Enterprise governance guide for CIOs and IT executives

CIOs aren't merely technologists -- they're also often strategists charged with building the best governing structure for their IT organizations. Enterprise governance programs encompass both the day-to-day aspects of running IT as well as overarching enterprise planning initiatives. Governance plays an important role in the establishment of IT decision-making panels, determinations regarding staffing and resource allocation and the processes behind provisioning and maintaining specific technology projects.

In this CIO Briefing, learn how to find the best IT governance frameworks for your organization, how to establish an IT data governance strategy, how public-sector governance programs are saving states time and money, and how to align your IT governance and compliance approaches.

This guide is part of SearchCIO.com's CIO Briefings series, which is designed to give IT leaders strategic guidance and advice that addresses the management and decision-making aspects of timely topics. For a complete list of the topics covered to date, visit the CIO Briefings section.

Table of contents

• Finding the right IT governance frameworks
• Establishing an IT data governance strategy
• Learning from public-sector governance successes
• Aligning IT governance and compliance
• More resources

As more focus is put on flexibility and agility in IT leadership circles, some CIOs are turning to the agile development methodology for software development. Agile methodologies help organizations respond quickly to market changes forcing them to spend their development time on features that will bring the most value to the business.

Companies in that camp include British Airways PLC, which converted to agile software development in 2007, and the $500 million Catalina Marketing Corp. (CMC), which adopted a hybrid agile/waterfall methodology for a business transformation effort after a pure agile effort failed.

"One of the key levers you can pull to increase productivity is speed," said Mike Croucher, head of software engineering at British Airways. "The second lever was the business. Seeing the market constantly change, we realized we needed a process to make quicker changes."

The agile development methodology emphasizes iterative software design, where business stakeholders and IT project leaders work together to hash out processes and design in short increments. Using agile, the development team can focus on prioritizing and implementing only those features that bring the highest value to the business, thereby eliminating waste and increasing productivity. Agile also allows for rapid change with any iteration.

Learn more in "Agile development methodology not easy but worth the effort, users say.” Also:

• New IT management framework focuses on business value
  Enterprises such as Chevron and Merck are working together to shape an emerging IT management best practices framework.
  
• The road to agile IT runs through IT services management and PPM
  Agile IT can be realized with IT services management best practices and project portfolio management, but IT leaders need to clean house first.
  
• Uniting ITSM, PPM process methodologies yields IT management benefits
  ITSM and PPM are typically separate disciplines, but integrating them can increase visibility, help with budgeting and more. Learn more about this dynamic duo.
  
• Multi-sourcing requires IT governance strategy with multiple tiers
  An IT governance strategy for multi-sourcing activities requires a multi-tier approach with participation throughout the enterprise. Read how NASA learned to govern multi-sourcing.
  
• IT governance, corporate governance must align in economic recession
  IT governance in an economic recession is more important than ever, as IT organizations must align with the business, justify costs and adapt to market conditions.
  
• Project management governance: How much is enough?
  What goes into successful project management governance? The best mix calls for just the right amount of process and a focus on improved project completion rates.
  
• CIOs with, without PPM software discuss IT project governance
  Our exclusive research shows how midsized organizations are employing IT governance, with or without PPM software, for project management success.
  
• Don't let your IT service catalog go to waste: Six maintenance tips
  You worked hard to launch your IT service catalog. How about maintaining it? We asked four ITSM experts for tips for making sure your IT service catalog doesn't sit on a shelf.

If an organization has data flowing across multiple systems and processes, it's time for a formal data governance program, according to data quality experts like Gwen Thomas, president of the Data Governance Institute.

"Do these organizations want rules to specify how the data should be structured, shared, accessed and used? Of course," Thomas said. "Do they want controls to enforce those rules? Of course. Do they want clear rules of engagement that show how stakeholders make decisions about these rules and controls? Of course. Now, in 2010, it's a given that organizations of a certain size want and need some form of formal governance."

Joseph Bugajski, research vice president at Stamford, Conn.-based Gartner Inc., goes even further. "In some cases, it is past time," said Bugajski, previously chief data officer at Visa Inc. "Almost every business has reporting requirements that depend upon reliable data at its source. To assert that the data is reliable requires governance. And in the simplest form, it means somebody owns responsibility for saying, 'Yea, verily, this data is accurate'."

Find out more in "Why you need a formal data governance program, and how to get started." Also:

• Trials and tribulations of implementing a data management strategy
  Even when there is a driving need, launching a new data management strategy can be an uphill battle. As one chief privacy officer learned, getting the right team in place is key.
• Pros and cons of using enterprise master data management with BI
  Enterprise master data management (MDM) is a big task. Some CIOs are finding quick wins by starting with MDM.

Implementing an IT governance framework is increasingly important to public sector organizations as they seek to consolidate infrastructure and IT operations, cut costs amid strained municipal budgets and, above all, improve service to residents.

For example, the CIO of Massachusetts is restructuring the commonwealth's IT governance model, creating secretariat CIOs in eight government cabinets overseen by the governor. In California, the state CIO has created a series of councils to vet and implement IT initiatives.

These efforts are part of a larger trend in the public sphere toward integrated computed, according to Doug Washburn, an analyst at Cambridge, Mass.-based Forrester Research Inc. Washburn recently co-authored a report, Helping CIOs Understand "Smart City" Initiatives, that examines methods for municipal implementation of IT governance frameworks.

Better IT governance leads to better deployment of technologies to benefit municipal services, experts say.

Learn more in "IT governance framework helps public agencies boost service, cut costs." Also:

• Public sector challenges mitigated by IT governance framework
  Addressing public sector challenges is made easier by having a strong IT governance framework in place, leading to the best possible service to residents.
• Botched IT outsourcing contract shows need for governance, SLAs
  Virginia's $2 billion IT outsourcing contract has gone awry, with service interruptions and missed deadlines. Find out what lessons were learned on IT governance and clear SLAs.
• How Virginia's new CIO is fixing the state's IT outsourcing problems
  Virginia's CIO explains steps being taken to improve oversight and performance of the state's $2 billion IT outsourcing deal, which has been beset by delays and other problems.

Record-keeping irregularities have been at the heart of several high-profile cases that have resulted in corporate failures and economic devastation. It started in 2001, with the Enron/Arthur Andersen LLP fiasco, and continued through recent cases involving Bernie Madoff's $65 billion investor swindle, American International Group Inc.'s $3 trillion in credit default swaps, and risky mortgage derivatives that resulted in the housing collapse.

What went wrong in each of these cases is simple: Although these business transactions generated voluminous records, those records weren't necessarily accurate or useful, and the discrepancies weren't apparent. These organizations did not have effective information governance structures operating under clearly defined principles that would have ensured integrity, transparency and accountability in recordkeeping.

Until 2009, when ARMA International developed the Generally Accepted Recordkeeping Principles (GARP), there was no single set of principles to assist organizations in implementing records systems and policies that are the hallmarks of information governance. Effective information governance helps organizations succeed in operations, comply with legal and regulatory requirements, and avoid the type of catastrophes described above.

Learn more in "FAQ: GARP and how it helps you achieve better information governance." Also:

• Security professionals: How will Mass. data privacy law be enforced?
  With the Massachusetts data privacy law on the books, some security professionals wonder how it will be enforced, and who will be the focus of such enforcement actions.
• Compliance Product Spotlight: File share, GRC, Solvency II offerings
  Here are some of the latest compliance products and risk management solutions that can help your company stay in step with governance, risk and compliance regulations.
• Governance, risk and compliance FAQ: What does GRC mean to IT strategy
  Learn how GRC coordinates governance, risk and compliance with IT strategy to create a more responsive and transparent organization.
• Enterprise content management helps crank up information governance
  Enterprise content management tools have become important building blocks for compliance officers piecing together information governance strategies. Find out why.
• Integrated governance, risk and compliance solutions need holistic IT
  Integrated governance, risk and compliance solutions require a holistic technology architecture. Read this tip to find out how to put it together.
• Sorting through GRC framework questions
  An IT or enterprise GRC program needs coordination, and that's where governance, risk and compliance frameworks can be useful. Here's an overview.
• BWise's CTO on the power of GRC management and controls monitoring
  BWise's latest innovation integrates continuous controls monitoring (CCM) with its GRC management suite. CTO Luc Brandts talks about the relative strengths and weaknesses of each.
• Follow the money in GRC management platforms
  Governance, risk and compliance (GRC) technology is evolving as ERP vendors up their stakes in GRC. Who's going to make money, and can you get into the game?

• Resource Center: IT governance (SearchCIO.com)
• Resource Center: Enterprise ITIL and ITSM (SearchCIO.com)