Catherine Doran, CIO at Network Rail, knows the value of IT governance. She recognises its practises and tools can maximise the value and control of IT real estate. In fact, Doran believes IT governance is a fundamental strategic practise for the enterprise, having seen its impact in a variety of roles including tenures as CIO at NatWest, Capital One in Europe, BT Retail and currently at Network Rail. “Governance supports the business plan by providing enterprises with security and access control, along with the development of a robust and reliable infrastructure,” says Doran.
By default, successful IT governance developments depend upon the leadership of the CIO or similar high-ranking professional, as IT governance is now rapidly becoming mission-critical to organisations spanning both the business and IT management domains. In many ways, Doran sees IT governance as a purely common sense approach.
"Governance is ultimately based on control, delivered through having the right tools in place and ensuring that value for money from IT assets is achieved"
Catherine Doran, CIO, Network Rail
“I see governance as the way to decide on the selection of IT developments, making the right decisions and keeping to the allocated budget.”
Enabling the business
In this context, Doran sees two key strands to IT governance, namely business governance and the delivery of efficient IT oriented toward a service model. This aspect of governance is vital. Doran cites the trend for rail travellers to book their tickets online with a dedicated reference number.
This is becoming a purely electronic process, as customers increasingly book online with plastic cards and retrieve their travel tickets using the booking reference number at dedicated machines upon their arrival at the station.
This saves time and hassle for customers, creating trust and confidence in the service. Governance in such a context is crucial.
Any glitch in this process means that the standards fall, representing a damaging break in service delivery.
In more general terms IT governance enables technology developments to be provided on time and to budget, according to Doran.
IT governance in financial services
IT governance appears to be much more understandable to financial services companies, due to the Basel II, Sarbanes-Oxley and other legislation that they must comply with. An example is Winterthur, a leading pensions company. Winterthur is one of the UK’s top 10 providers in its marketplace, with its products sold through a network of independent financial advisers.
Managing this network are around 100 IT professionals and the company is clearly reliant on IT service management. IT services are fundamental to the business, to process pension policies and manage funds, and the company has to support a 24x7 IT operation. To achieve this business benchmark Winterthur opted to develop a service approach, based on a methodology and processes by software provider Fox IT, which helped it improve performance and reduce costs.
Winterthur sees this as proof that IT governance can deliver real benefits to organisations that adopt an IT service route.
At NatWest, she recalls that all stakeholders in the business would meet and agree on the service levels that would best serve the business model. Representatives from across the business would get together and formulate how to best use what she calls the ‘eye watering’ budgets that the bank could tap into.
Although in today’s more stringent era more has to be made out of less.
Business continuity and risk
This type of governance can also serve the objectives of another business-critical practice – business continuity, says Doran.
Business continuity is essential to ensure that maximum uptime is achieved, with a back up plan in place to deal with contingencies.
A governance culture helps to avert failures at the IT continuity level due to superior oversight and planning.
In the past, enterprise IT management has been at a loss to find a genuine way to define the value and ROI that can be leveraged from expensive technology assets.
As a result, the industry has developed an approach based on international standards and related tools to remedy this situation.
Until recently it was almost an accepted norm that IT performance could only be based on one basic metric – the cost of ownership of assets. The IT governance paradigm expands upon this rather limited viewpoint and promises to increase the possibilities for organisations.
“Governance is ultimately based on control, delivered through having the right tools in place and ensuring that value for money from IT assets is achieved, with a federated model being essential to reach this goal,” says Doran.
She also sees the Y2K as a classic example of the business continuity and risk scenario. The demands of the data change programme were such that banks had to ensure when Millennium chimed that Capital One’s ATMs would still vend cash as the dateline came and went.
Without a governance ethos in place, meeting such a demanding event may well have proved even more tasking than it turned out to be. However, one US bank clearly did not engage in the kind of diligence that Capital One did and suffered a 36-hour outage. The bank in question did not recover and was taken over by a rival.
"Interestingly, if you ask a number of CIOs what IT governance means to them then you would get a lot of different answers"
Margaret Smith, former CIO, Legal & General
Capital One is an example of a company that benefits from this approach, says Doran.
The firm’s business model is focused on making multiple micro product launches in short time scales – often on a weekly basis – with more significant product launches mixed in with that demanding schedule.
Without a governance model in place, Capital One might have faced serious challenges keeping to such a rapid product development schedule, says Doran.
The right talent
Inevitably effective governance relies upon having sufficiently skilled and experienced staff to meet the demanding requirements of IT governance.
Doran reckons that while there is not a great supply of such individuals currently, the headcount problem is better than it has been in the past. “The cultivation of talent within the IT team is a high priority. In this context, real talent should supersede mere knowledge.
Quantifying requirements and setting targets lie at the heart of successful IT governance,” says Graham Titterington, principal analyst at research firm Ovum.
Titterington says: “IT governance can be characterised as the enforcing of approved company policies and working processes. This is a combination comprising technology checks and filters – all defined as specific working practises.
He sees this approach covering audit frameworks, the defining of policies and controls as well as the mechanical methods deployed in the IT stack. Titterington believes that much of this process boils down to common sense and this involves not just sticking to traditional modes of operation.
He says that the US has been ahead of Europe in the development of IT governance, due to the rise of corporate governance legislation typified by Sarbanes-Oxley.
As a result of multi-national business links there is a growing need for a common approach to governance across the board. IT governance needs to become an essential element, both for better business practice and the harmonisation of emergent international compliance standards.
Titterington sees IT governance as a pragmatic endeavour involving the adoption of better procedures and not merely continuing on the same old course.
Lifting your game
“The development of IT governance means raising the bar when it comes to delivering enhanced services to the enterprise,” says Margaret Smith, former CIO of Legal & General, who now operates as an independent consultant.
Smith agrees with Doran that IT governance is essential to maximise the value of deployed IT assets and argues IT governance goes beyond just focusing on technology. The real emphasis of IT governance is to develop an ethical and capable business model that business executives can understand, says Smith.
“Service management is a key part of governance, as it can provide the service element needed to support the business.”
Evidence is also a key part of governance. Its scope should include allocating the correct budget to IT, setting priorities that match business objectives and ensuring delivery of high quality services to support the business as well as learning from previous projects.
She believes another challenge is the split in awareness regarding the place and importance of IT governance among companies.
Senior management tend to see IT governance as a purely technical issue, while the IT management sees governance pertaining to the domain of the boardroom and therefore not an issue that they need to be bothered with.
Smith agrees that service management is a key part of the IT governance equation. “It is the way to provide the service needed to support the business optimally,” she says.
“Interestingly, if you ask a number of CIOs what IT governance means to them then you would get a lot of different answers,” adds Smith.
“Service management must be proactive and cover end-to-end service including business partners and this involves not just listening to voices in the enterprise that shout the loudest for development funds within the business,” says Smith. She also explains the crucial role of IT governance standards, which now are recognised internationally.
Key standards include the IT Infrastructure Library (ITIL), which has professionalised the operational functions, says Smith. ITIL makes for better operations, better use of money and enhanced support for the business. Another key standard is the CoBIT framework, which originated in the UK public sector and has been adopted by the US.
Good governance should not merely be regarded as a necessary burden by CIOs.
With the right mindset and application it can transform IT environments and give enterprises a major advantage, as well as ensuring that services operate with a minimal level of downtime.
IT governance resources
The IT Service Management Forum (itSMF) is the only internationally recognised independent organisation dedicated to IT service management. It was formed in 1991 and consists of national charters. This not-for-profit organisation is wholly owned and principally operated by the membership.
The itSMF has been a major influence on industry best practise and global standards and works in partnership with a wide range of bodies. The aims of the organisation include developing best practise, engendering it within the service management community and boosting performance among related personnel, as well as constituting a forum for sharing ideas.