TOOLS AND USEFUL RESOURCES
At the time of writing, there is no neatly bundled IT governance toolkit available that I would recommend. Unlike IT service management where one framework fits all organisations pretty well, the make up of an IT governance framework will depend totally on the culture, goals and characteristics of an organisation. You will be pulling together a mix of standards, frameworks and tools from various sources to meet the specific requirements for your organisation.
Putting together an overarching framework is very much like mixing a cocktail. It requires patience and skill to balance the components, and adding too many components results in a mess that leaves a long hangover. Do not be tempted to adopt every form of recognised ‘best practice’. For a framework to be recognised as best practice, it has to have been in use for several years. You might find something that has been developed recently that fits your requirements perfectly, and provides a ‘lighter touch’ approach.
At the risk of stating the blindingly obvious, a tool is only a tool if it helps you and your business – so do not feel obliged to persevere with a reporting or monitoring scheme that just is not helpful.
Your biggest challenge will be to bridge the governance–management gap. You are aiming to purchase tools that will enable you to monitor and measure governance activity from the management layer, for displaying results at the governance layer, in a way that is meaningful and useful. Once you have read through the book, you will have a very clear idea of what is required and how monitoring and reporting processes can be set up to deliver this information.
TOOLING
Requirements for IT governance tools
There is a requirement for IT governance tools that support a principle-based assessment by enabling measurable outcomes to be linked to principles. These tools cannot be built through empirical means alone, but must be grounded on a platform of academic theory to be reliably useful. Governance runs on a long time frame. If I create a tool to make yoghurt, then it can be proved to work or not work within the space of 24 hours. If I create a tool to assist with the successful implementation of an IT governance framework, the value of the tool might not be evident for years. That said, there are some valuable tools available now that will assist in the building of elements of an IT governance framework, and these are referenced throughout the book.
Interfaces to management tools
No doubt your organisation is already using a number of IT tools, standards and frameworks at the management layer – ITIL®, ISO/IEC 20000, ISO/IEC 27000, COBIT®, CMMi and so on. Your governance tools should enhance the information reported from your management tools, or at least provide a filter for the delivery of relevant, succinct information to the governing body.
There is some excellent material available from government agencies, industry bodies, membership bodies and IT and director institutes in the form of procurement guidelines, frameworks and templates. Your vendors and suppliers will also have research material, white papers, templates and other useful information to guide you with the development of your framework.
CHECKLISTS
Governing body
CIO
USEFUL RESOURCES
Committee of Sponsoring Organizations of the Treadway Commission COSO Internal Control-Integrated Framework 2011. Available at www.coso.org/ic-integratedframework-summary.htm
Financial Reporting Council Turnbull Report Internal Control: Guidance for Directors on the Combined Code 2005. Available at www.frc.org.uk/Our.../Turnbull-guidance-October-2005.aspx
Hoverstadt, Patrick (2008) The Fractal Organisation: Creating Sustainable Organisations with the Viable System Model. Chichester, John Wiley and Sons.
Kotter, John P. (1996) Leading Change. Boston, Harvard Business Review Press.
Kotter, John P. (2008) A Sense of Urgency. Boston, Harvard Business Review Press.
Kotter, John P. (2012) The Heart of Change: Real-Life Stories of How People Change Their Organisations. Boston, Harvard Business Review Press.
Baldrige Performance Excellence Program www.nist.gov/baldrige
ISACA Body of Knowledge www.isaca.org and IT Governance Institute www.itgi.org
The Cabinet Office, UK, www.cabinetoffice.gov.uk
Basel II Report – www.bis.org/bcbs/about.htm
Gartner Research – www.gartner.com/technology/home.jsp
TOGAF, The Open Group – www.opengroup.org/togaf/
Lean Six Sigma – www.isixsigma.com/new-lean-six-sigma/
Prince 2 – www.prince-officialsite.com/
PMI & PMBOK – www.pmi.org/PMBOK-Guide-and-Standards.aspx
Sarbanes- Oxley Act 2002 – www.gpo.gov/fdsys/pkg/PLAW-107publ204/pdf/PLAW-107publ204.pdf, www.sec.gov/about/laws.shtml
Companies Acts – for example – www.legislation.gov.uk/ukpga/2006/46/contents