It Governance
Copyright © 2004 Information Systems Audit and Control Association. All rights reserved. www.isaca.org.
IT Governance Hands-on: Using COBIT to Implement IT Governance
By Luc Kordel, CISA, RE, CISSP, CIA, RFA
1
I
n the past, running an IT organization as a support function—a function separate and distinct from the business—was a common practice. Now, most IT infrastructure investments and new IT applications span business lines and functions. Some organizations even integrate partners and customers into their internal processes. Therefore, CEOs and CIOs increasingly feel the need for a tighter relationship between IT and the business. But how should they deal with this strategic challenge? The key questions are: • Is there a framework to guide business and technology management leaders in their efforts to change information technology’s role within the organization and to close the gap between IT and the business that IT is supposed to support and drive? • What are the responsibilities at the board and management levels? • Is this a governance issue?
The Need to Change IT’s Role
This perennial management hot item was discussed in a series of recent articles and studies in leading management journals: • Consultants Dan Lohmeyer, Sofya Pogreb and Scott Robinson examined the question, “Who is accountable for IT?” and concluded that business leaders are.2 To derive full value from their IT investments and use technology as a competitive weapon, organizations should make their business leaders accountable for the return on IT investments by putting them in charge of setting the IT agenda. Moreover, senior executives should have the courage to realign the IT and business organizations to create a partnership between the two sides. • Research into IT management practices at hundreds of companies around the world has shown that most organizations are not generating optimal value from their IT investments. The most important factor distinguishing
IT Governance Hands-on: Using COBIT to Implement IT Governance
By Luc Kordel, CISA, RE, CISSP, CIA, RFA
1
I
n the past, running an IT organization as a support function—a function separate and distinct from the business—was a common practice. Now, most IT infrastructure investments and new IT applications span business lines and functions. Some organizations even integrate partners and customers into their internal processes. Therefore, CEOs and CIOs increasingly feel the need for a tighter relationship between IT and the business. But how should they deal with this strategic challenge? The key questions are: • Is there a framework to guide business and technology management leaders in their efforts to change information technology’s role within the organization and to close the gap between IT and the business that IT is supposed to support and drive? • What are the responsibilities at the board and management levels? • Is this a governance issue?
The Need to Change IT’s Role
This perennial management hot item was discussed in a series of recent articles and studies in leading management journals: • Consultants Dan Lohmeyer, Sofya Pogreb and Scott Robinson examined the question, “Who is accountable for IT?” and concluded that business leaders are.2 To derive full value from their IT investments and use technology as a competitive weapon, organizations should make their business leaders accountable for the return on IT investments by putting them in charge of setting the IT agenda. Moreover, senior executives should have the courage to realign the IT and business organizations to create a partnership between the two sides. • Research into IT management practices at hundreds of companies around the world has shown that most organizations are not generating optimal value from their IT investments. The most important factor distinguishing
References: 3 Van Grembergen, Wim (Editor), Strategies for Information Technology Governance, Idea Group Publishing, 2004 10 The information in this section of the article is based on the preface of Strategies for Information Technology Governance.