Chapter 5
Governance

THE FOLLOWING ITIL INTERMEDIATE EXAM OBJECTIVES ARE DISCUSSED IN THIS CHAPTER:

  • ✓  Governance
  • ✓  Setting the strategy for governance
    • Evaluate, direct, and monitor
  • ✓  Governance framework
  • ✓  What is IT governance?
  • ✓  Governance bodies
    • How service strategy relates to governance

To do well on the exam, you must ensure that you understand the concepts associated with governance. You will need to demonstrate that you can apply these concepts to the scenarios by analyzing the information provided in the exam questions.

Understanding Governance

Governance is the single overarching area that ties IT and the business together. It is what defines the common directions, policies, and rules that both the business and IT use to conduct business. Many IT service management strategies fail because they try to build a structure or processes according to how they would like the organization to work instead of working within existing governance structures.

Corporate governance refers to the rules, policies, and processes (and in some cases, laws) by which businesses are operated, regulated, and controlled. These are often defined by a board of directors or shareholders or the constitution of the organization, but they can also be defined by legislation, regulation, standards bodies, or consumer groups.

Setting the Strategy for Governance

Governance is important in the context of service strategy because the strategy of the organization forms a foundation for how the organization is governed and managed. The standard for corporate governance of IT is ISO/IEC 38500. ITIL references the concepts of this standard and how it has been applied. Governance is expressed in a set comprising strategy, policies, and plans (Figure 5.1).

Diagram shows a pyramid with three layers. Strategy, policy, and plan are in the top, central, and bottom layers respectively.

Figure 5.1 Strategy, policy, and plan

Copyright © AXELOS Limited 2010. All rights reserved. Material is reproduced under license from AXELOS.

Figure 5.1 shows how governance works to apply a consistently managed approach at all levels of the organization—first by ensuring that a clear strategy is set, then by defining the policies whereby the strategy will be achieved. The policies also define boundaries, or what the organization may not do as part of its operations. For example, there may be a policy stating that IT services will be delivered to internal business units only and will not be sold externally as an outsourcing company would.

The policies should also clearly identify the authority structures of the organization. This is indicated in how decisions are made, and what the limits of decision-making will be for each level of management. The plans ensure that the strategy can be achieved within the boundaries of the policies.

It is important to remember that although plans are part of governance, governors themselves will not produce or define the plans. Managers will use governance to define plans that are consistent with, and approved by, the organization’s executives and governors. However, governors will review the progress and implementation of plans.

Defining strategy, policies, and plans is a rigorous process, consisting of three main activities: evaluate, direct, and monitor. We will look at an overview of the process and show the links between service strategy and governance in the following sections.

Evaluate

Evaluate refers to the ongoing evaluation of the organization’s performance and its environment. This evaluation will include a detailed knowledge of the industry, including its trends, regulatory environment, and the markets the organization serves. A strategic assessment is typical of the type of input that is used in this evaluation.

The following items are used to evaluate the organization:

  • Financial performance
  • Service and project portfolios
  • Ongoing operations
  • Escalations
  • Opportunities and threats
  • Proposals from managers, shareholders, customers, and so on
  • Contracts
  • Feedback from users, customers, and partners

Direct

The direct activity relates to communicating the strategy, policies, and plans to, and through, management. It also ensures that management is given the appropriate guidelines to be able to comply with governance.

This activity includes the following:

  • Delegation of authority and responsibility
  • Steering committees to communicate with management and to discuss feedback (also used during the evaluate activity)
  • Vision, strategy, and policies that are communicated to managers, who are expected to communicate and comply with them
  • Decisions that have been escalated to management or where governance is not clear

Monitor

In the monitor activity, the governors of the organization are able to determine whether governance is being fulfilled effectively. It will also highlight whether there are any exceptions. This enables them to take action to rectify the situation and also provides input to further evaluate the effectiveness of current governance measures.

Monitoring requires the following areas to be established:

  • A measurement system, often a balanced scorecard
  • Key performance indicators
  • Risk assessment
  • Compliance audit
  • Capability analysis, which will ensure that management has what it needs to comply with governance

Governance Framework

A governance framework is a categorized and structured set of documents that clearly articulate the strategy, policies, and plans of the organization.

The ISO/IEC 38500 standard outlines the following six principles that are used to define domains of governance (or areas that need to be governed):

  • Establish responsibilities.
  • Agree on a strategy to set and meet the organization’s objectives.
  • Acquire for valid reasons.
  • Ensure performance when required.
  • Ensure conformance with rules.
  • Ensure respect for human factors.

Each of these domains will have high-level policies that form part of the framework and will be used by managers to build procedures, services, and operations that meet the organization’s objectives.

What Is IT Governance?

IT governance does not exist as a separate area. Because IT is part of the organization, it cannot be governed in a different way from the rest of the organization. ISO/IEC 38500 refers to “corporate governance of IT,” not IT governance. This implies that IT complies with and fulfils the policies and rules of the organization and does not create a separate set for itself.

IT and the other business units share the same objectives and corporate identity and are required to follow the same governance rules.

What is normally called IT governance is usually a matter of the chief information officer (CIO), or senior IT manager, enforcing corporate governance through a set of applied corporate strategies, policies, and plans. Nevertheless, as a member of the executive team, the CIO participates in how governance is defined and translated for management.

Let’s consider how this governance framework is managed through the organization by reviewing the suggested governance bodies, as shown in Figure 5.2, later in this section.

Block diagram shows governors, the executive, and IT steering group who are responsible for corporate governance, enforcement of corporate governance, and defining how IT works respectively.

Figure 5.2 Governing bodies

Copyright © AXELOS Limited 2010. All rights reserved. Material is reproduced under license from AXELOS.

Although IT governance is not separate from corporate governance, it is important that IT executives have input into how corporate governance will specify how IT is governed. This is usually done through an IT steering committee, which also defines IT strategy and is involved in all major decisions regarding IT and its role in the organization.

As a member of the executive group, the CIO will ensure that the corporate strategies, policies, rules, and plans include a high-level overview of how IT will be governed. If the CIO is not a member of the board of directors, it is the responsibility of the member who is responsible for IT to ensure that the CIO is consulted on what needs to be included.

In most cases, the governors will need assistance in defining governance for IT. This can be provided by management consultants or by engagement with senior IT leaders in the organization. In many organizations, the IT department will be heavily involved in defining governance and may even have a dedicated group to work on defining, enforcing, and monitoring governance for IT. It is important to note, however, that the final decision about the strategy, policies, rules, and plans and how they are enforced is made by the governors because they are accountable for governance. This accountability may not be delegated to managers, who are required to comply with governance.

Governance is fulfilled by the leadership of each business unit, including IT. Therefore, the CIO is responsible for ensuring that IT operates according to the strategy, policies, rules, and plans defined in corporate governance. Since IT is an integral part of each business unit, however, it is important that the leaders of other business units are also engaged in defining how governance of IT will be fulfilled and enforced.

This is usually achieved by establishing an IT steering committee, also called an IT steering group. The purpose of the steering committee is to establish how IT will comply with and fulfil corporate governance. In addition, it represents how IT works with other business units to help them comply with corporate governance.

You can see an example of the IT steering group in relation to other governance bodies in Figure 5.2.

The composition of the IT steering committee makes it an ideal platform to discuss and agree on a number of other areas too. These include the following:

  • Discussing the IT strategy and IT strategy planning documents and recommending them to the governors
  • Clarifying strategic requirements from other business units
  • Ensuring that the contents and consequences of the IT strategy are clearly understood by other business leaders
  • Making major decisions requiring funding from other business units
  • Settling disputes about IT service priorities
  • Reaching agreement about the minimum level of service for shared services (usually when one business unit wants a much higher level of service but cannot afford to cover the costs themselves and requires the agreement of all other business units to move to the higher level)
  • Discussing IT service issues that require senior management intervention
  • Negotiating changes to policies in other business units that impede IT’s ability to meet its objectives (for example, when an IT organization is asked to reduce costs but users insist on the most expensive solution)

Service Strategy Relating to Governance

Reviewing the chapter so far, it may appear that all strategy is strictly contained within the role of the governors. This is not the case. Rather, the governors are responsible for the strategy of the organization and for ensuring that all parts of the organization are aligned to that strategy.

Every part of the organization must, however, produce its own strategy that enables it to fulfil the overall corporate strategy. Each strategy must be grounded in the corporate strategy and must be approved by the governors.

Strategy management for an internal IT service provider will be overseen by the CIO and the IT steering committee. In larger organizations, this might be a dedicated function reporting to the CIO.

Key processes for fulfilling governance are as follows:

  • The service portfolio is an integral part of fulfilling governance because the nature of services, their content, and the required investment are directly related to whether the strategy is achievable. The current and planned services in the service portfolio are an important part of strategy analysis and execution.
  • Financial management for IT services is also a critical element of evaluating what investment is required to execute the service strategy, ensuring that the strategy is executed within the appropriate costs, and then measuring whether this was achieved within the defined limits.
  • Demand management provides a mechanism for identifying tolerance levels for effective strategy execution. Each strategy approved by the governors must include the boundaries within which that strategy will be effective. Demand management assists in defining these boundaries in terms of business activity and service performance.
  • Business relationship management is instrumental in defining the requirements and performance of services to customers. This makes it possible for those customers to comply with corporate governance in their organizations.

Summary

In this chapter, we reviewed the importance of governance as it applies to the service strategy lifecycle stage. This included an explanation of what ITIL means by governance and how we set the strategy for governance in the strategy lifecycle stage.

We explored the concepts of evaluate, direct, and monitor and their application in the service lifecycle.

We also examined the importance of a governance framework and how IT governance fits into this framework. Finally, we explored the use of governance bodies.

Exam Essentials

Understand the concepts of governance. You will need to understand the concepts of governance as they relates to service strategy.

Understand the role of governance. Make sure you comprehend, from a management-level viewpoint, the role of governance in service management.

Describe how the governance process is developed. You need to be able to describe how the governance process—evaluate, direct, and monitor—is part of service strategy.

Explain the governance framework. Explain the governance framework and its use in service management.

Describe what IT governance is. Be able to describe what IT governance is and the governance bodies it consists of.

Understand governance in service strategy. Understand the role of service strategy processes and governance.

Review Questions

You can find the answers to the review questions in the appendix.

  1. What is the key fact about governance that makes it important as a strategic concept?

    1. It connects the service provider to the operational users.
    • B. It is an overarching area that ties IT and the business together.
    • C. It connects operational functions to the service provider.
    • D. It is a concept that reviews all operational activity for process adherence.

  2. Match the options to the following governance activities.

    1. Direct
    2. Evaluate
    3. Monitor
      1. Refers to the ongoing assessment of the organization’s performance and its environment.
      2. The governors of the organization are able to determine whether governance is being fulfilled effectively.
      3. Relates to communicating the strategy, policies, and plans to, and through, management.

  3. Which of these is the ISO standard associated with corporate governance of IT?

    1. ISO 20000
    2. ISO 27001
    3. ISO 15504
    4. ISO 38500

  4. Governance is expressed in terms of three elements. Which of these is the correct set?

    1. Strategy, policies, plans
    2. People, process, policy
    3. Plans, process, objectives
    4. Strategy, policy, process

  5. True or False? Policies define boundaries, or what the organization may or may not do as part of its operations.

    1. True
    2. False

  6. Which of these are the principles covered in the ISO 38500 standard? (Choose all that apply.)

    1. Establish responsibilities.
    2. Agree on a strategy to set and meet the organization’s objectives.
    3. Acquire for valid reasons.
    4. Ensure performance when required.
    5. Ensure conformance with rules.
    6. Ensure respect for human factors.

  7. Which of these options best reflects the approach to IT and corporate governance?

    1. Corporate governance does not apply to IT.
    2. IT governance is distinct and separate from all other governance approaches in the organization.
    3. Corporate governance applies across the whole organization, and because IT is part of the organization, corporate governance applies.
    • D. IT governance is managed by the CIO and is not subject to any oversight by other organizational directors.

  8. Who makes the final decision about the strategy, policies, rules, and plans and how they are enforced?

    1. IT steering group
    2. Operational management
    3. Governors of the organization
    4. CIO and finance director

  9. Which of these are common topics of discussion for the IT steering group? (Choose all that apply.)

    1. Clarification of strategic requirements from other business units
    2. Agreeing on corporate strategy for all business units
    3. Ensuring that the contents and consequences of the IT strategy are clearly understood by other business leaders
    4. Making major decisions that require funding from other business units
    5. Settling disputes about IT service priorities

  10. Which of these are key service strategy processes that assist in fulfilling governance? (Choose all that apply.)

    1. Design coordination
    2. Service portfolio management
    3. IT service continuity management
    4. Financial management for IT services
    5. Demand management
    6. Service level management
    7. Business relationship management
    8. Service asset and configuration management
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset