2. Effective decision-making is critical to the governance of IT investments,
project delivery, and IT support.
Introduction
IT leaders in organizations who:
• Are failing audits
• Have lost control of IT services to external
providers
• Lack well-defined standards and processes
for IT decision-making
• Experience misalignment between IT
investment and business priorities
• Struggle to implement process improvement
and have little influence on executives
• Struggle to develop and enforce the IT
policies that will add value to the
organization
Design improvements and governance
structures for key process areas that will
actually improve IT’s value delivery.
Create the policies and procedures needed to
support the structures.
Create the processes to enforce the policies
and cement the governance structures and
processes in place.
Ensure that your IT policies are conservative
and comprehensive.
This Research Is Designed For: This Research Will Help You:
3. Can you relate to any of these statements about governance in your
organization?
Organizations make many common mistakes because of
deeply held beliefs about IT governance
“IT doesn’t understand what services the business needs or what the business is prepared to invest in those services.”
“IT is always working on poorly specified, ad-hoc, or “I want” projects that are dollar, time, and resource wasters.”
“The business doesn’t know how IT dollars are spent.”
“IT projects deliver the wrong functionality, do not improve business effectiveness, or impede business
productivity.”
“IT initiatives do not help the business achieve its objectives.”
“IT initiatives are undertaken without adequate assessment of the level of IT risk involved.”
If so, it’s time to change the way the organization thinks. The guiding principle behind IT Governance is that IT must be
informed and driven by business management decision-making for IT spending, services, projects, and risk. This provides the
necessary link between IT investment and business goals and strategy.
IT governance is an integral part of enterprise governance and consists of leadership and organizational structures and
processes that ensure IT sustains and extends the organization's strategies and objectives.
The overall objectives of IT governance activities are to understand the issues and the strategic importance of IT, to
ensure that the enterprise can sustain operations, and to ascertain that it can implement the strategies required to extend
its activities into the future.
4. Good governance is absolutely necessary
Policy and governance is the foundation of organizational
management. The costs of poor governance may often go
unnoticed, but they can have a significant impact on the bottom line.
Poor governance can lead to failed IT projects, lost productivity and
revenue, and higher help desk and training costs.
Create a policy portfolio in weeks, not months
Don’t gamble with IT’s business credibility. Formulate policies and
procedures that facilitate the smooth and cost-effective delivery of IT
services. Use the IT Governance Toolbox to manage processes,
and define and enforce policies that bring value to IT services.
The IT Governance Toolbox can help you:
Select a framework for managing processes
Capture business processes that inform the development
of new policies and procedures
Create effective and enforceable policies and procedures
that create consistent IT standards
Measure the effectiveness of a policy and deal with policies
violations fairly
Use the tools in the Governing IT Toolbox to take the
guesswork out of IT decision-making
Some of the tools you will access:
Manage Processes
Process Inventory Tool
Guide to Process Mapping
Process Framework Selection Guide
Process Gap Assessment Tool
Define Policies
Policy Management Package
Policy and Procedure Inventory Tool
Policy Requirements Document
Policy Assessment Tool
Policy Enforcement Tracking Tool
Policy Development Tool
Policy Lifecycle Work Plan
Enforce Policies
Policy Implementation Plan
Policy Training Plan Template
Policy Violation Escalation Procedure
Policy Procedure Performance Report
Policy Procedure Review Schedule
Your Governing IT Toolbox
5. Perform an initial assessment of the benefit you expect from the project.
Begin building the business case now to improve executive
support for your initiative and measure its success
You can’t report what you don’t measure
Developing right-sized policies and procedures will
bring much needed clarity, consistency, and precision
to IT services. Ensure the policies you design are the
ones the business needs, design them well the first
time, and update them occasionally.
Initial measurements of critical management
processes will highlight the benefits you expect from
the policy development project, generate support for
your initiative, and help measure its success.
Info-Tech recommends using the following KPIs to
assess the impact of your initiative. The exact KPIs
you choose to focus on will depend on the goals of
your organization, and which tools and templates from
the toolbox you deploy. Start with metrics that address
specific issues in your organization.
How to complete this task
1. Estimate the work hours involved in the project.
2. Whatever KPIs you choose, define them in simple,
meaningful language.
Example: Policy Violations = the # of IT policy
violations over a period
Example: Help Desk Costs = the fully-loaded cost
to offer help desk services per employee or end-
user over a period
3. Record initial measurements of the two KPIs.
4. Measure your KPIs again once the project is done to
assess its impact on your organization.
# IT Policy
Violations
Policy Violations
Cost to serve
Help Desk Costs
6. The first step in developing a process management
program is to document all existing processes related
to IT in the organization. Once this step is completed,
then the important task of identifying gaps in the
process portfolio can begin. Use the Process
Interview Template and the Process Inventory Tool
to engage stakeholders in documenting and improving
existing processes.
Use the Guide to Business Process Mapping to
make a visual representation of how processes are
carried out in your organization. The Process Profile
Template can help document the information you
uncover, and store it in a single location.
When you are ready to improve your processes, use
the Process Framework Selection Guide to evaluate
and select a best practice process framework to
strengthen the organization’s process structure. The
guide identifies service, application, and software
frameworks that can improve the workflows in your
organization. The guide includes a needs assessment,
and an organizational readiness questionnaire to
evaluate whether your organization is ready for the
framework.
Involve stakeholders in assessing the viability of IT processes
7. Use the Policy Assessment Tool and the Policy Needs
Gap Assessment Tool to list the policies you have in
place, and assess their quality. The exercise will help
you decide where you need new policies, where
existing ones need improvement, and which policy you
should prioritize.
Use the Policy Management Development Tool, and
the more than 37 Sample Policies to craft policy
documents and extract key policy messages when
communicating with the organization.
Use the Leadership Skills Inventory and the A-B-C
Management Advice Tool to hone your leadership
skills and develop an approach that creates and
sustains high-performance teams. Use the
Professional Development Program Guide to
identify skills gaps in your IT staff and develop a
learning plan to address them.
Use the Annual Performance Review Templates to
develop a consistent process to set goals for IT staff
and assess their performance. The Peer Feedback
Templates will help you incorporate assessments from
colleagues, Finally, use the ROI Calculator for
Corporate Training to assess the expected return
from addressing performance shortfalls.
Discover where your enterprise needs policy improvements
8. Once your policies and procedures are drafted, use
the Policy Implementation Plan to organize the
scope of the deployment, and assign resources to put
policies into practice. In the context of policy
implementation, a formal implementation plan is most
useful for rollouts that have a far-reaching impact on
people, processes and technologies. For smaller policy
deployments, consider using Policy Communication
Plan Template to share them with the organization.
Use the Policy Reports List, the Technology Use
Monitoring Policies, and the Policy Training Plan
Template to integrate the policy and procedures in
your organization and monitor adherence. Use the
Policy Violation Escalation Process and the Policy
Violation Letter Template to ensure your organization
has a well-defined assignment of enforcement
responsibility.
Policies are not documents that you set and forget.
Use the Policy Performance Report, the Policy
Review Schedule, and the Policy Review Checklist
to measure the performance of individual policies, and
establish a review cycle for the policy portfolio.
Implement policies successfully, and measure their
effectiveness with an eye toward improvement
9. Other tools and templates in Quick Start: Governing IT
Explore the other tools and templates in Quick Start: Governing IT.
Here are suggested tools and templates to help improve your governance of IT processes.
Section 1: Manage Processes
Use the tools in this section to develop and improve your IT team, mature your leadership
skills, and manage the performance of your team members. Among other tools, you will find
tools and templates to calculate HR costs, assess skills gaps, make the case for hiring more
staff, conduct interviews, draft HR policies, and assess the performance of team members.
Section 2: Define IT Policies and Procedures
Use the tool in this section to craft policies that add value to the organization and withstand
both time and scrutiny. The goal of this suite of tools is to provide the guidance you need to
take an inventory of existing polices, create and improve policies that fill gaps in your
portfolio, and get approval for your policies from your most important stakeholders.
Section 3: Enforce IT Policies and Procedures
Use the tools in this section to communicate your new and improved policies to your
organization. Implementing and enforcing documented policies should be a continuous
process. Communicate with stakeholders, monitor adherence, and put in place a process to
review policy performance. Committing to the review and revision of policies, and they will
remain relevant to the organization’s mandate. manage your help desk and manage IT
services.