical areas or sometimes vendors on
priorities.
▪ Monitoring on behalf of the internal client that solutions are developed and released in accordance with the service level agreements in the
terms of quality, time, and functionalities requested.
The Functional Demand Management structure (Exhibit 4) specializes in a specific internal client area to better cover internal client business
needs by understanding their business better and better and, by doing so, validating user requests while keeping the “big picture” in mind. People
working in this area know their internal client and can act as consultant and facilitator on both sides of the fence. With this organization, each
business unit (e.g., Sales department) interacts with its Demand Management office. For example, if price modifications needs to be introduced,
the request is handled by the Sales Demand Management area. The Sales Demand Management area cooperates then with the billing
Development people (the most impacted) to identify the most appropriate solution. The Sales Demand Management is in charge of following
the business request end-to-end from the requirements phase through the implementation in production and to validate the benefits expected.
Exhibit 5 represents the “value creation” building blocks. The set up of these “building blocks” and their fine tuning have the goal of making sure
that the projects that are being carried out by the organization, are executed well and all are making significant contributions to the organization
key objectives.
In summary, the process that underlies the set of disciplines represented is the following:
▪ Management defines the company strategic objectives and defines the drivers that impact those objectives.
▪ Portfolio Management has the goal of defining which set of initiatives/projects are better aligned with the business imperatives and maximize
the value for the company given the resources available per year.
▪ Program Management constitutes a monitoring and enabling infrastructure that ensures the selected projects are carried out in an efficient and
coordinated way.
▪ Project Management applies the set of tools and techniques to execute the projects according to the expectations.
Exhibit 5 – Value creation building blocks
The Program Management Office represents a stable organizational unit responsible for:
▪ Controlling and managing issues, risks, and quality assuring program benefits achievement
A centralized PMO makes great sense to ensure that all project managers have a core set of project management skills, common processes, and
tools. It provides the organization with a view of the status of all projects and reports on the improvements made to project delivery capabilities
over time. The PMO facilitates project team communication by using common processes, deliverables, and terminology.
Development
The development area has the objectives of implementing new software solutions in the company development pipeline, maintain solutions
already deployed in order to keep them effective and enhance their support of business processes. In addition, they support Demand
Management throughout the process of evaluating business requests by expressing suggestions on feasibility studies and in evaluating technical
alternatives to better address business needs and issues. The Development area also has the important task of documenting the detailed design
of the solutions that will be implemented and to keep the documentation updated over time. More specifically, the Development area has the
responsibility of:
▪ Configuring and tuning the development environment (i.e., development tools, databases, etc.)
▪ Correctly and timely releasing the software solutions and documentation to the Test and Rollout area
▪ Supporting the Test and Rollout area in software testing and releasing
▪ Works correctly according to the functional and non-functional requirements initially agreed upon
▪ Designing the test cases to check new functionalities guaranteeing that the software released is compliant with them
▪ Performing the test cases, tracing each dysfunction, and following up with Development to have it fixed properly
▪ Maintaining traceability during the test phase and reporting on test status/progress
▪ Supporting the end user in the user acceptance test activities, guaranteeing the correct configuration of the test bed environment;
Operations
The Operations area ensures IT operations are up and running and that all measures have been taken to ensure non disruption of services. It will
also ensure that service delivery is competitive compared to industry standards. More specifically, the Operations department has the
responsibility for:
▪ Running the company applications (SW, HW, infrastructures, etc.) so that the company activities can be performed as expected
▪ Guaranteeing SLA and OLA compliance agreed through continuous application monitoring and controlling
▪ Guaranteeing that security policies are applied to assure the information protection level expected
The Methodology
The methodology applied was the result of the tailoring of different approaches proved to be efficient in several previous initiatives. The
reference structure is the IT Value Framework presented in Exhibit 6.
This is a three-layer framework that encompasses all relevant aspects of an efficient and well-structured IT department.
The Manage phase includes the disciplines that bring strategic and operative direction to the IT department.
▪ Strategic planning — Conduct decision making to address IT strategy and investment and to plan developments
▪ IT business management — Manage IT business unit, assuring leadership and coordination inside the different IT services lines and outside IT
department.
▪ IT governance — Maximize return on IT investments in the present and in the future
The Create phase includes the competency domains that contribute to the release of solutions meeting business needs.
▪ Architectural guidelines — Develop a flexible technological framework to support systems and innovation
▪ Innovation management — Design and develop new products and services and a new business model to support a profitable development
▪ Sourcing management — Define a sourcing strategy to involve suppliers and make them become partners for higher value contribution.
▪ Program management — Assure that IT projects and programs become available to clients in the time and manner agreed, guaranteeing an
acceptable risk level.
▪ Delivery management — Optimize client requested IT products and services development and release.
The Realize phase is where value becomes available for the whole organization.
▪ Human resources management — Make available the right resource in the right moment. Handle the evaluation process and the professional
development.
▪ Demand management — Guarantee that the internal client maximizes its benefits from the IT business unit and enables IT to satisfy requests
in the best way for the entire organization.
▪ Operations management — Administer effectively and efficiently the technological environment, assuring business continuity at an
acceptable risk level.
References
Brisebois T. (2011). What is IT Governance? And why is it important for the IS auditor. INTOSAI. Retrieved from
www.intosaiitaudit.org/intoit_articles/25 p30top35.pdf
Jaques, T. (2009). Get ready for governance: What you need to know about presenting to a project governance committee. PMI Community Post.
Retrieved from www.pmi.org/eNews/Post/2009_01-23/Governance_PresentingToProjectGovernanceCommittee.html
Project Management Institute. (2008). A guide to the project management body of knowledge (PMBOK® guide) — Fourth edition. Newtown
Square, PA: Author.
Weill, P., & Ross, J. W. (2004). IT governance: How top performers manage IT decision rights for superior results. Boston, MA: Harvard Business
School Press.
This material has been reproduced with the permission of the copyright owner. Unauthorized reproduction of this material is strictly prohibited.
For permission to reproduce this material, please contact PMI or any listed author.
© 2013, Giancarlo Duranti, PMP, CBAP
Originally published as a part of 2013 PMI Global Congress Proceedings — Istanbul, Turkey
Related Content
ARTICLE ǀ Innovation, Strategy, Governance ǀ 1 April 2019
PM Network
Empathic Problem-Solvers
By Mustafa, Abid ǀ As the digital revolution continues to sweep through organizations, there is a real danger that enterprise project
management offices (EPMOs) will be left behind. EPMOs traditionally have excelled…
PM Network
Best of Both
By Graetsch, Ulrike Maria ǀ When leaders at rapidly growing organizations establish a project management office (PMO), they're
often seeking better control over which projects are started, more oversight of projects in…
PM Network
Deep Dive
PM Network interviews Shaun Roedel, VP, Subsea Manufactured Products, Oceaneering, Houston, Texas, USA.