Governance of IT
eBook - ePub

Governance of IT

An executive guide to ISO/IEC 38500

Alison Holt

Share book
  1. 200 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Governance of IT

An executive guide to ISO/IEC 38500

Alison Holt

Book details
Book preview
Table of contents
Citations

About This Book

Directors and government ministers across the world are increasingly being held accountable for failed IT systems, data loss and poor decisions about their organisation's data. This valuable book is designed to bridge the gap between the governing body and CIOs/ IT managers. It will help the reader create a safe and robust governance framework for their organisation by applying the principles of the ISO Governance of IT Standard 38500 on directing, evaluating and monitoring IT activity.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Governance of IT an online PDF/ePUB?
Yes, you can access Governance of IT by Alison Holt in PDF and/or ePUB format, as well as other popular books in Business & Corporate Governance. We have over one million books available in our catalogue for you to explore.

Information

PART A
INTRODUCTION TO THE GOVERNANCE OF IT
In essence, the governance of IT is the theory that enables an organisation’s principal decision makers to make better decisions around IT and, at the same time, provides guidance for IT managers who are tasked with IT operations and the design, development and implementation of IT solutions.
You could be forgiven for thinking that IT governance is the latest fad or trend to hit IT. However, IT governance has been an issue since Charles Babbage half dozed off on a book of logarithms and came up with the idea for the first programmable computer in 1822:
I was sitting in the rooms of the Analytical Society, at Cambridge, my head leaning forward on the table in a kind of dreamy mood, with a table of logarithms lying open before me. Another member, coming into the room, and seeing me half asleep, called out, ‘Well, Babbage, what are you dreaming about?’ To which I replied, ‘I am thinking that all these tables’ (pointing to the logarithms) ‘might be calculated by machinery’.
(Babbage 1864)
This idea resulted in Babbage starting on the design for his Difference Engine – a concept that took almost 170 years to deliver as a product. (Take heart if you are reading this and your IT project has overrun by a mere couple of years.) As Babbage soon discovered, designing it was one thing; actually building it required funding and sponsors. Babbage correctly estimated that a large sum of development money was required. In the 1800s, such an expensive IT project required government funding. This is still the case today.
Babbage had some difficulty communicating his business plan to his sponsors. If we were seeking government money today, we would be unlikely to send the lead developer to speak to the relevant funding agencies. As IT people, we still have issues with describing new or ‘leading edge’ technology in such a way that non-IT people can understand exactly what it is we are describing. We can also create problems when we send the IT salesman in to speak to the business, especially if they have been trained to never say no to customer requirements and know enough of the fashionable IT vocabulary to sound convincing.
Business has been burnt with keen and ambitious IT companies describing software that has not been written, hardware that has not yet been built. I have heard many a salesman/IT account manager come out of a successful pre-sales meeting having signed a development contract, proclaiming the immortal words, ‘Well how hard can it be to build it to their requirements?’ Our industry is still fast developing, and we love to use the latest technology to develop our business solutions. Young developers will talk about last year’s technology using the same tone of voice that you might use for describing the funeral of a close colleague. We use the term ‘legacy system’ to describe something that we are too bored to support. No wonder we have problems! But I digress – Babbage had an idea that had huge potential, yet he could not easily demonstrate that potential to his funders. Hindsight is easy. When a Marconi radio was installed in RMS Titanic, it was put in for commercial reasons. Nobody foresaw the potential for emergency communications.
Babbage had every reason to feel aggrieved about his treatment by successive governments. They had failed to understand the immense possibilities of his work, ignored the advice of the most reputable scientists and engineers, procrastinated for eight years before reaching a decision about the difference engine, misunderstood his motives and the sacrifices he had made, and … failed to protect him from public slander and ridicule.
(Dubbey 1978)
He possibly did not have the patience for sales and marketing:
On two occasions I have been asked [by members of Parliament], ‘Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?’ I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.
(Babbage 1864)
In fact he found the whole process very frustrating, and declared to one of his European colleagues:
You will be able to appreciate the influence of such an Engine on the future progress of science. I live in a country which is incapable of estimating it.
(Babbage 1864)
So … what is IT governance?
Whenever and wherever a governance standards committee gathers together, it is not long before the question of the definition of governance is raised, or, failing that, the question of the difference between governance and management and where the boundary between the two groups lies. So, why are these such problematic questions to answer? I believe it is because there is such a range of ways that a governing body and a management team can work together.
IT governance is concerned with directing IT-related activity across an organisation – it is about strategic planning for IT in line with the vision and mission of the organisation, and the oversight and monitoring of all IT-related activity. It involves creating a decision-making model for IT and information decisions.
IT management is concerned with the application of IT governance through the implementation of policies, processes, procedures and the management of IT-related projects and other activities. The term IT governance is also being used in some literature for the necessary controls put in place, typically by the IT management team, to ensure that IT governance activities can be reported on correctly. If we refer to this type of IT governance as IT operational governance, then the governing body is less likely to be troubled with operational decisions.
The action of the board or governing body to direct IT activities and to build a decision-making model, combined with the action of the IT management teams to develop supporting systems, processes and procedures, result in the development of an IT governance framework.
Figure I illustrates the relationship between governance (what we do) and management (how we do it).

Figure I Governance-management interface
image
Would IT governance have helped Charles Babbage?
It is always hard to judge the value of something that has not been seen, let alone not even developed. If the representatives from the House of Commons had seen a working prototype of the Difference Engine, I doubt that they would have gauged the potential for such a device. Maybe this sounds a little harsh, but the comment is based on the difficulty experienced by Harrison demonstrating his longitude clock in 1762 to parliamentary representatives. However, let us suppose, though, that Babbage’s funders had had an understanding of IT governance. They would have had a sound decision-making model for working through the funding issues. They would have understood the need to resource his project and, in return for funding, they would have set him some reasonable goals so that they could easily monitor his progress.
Is IT governance still an issue today?
Yes, it is! When we published the first international IT service management standard in 2005, there were still many IT teams making live changes to their production environment and now, eight years and a new version of ITIL on, we have seen a huge increase in service management maturity in organisations. By the time you read this book, IT governance issues might be a thing of the past … but they are certainly abundant as I am writing today. A casual Google search on ‘IT project disasters’ has just brought back 219 million hits. Partly this is a reflection on how many major projects have an IT element, but it is also shows how the IT element is often overlooked or misunderstood. As we move through this book we will be exploring case study IT governance disasters that range from tragedies through to comedies, and we will pick out the lessons learned so that we can protect your organisation from IT death and IT ridicule.
1 HISTORY OF CORPORATE GOVERNANCE
I believe that, before you can fully appreciate the need for the corporate governance of IT, you need to have an appreciation of corporate governance. There is often confusion around what is meant by corporate governance, and I have heard colleagues talk about organisations where ‘no corporate governance is in place’. However, if the organisation is running well, making a profit – or at least not making a loss and meeting compliance requirements in the way of tax and other legal obligations – then it must surely have some form of governance in place?
The purpose of this chapter is to look at the history of corporate governance and to establish that it is not a twentieth-century whim and fancy brought about by questionable financial practices and stock market crashes. Rather, corporate governance is the considered good practice of capable and inspired leaders going back to ancient times. For example, Emperor Tang Taizong created a dynasty of prosperity and productivity that surpassed all others in culture, economy, agriculture and transportation. Taizong ruled from 626 until 649 and his governance was deemed the Confucian ideal – he was a highly intelligent and ethical ruler. He appointed able ministers, kept close relationships with his advisors, took heed to criticisms and led a frugal life. The people who lived under the governance regime of Taizong enjoyed harmony and prosperity whilst the surrounding nations suffered from chaos, division and corruption. He understood the importance of involving his people in governance decisions,
The emperor depends on the state, but the state depends on its people. When one oppresses the people, so that it only serves the ruler, then it is like one is ripping out someone’s flesh in order to fill that person’s stomach. His stomach is satisfied, but his body is injured: The ruler may then be richer, but his state is destroyed. Taizong
(Wu Song 2008)
Too many IT projects thunder ahead without thought for the user who will have to retrain or rethink the way they do their everyday work tasks. Oppression is a strong word to use in this context, but it is certainly possible to upset a stakeholder community through poor IT governance.
His reputation as an erudite political leader stretched well beyond the borders of China. Whilst the surrounding nations suffered from chaos, division and corruption, the people of China enjoyed peace and prosperity.
Just over a hundred years later, we have the example of Darius I of Persia (c.549 bc–486/485 bc, Emperor of Persia 521 bc–486/485 bc). It is particularly interesting to see the progress made by Darius in his reign, and the order in which he accomplished his achievements:
  • First, he sorted out outstanding wars, battles, onslaughts.
  • Second, he introduced a system of governance.
  • Third, he kicked off some large infrastructure projects.
  • Fourth, he initiated and developed economic and trading alliances.
  • And finally, he extended the empire overseas.
It is useful to take some tips from Darius’s thinking – to make sure there are no outstanding battles across the organisation before you embark on the IT governance work, and to delay the major infrastructure projects until the decision-making framework, policies and processes are established. It is also interesting to ponder on the fact that an organisation with good governance practices in place is in a good position to consider building strong external alliances – and maybe even consider major acquisitions.
Like many CIOs and IT directors, Darius was a surprise appointment – assisted by a team of Persian nobles, he killed the usurper to the throne. The rulers of the eastern provinces saw this as an opportunity to regain some ground, but Darius managed to put down the resulting rebellions. The authority of Darius was thus established. An interesting lesson here is that the rebellious forces within the organisation need to be quelled, and the authority of the CIO/IT director recognised, before effective governance can take place. Darius was a great politician and governor. He revised the Persian administration system and the legal code in an attempt to eliminate bad and corrupt business practices. The lesson here is to tidy up any vendor and internal service level agreements, before embarking on a strategic planning phase. It is unlikely that you will find any corrupt practices, but you might need to address some ambiguities and reset some customer and supplier expectations.
Darius is famous in history, though, not as a law reformer or a great military campaigner, but for his planning and organisational skills. In this he was the true successor to the great Cyrus, and a role model for Herodutus. He limited military campaigns to protecting the national frontiers, and made substantial military reforms to introduce conscription and to ensure his troops were well trained and paid. Internally, he divided the Persian Empire into 20 provinces, each governed by a satrap, who had responsibility for the development of regional laws and administration, and his peers, the financial and military commanders. Together, the three elements made up an executive team that reported directly to the king, who provided ample administrative assistance in the form of scribes – an early civil service. Every region was responsible for paying a gold or silver tribute to the emperor. The system served not only to collect tax to run the empire, but also to lessen the chance of another internal revolt. There are lessons here for the cross-organisational internal IT procurement spending.
Darius took on some ambitious infrastructure programmes during his reign – he built sturdy city walls around his new capital city, Persepolis, he dug a canal from the Nile to the Suez, and he commissioned an extensive and well serviced road network across the nation. The Persian Empire became the envy of it’s neighbours. Darius proved that, with the correct authority and processes in place, an organisation can embark on ambitious projects to provide it with a significant market advantage over its competitors.
Darius was also gifted as a great econ...

Table of contents