Best practices to install an IT governance
The organization of the major mobile companies moved to the initial “project-based” organization, typical of the startup phase, to a more structured and efficient organization. The capability to build and install a brand, new IT governance requires a detailed knowledge of the organization not only related to its strategic plan. Being able to assess the maturity level is essential to reaching the goal. The project-based organization, the use of standards as well as the process view, are critical factors to setting up an effective governance system.
The case outlined through this paper presents the real life scenario in which two mobile operators, already on the market, were merged into the parent company. A new Mobile Business Unit was created. Different organizations, different methods, different IT systems, and different people and cultures converged in the new organization.
As a typical approach of every kind of start-up, tasks are accomplished as fast as possible with the main objective of firing up systems in production and guaranteeing the service to customers as soon as possible. After this first fundamental step, however, it was mandatory for the IT department to achieve a higher level of organizational maturity through:
- Better efficiency
- Costs optimization
- Cut down time to release new services to customers
- Improve the overall quality of the IT services provided
IT governance (ITG) is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. IT demand governance (ITDG — what IT should work on) is the process by which organizations ensure the effective evaluation, selection, prioritization, and funding of competing IT investments; oversee their implementation; and extract (measurable) business benefits. ITDG is a business investment decision-making and oversight process, and it is a business management responsibility. IT supply-side governance (ITSG — how IT should do what it does) is concerned with ensuring that the IT organization operates in an effective, efficient and compliant fashion, and it is primarily a CIO responsibility. For more details on the IT glossary see http://www.gartner.com/it-glossary/it-governance/
IT governance focuses specifically on information technology systems, their performance, and risk management. The primary goals of IT governance are to assure that the investments in IT generate business value, and to mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications, and infrastructure (Brisebois, 2011, §3).
IT governance also implements processes and conventions that address alignment to the strategy and priority; accountability through structures, processes, and measurements that ensure control over assets, risks, value delivery, and performance; communication that is how decisions and information are communicated upward and outward, to customers and stakeholders, and downward and inward, to those who do the work (Jaques, 2009, §2).
Before going through the case, let's take a look to what happen when a traditional IT model (Exhibit 1) adjusts itself to the organization evolution.
Exhibit 1 – Traditional IT model
In a non-structured organization, the business user forwards its requests to the IT department without the support of any structured process. As a typical approach, once the requirements are “frozen” the IT department processes the requests. The only further point of contact between the two is at the user acceptance test, the UAT stage, when it's too late to intervene. Over time, organizations introduced improvements in organizational processes and methodologies applied but still the request-to-delivery cycle remains critical. Some of the drawbacks of this approach are listed below:
Business user to IT department
▪ The business user keeps feeding the IT department with requests; the requests emerge following the emotional, ever changing, sense of urgency that the business area accountable feels towards the requests; the busy business area does not follow a precise request strategy, does not have the time (or all the elements) necessary in order to correctly prioritize their requests.
▪ The business area is accountable, based on its own sense of urgency, to perform the same request to more than one person within the IT department with the hope that at least one will do it. The consequence is that several requests are forwarded to the IT department, often disguised and included within other initiatives. In the best of cases, after an increasing confusion and misunderstandings, a rationalization process starts, requiring several meetings, time and effort to clarify the requests and formulate them correctly. In the worst ones, the same functionality or process is implemented inefficiently in more than one system or IT process.
▪ Often the business area perceives its interactions with the IT department as a “thing that we need to do” but that distracts time and effort to the “real work we should be doing”; “I‘m a marketing guy, what I should do is marketing and not analysis for the IT department.” This understandable complaint results in poor user requirement specification and to a final solution that does not meet the expectations of the business community.
IT department in handling user requests
▪ It happens that the IT project people do not have the visibility on the overall resources availability and commit to requests that will not be handled or will be carried out only partially. This kind of behavior, not only damages the relationship between the business user and the IT but introduces, as a consequence, several inefficiencies on the IT side.
▪ IT analysts interpret user requests according to what they think is reasonable or worse; in time of scarcity or resources, they plainly simplify the business requests. Both, business users and IT professionals are happy in the beginning; the first does not receive continuous requests for clarifications that distract them from what they're doing (the request was crystal clear after all) and the second think that “something will be better than nothing,” often ignoring the impacts of what was left out on complex business processes. The surprise emerges at the user acceptance test stage when time and effort are lost in explanations, rework, development of patches, and so on.
▪ IT operates in a “continuous emergency” that in the long run takes a toll on resources, on the quality and efficiency of what is delivered, which results in less than optimal use of resources and a long time spanned between the business request and the delivery of the solution in production.
The case of the company described in this paper was at a stage of its evolution in which the start-up phase still permeates the IT department organization and processes. The project-based organization of the IT department was vital in this phase in which the drive was toward “doing things” as fast as possible, moving systems into production and granting at least the basic services to be delivered. The organization needed now to move to a further maturity level, to a different organizational and process based setup. Among the imperatives were:
▪ Reduce the cost of IT while creating greater value
▪ Speed up the product design and delivery cycle
▪ Better support and meeting the business user requirements.
It is proved that, at the end of the start-up phase, the “Project-Based” organizational model shown in Exhibit 1 is not able to evolve. In addition, it becomes the origin of several kinds of problems that increase their impacts by the time the environment becomes bigger and more complex:
▪ There is no clear ownership and understanding of the business requests that impact more than one system.
▪ There is a lack of a process view.
▪ There is a lack of reuse with regard to several important domains: analysis, people experience and software components.
▪ There is a lack of standard and clear-cut interfaces between the phases of the software life cycle.
▪ There is an inefficient use of IT resources.
In order to overcome these issues and manage a more complex environment, a new model was proposed (Exhibit 2):
Exhibit 2 – IT governance model proposed
Benefits in applying this model were among others:
▪ The business initiatives are properly managed through the use of a portfolio management process through which the analysis of all the relevant factors allows undertaking and prioritizing the initiatives relevant to the organization strategy.
▪ The IT management has a full control of all relevant aspects that impact the IT department (costs, efficiency and relevance of the initiatives, timeliness, etc.).
▪ Since Demand Management area has good knowledge of the business processes, it is able to structure the requests towards IT in the most efficient way. In addition, it is in charge of monitoring the realization and release of each solution.
▪ Each competence area (i.e., billing, sales, etc.) is focused on its own duties and effectively uses standards and tools that are known and well used within the adjacent areas.
In order to enhance the maturity level of the IT department, a step-by-step approach driven by the information collected after an assessment phase has been applied. As a result, two new key areas have been introduced — Demand Management and Program Management Office, and the existing three — Development, Test and Rollout, and Operations — have been reinvigorated.
Exhibit 3 – The new IT organizational model
In order to understand how the model has been applied, a detailed description of each area is provided as follows.
Demand Management: Facilitating the Request to Delivery Cycle
The organization needed to structure a straightforward but formal process that ensures that business user requests were prioritized, understood and formalized according to mutually agreed standards, and worked upon according to a company-wide well known and shared process. This was mandatory in order to deliver value to the business user and to the organization with the best accuracy, cost efficiency, and time.
The IT Demand Management organization and processes have acquired more and more relevance in all industries in the last few years. This is mainly due to the high speed change of the IT market, to the continuous new products and services development cycle and to the shorter time to market requests by the business communities.
In addition to the external pressure on companies, what is pushing the Demand Management paradigm is the need for efficiency and a growing attention to cutting costs and increasing value within the IT department and the whole organization. In more detail, Demand Management has the responsibility for:
▪ Creating and maintaining relationships with the internal client (starting from understanding their business needs through feasibility analysis, costs/benefits evaluation, and the functional analysis).
▪ Defining IT budget and prioritizing the internal client needs.
▪ Estimating, together with the development area, the effort for developing business requests.
▪ Negotiating agreement among the business community, development, operations, and other technical areas or sometimes vendors on priorities.
▪ Monitoring on behalf of the internal client that solutions are developed and released in accordance with the service level agreements in the terms of quality, time, and functionalities requested.
Exhibit 4 – Functional demand management
The Functional Demand Management structure (Exhibit 4) specializes in a specific internal client area to better cover internal client business needs by understanding their business better and better and, by doing so, validating user requests while keeping the “big picture” in mind. People working in this area know their internal client and can act as consultant and facilitator on both sides of the fence. With this organization, each business unit (e.g., Sales department) interacts with its Demand Management office. For example, if price modifications needs to be introduced, the request is handled by the Sales Demand Management area. The Sales Demand Management area cooperates then with the billing Development people (the most impacted) to identify the most appropriate solution. The Sales Demand Management is in charge of following the business request end-to-end from the requirements phase through the implementation in production and to validate the benefits expected.
Program Management Office: Monitoring for Execution
The objective here was to be able to control the most relevant initiatives that the management wanted to start. The program management office put in place processes and tools that allowed the organization to undertake and monitor all the initiatives that will participate within the IT Strategic Program.
Exhibit 5 represents the “value creation” building blocks. The set up of these “building blocks” and their fine tuning have the goal of making sure that the projects that are being carried out by the organization, are executed well and all are making significant contributions to the organization key objectives.
In summary, the process that underlies the set of disciplines represented is the following:
▪ Management defines the company strategic objectives and defines the drivers that impact those objectives.
▪ Portfolio Management has the goal of defining which set of initiatives/projects are better aligned with the business imperatives and maximize the value for the company given the resources available per year.
▪ Program Management constitutes a monitoring and enabling infrastructure that ensures the selected projects are carried out in an efficient and coordinated way.
▪ Project Management applies the set of tools and techniques to execute the projects according to the expectations.
Exhibit 5 – Value creation building blocks
The Program Management Office represents a stable organizational unit responsible for:
▪ Controlling and managing issues, risks, and quality assuring program benefits achievement
▪ Reporting to management the IT planning and results
▪ Approving program/projects and managing resources appropriately
▪ Guaranteeing communication and coordination between programs/proj ects
▪ Developing project management processes and tools
▪ Coaching and training center for all program/project related matters
A centralized PMO makes great sense to ensure that all project managers have a core set of project management skills, common processes, and tools. It provides the organization with a view of the status of all projects and reports on the improvements made to project delivery capabilities over time. The PMO facilitates project team communication by using common processes, deliverables, and terminology.
The development area has the objectives of implementing new software solutions in the company development pipeline, maintain solutions already deployed in order to keep them effective and enhance their support of business processes. In addition, they support Demand Management throughout the process of evaluating business requests by expressing suggestions on feasibility studies and in evaluating technical alternatives to better address business needs and issues. The Development area also has the important task of documenting the detailed design of the solutions that will be implemented and to keep the documentation updated over time. More specifically, the Development area has the responsibility of:
▪ Managing development projects, following a structured project management methodology
▪ Performing systems or functionalities analysis and design
▪ Configuring and tuning the development environment (i.e., development tools, databases, etc.)
▪ Supporting IT management in making or buying analysis and in COTS solutions evaluation
▪ Developing, configuring and integrating applications/systems functionalities
▪ Performing unit and system test of the software solutions implemented
▪ Providing systems functionalities document and reports
▪ Developing user procedures and handbook
▪ Correctly and timely releasing the software solutions and documentation to the Test and Rollout area
▪ Supporting the Test and Rollout area in software testing and releasing
Test and Rollout: Solutions Validation and Verification
Ensuring that the software released in production responds to requirements:
▪ It is correctly and thoroughly documented
▪ Works correctly according to the functional and non-functional requirements initially agreed upon
▪ It is correctly integrated with all the systems/components it is supposed to interface
More specifically, the Test and Rollout is responsible for:
▪ Planning, defining and sharing the detailed test plans
▪ Designing the test cases to check new functionalities guaranteeing that the software released is compliant with them
▪ Performing the test cases, tracing each dysfunction, and following up with Development to have it fixed properly
▪ Maintaining traceability during the test phase and reporting on test status/progress
▪ Supporting the end user in the user acceptance test activities, guaranteeing the correct configuration of the test bed environment;
▪ Supporting the operations department personnel in the deployment phase
The Operations area ensures IT operations are up and running and that all measures have been taken to ensure non disruption of services. It will also ensure that service delivery is competitive compared to industry standards. More specifically, the Operations department has the responsibility for:
▪ Running the company applications (SW, HW, infrastructures, etc.) so that the company activities can be performed as expected
▪ Guaranteeing SLA and OLA compliance agreed through continuous application monitoring and controlling
▪ Guaranteeing that security policies are applied to assure the information protection level expected
▪ Managing business interruption risk and defining disaster recovery procedures
▪ Managing operations budget
▪ Supporting end users through the establishment of a help desk
The methodology applied was the result of the tailoring of different approaches proved to be efficient in several previous initiatives. The reference structure is the IT Value Framework presented in Exhibit 6.
Exhibit 6 – IT Value Framework
This is a three-layer framework that encompasses all relevant aspects of an efficient and well-structured IT department.
The Manage phase includes the disciplines that bring strategic and operative direction to the IT department.
▪ Strategic planning — Conduct decision making to address IT strategy and investment and to plan developments
▪ IT business management — Manage IT business unit, assuring leadership and coordination inside the different IT services lines and outside IT department.
▪ IT governance — Maximize return on IT investments in the present and in the future
The Create phase includes the competency domains that contribute to the release of solutions meeting business needs.
▪ Architectural guidelines — Develop a flexible technological framework to support systems and innovation
▪ Innovation management — Design and develop new products and services and a new business model to support a profitable development
▪ Sourcing management — Define a sourcing strategy to involve suppliers and make them become partners for higher value contribution.
▪ Program management — Assure that IT projects and programs become available to clients in the time and manner agreed, guaranteeing an acceptable risk level.
▪ Delivery management — Optimize client requested IT products and services development and release.
The Realize phase is where value becomes available for the whole organization.
▪ Human resources management — Make available the right resource in the right moment. Handle the evaluation process and the professional development.
▪ Demand management — Guarantee that the internal client maximizes its benefits from the IT business unit and enables IT to satisfy requests in the best way for the entire organization.
▪ Operations management — Administer effectively and efficiently the technological environment, assuring business continuity at an acceptable risk level.
Brisebois T. (2011). What is IT Governance? And why is it important for the IS auditor. INTOSAI. Retrieved from www.intosaiitaudit.org/intoit_articles/25 p30top35.pdf
Jaques, T. (2009). Get ready for governance: What you need to know about presenting to a project governance committee. PMI Community Post. Retrieved from www.pmi.org/eNews/Post/2009_01-23/Governance_PresentingToProjectGovernanceCommittee.html
Project Management Institute. (2008). A guide to the project management body of knowledge (PMBOK® guide) — Fourth edition. Newtown Square, PA: Author.
Weill, P., & Ross, J. W. (2004). IT governance: How top performers manage IT decision rights for superior results. Boston, MA: Harvard Business School Press.
© 2013, Giancarlo Duranti, PMP, CBAP
Originally published as a part of 2013 PMI Global Congress Proceedings — Istanbul, Turkey
Commissioned and supported with research from PMI, MIT’s Consortium for Engineering Program Management, and others, this report distills how many government agencies have been leading (and continue…