Six steps to optimize IT governance

A a guest blogger from ISACA, the organization that offers COBIT, offers tips.

When it comes to IT governance, the benefits are obvious: IT is aligned with the business and everyone is happier. But good governance is harder than herding cats. These six steps for success are written by a guest blogger from ISACA, the organization that offers COBIT.  But they'll work no matter what governance framework you choose.

Microsoft Subnet previously wrote about Microsoft's efforts to help its customers adopt IT governance best practices, in the form of the Microsoft Operations Framework, newly revised in June. In particular, Microsoft is trying to show how its technologies meld into established governance frameworks like COBIT. To that end, in July, Redmond licensed a free IT governance library from ISACA, a global user association serving 86,000 IT professionals and known for its governance frameworks, COBIT, Val IT and Risk IT. Today, we offer advice on applying the framework, written by guest blogger Brian Barnier, a principal at ValueBridge Advisors and an ISACA volunteer leader who helped write some of its guidelines.

Six Steps to Success:

  1. Begin at the beginning. Benchmark your systems so you can compare what you are producing to business needs and establish priorities.
  2. Benchmarking is the start of the conversation. The benchmark is done to compare to business needs, not only for better analysis, but also to engage business line leaders in a conversation with priorities. This conversation is crucial to more meaningful analysis of risk to the business and building a case to improve.
  3. Simplify with standards, frameworks and best processes. Don’t waste time and money building your own processes for change, security, recovery or project management. Even if your own standard is better when first rolled out, most organizations lack the resources to maintain them. You'll also lack a common language when it comes time to discuss with auditors, or interconnect with a customer or supply chain partner. Of course, you'll want to tailor them to your environment. But resources are available even for that. ISACA has a large library of framework mappings.
  4. Simplify IT complexity. Simplifying your governance is one thing, but you'll also need to simplify your operations. This means a more homogeneous IT environment and likely includes — network clean-up, server consolidation, storage optimization and more.
  5. Gain efficiency with training. Training helps people understand both what to do (as in best practices) and how to do it better. Systematic training is one of the benefits enterprises seek when they outsource, but you can gain this efficiency in-house. Certifications help by giving you access to standardized materials (especially those aligned with specific best practices) and improve your ability to communicate with external parties, including customers, partners and auditors.
  6. Gain efficiency with tools. This is a huge opportunity to cut cost and improve outcomes. Tools include both 1) monitoring tools such as business service management or access controls monitoring, and 2) operational tools such as storage management software. The monitoring tools work best when they support COBIT controls and/or ITIL processes— saving you more time and effort and demonstrating your business value.

Once you have your initial processes in place, you'll want to continue to improve and revise on them. By using quarterly health checks you'll see continual improvement at three levels:  1) The actual business decisions regarding IT, 2) the governance process for making that happen, and 3) the operational process that delivers results.

Applying these steps will help you more smoothly implement IT governance but there's another bonus. Good IT governance is good for your career. Research in risk management suggests that leaders who perceived as taking the right actions will be viewed more favorably by their peers.

About the guest blogger:

Brian Barnier is a principal at ValueBridge Advisors, focused on getting more return, with less risk, from business technology. He is also an ISACA volunteer leader, where he helped created the new Risk IT framework and serves on committees for professional improvement and education programs.

Posted by Microsoft Subnet editor Julie Bort

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Follow Microsoft Subnet on Twitter

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10