In “Behind the Scenes Part 1: Your Organization’s IT Governance & Service Management,” we discussed gaps in IT governance and how it can negatively affect companies. There are several ways to measure the effectiveness of your IT governance, but there is no one size fits all tactic.
Think of the following as a tool belt full of tools. In the right hands, a skillful craftsman can make a high-quality product. So, what is the best approach for your organization?
Here are a few IT governance approaches to consider:
- Balanced Scorecard feeds into an overall corporate governance quick glance dashboard. Financial, knowledge, customer, and process. This can effectively be applied to IT, however, there are risks of becoming too focused on the technology and not the overall business. The challenge comes when peeling back the layers to view what feeds into this summary. Without data integrity, accuracy, completeness, and adoption throughout the organization, these dashboards can be misleading. It’s the difference between guessing, assuming, believing, and knowing. I’d rather know.
- ISO/IEC 38500 is an international standard for IT governance. Achieving the ISO certification is extensive, expensive, and impractical for many organizations. This standard provides guidance to a level of detail that is appropriate to overall governance while avoiding the weeds of tactical execution, management, and processes. Not all organizations will require this level of rigor or investment. It sets forward six areas for governance: responsibility, strategy, acquisition, performance, conformance, and human behavior. When implementing IT governance, this is a good source of topics to consider when designing, but implementation and certification may not be the ultimate outcome.
- CoBIT (Control Objectives for Information and Related Technologies) is a framework and itemized list of specific and actionable tasks and objectives that support IT processes and enablers. Process, control, management, and maturity components are practical goals to establish and evaluate IT service quality. This is a great starter pack to implement control. It’s going to achieve a great deal toward strong governance controls, but it will still require an organizational culture shift toward transparency and accountability.
- CMMI (Capability Maturity Model) is a process-centric maturity assessment approach that rates processes along a continuum. It is not necessary nor is it practicable to attain the highest level of maturity for every process. Instead, we recommend a continual improvement roadmap that strategically targets only the right areas at the right times. CMMI provides an approach to objectively appraise process maturity, it fails to provide much guidance as to whether achieving higher levels of maturity is necessary or warranted.
- TOGAF (The Open Group Architecture Forum) is an approach and framework for managing architecture of enterprise IT services lifecycle. With digital and cloud market disruptors, many of the recommendations become moot or impractical to implement. While the ideas behind the program are sound, it’s execution can fall short on managing business value. The target audience is technical and not business. Which makes it feel (to me anyway) like an “IT for IT’s sake” of framework, the business justification mandating the recommendations of TOGAF seem to be an assumed input. Of course, you want five-nines… who wouldn’t? Take this approach in measures.
- CGEIT (Certified Governance Enterprise IT) is a certification designed to recognize and improve the quality of IT governance leaders. Its focus is on consistent vocabulary and guidance to implement and operate IT governance across five domains: enterprise, strategy, benefits, risks, and resources. Think of this as the PMP certification expected for project managers, except the CGEIT isn’t as ubiquitous as PMPs. It’s a robust qualification process aimed to create consistent understanding and execution of IT governance through qualified professionals.
- TQM (Total Quality Management) is an organizational mindset which seeks to implement and sustain an environment of continual improvement. If you’re an organization leveraging TQM principles, remember that IT Governance is best served holistically as a part of the organizational culture. TQM may support one or more but not all areas of IT scope of services which require governance.
- M_o_R (Management of Risk) is a framework certification that works to objectively and accurately assess and address risks in the most effective and cost efficient manner. M_o_R strategically supports operational and project based execution. Management of Risk may support or feed into an overall governance program, but is unlikely to meet needs holistically.
- MoV (Management of Value) is a certification that seeks to cost-effectively deliver relevant outcomes by measuring, monitoring, reporting, and acting to continually improve the benefits and results of projects and services. MoV supports project, portfolio, program and risk management principles and practices while setting its primary focus on creating and maximizing value. Management of Value may support or feed into an overall governance program, but is unlikely to meet needs holistically.
- MOF (Microsoft Operations Framework) is a framework and methodology developed by Microsoft for Microsoft. The basics mirror and align to ITIL so much as to almost be indistinguishable, however, there are nuances and specific recommendations based on their technology, platform, and tools that give a hands-on technical and tactical feel that is missing from other higher-level frameworks. Unless you’re specifically a Microsoft shop and or are willing to implement a full suite of service capabilities and Microsoft tools, this is probably not for you.
- UPMM (Unified Project Management Methodology) is a unified project management methodology. Its focus is so narrow that even though frequently used to govern IT projects, it doesn’t translate or scale operationally or organizationally. In today’s managed service environment, this is the bare minimum expectation, almost like expecting that your car has a steering wheel.
- ITIL (Information Technology Infrastructure Library) is a framework and methodology originating from IT infrastructure functions and processes. While many processes, tools, and recommendations transfer well to other IT services, it was never meant to be interpreted literally. Implementing ITIL shouldn’t be a thing that is done literally. Instead, adapt ITIL good practices to your organization to create your own best practices. While it includes general guidance around KPIs, most organizations focus too quickly on SLAs as a punitive approach to IT, rather than as a strategic partner there to support and enable business objectives.
- ISO/IEC 20,000 is an international standard for IT service management built upon the principles of ITIL, but isn’t strictly ITIL. It also allows for service management variations including Microsoft’s Operations Framework. As with all ISO standards, qualification and certification requires significant investment which may or may not be appropriate for all organizations.
Obviously, implementing ALL the above would be cumbersome and unreasonable. Knowing which approach works best for your company size, in your industry, with your strategic objectives, requires either gambling or trusting a partner who has helped other companies fine-tune their approach. A partner who utilizes only the meaningful and valuable components from the above frameworks, methodologies, and approaches.
That’s why Onebridge is creating, curating, and perfecting a unique governance approach which takes the best parts of each. Our method is fully adaptable and scalable to your organization to help obtain what matters most to you. We work to minimize the risks of trying the unknown, and over-engineering with much overhead and red-tape. We show you how your organization should work with IT governance, by bringing in teams who know their role, know why it is essential, and show how they impact governance objectives. Through performing, demonstrating, guiding and coaching, we create a coalition of change that can take hold across the enterprise and result in lasting change and continual improvement for your company.