• United States

Managing IT like a business

Jul 05, 20044 mins
Data Center

* Resources for those looking to manage IT and comply with regulations

IT governance and compliance issues are making lots of heads spin these days – for both vendors and IT executives. As corporate ethics scandals made headlines, everyone scrambled to demonstrate the kind of accountability for IT that is needed in all aspects of the business.

The trouble is that nobody knows what it means to “govern IT” or “ensure compliance,” at least not in any absolute way.

Service-level management (SLM) and all forms of IT service management have long been about connecting IT to business goals and objectives. IT governance goes significantly beyond this basic goal. In governing IT, managers must now look at things that have traditionally fallen into the purview of the financial executive. Some of these areas include:

* Risk management – protecting all types of IT investments.

* Real-time financial reporting – providing information reflecting IT costs of services and performance, on demand.

* Auditing and audit trails – maintaining a record of all types of transactions and activities relevant to the management of IT.

* Workflow and process standardization – improving the structure of business processes that are strategic to the firm, most of which involve IT.

* Cost analysis – tracking investments in capital and operational expenses, the success of projects related to these expenses, and returns or losses that resulted.

These activities must then be combined with more traditional IT activities that now have much greater visibility, such as:

* Data integrity – verifying that business-critical databases are valid.

* Security – protecting the company from intrusions and other security breaches.

* Change and configuration management – Understanding what changes have been made to assets and configurations, documenting those changes, and recording the reasons for the changes.

Some of these requirements overlap with those of traditional IT management, but for the most part, the accountability and level of scrutiny is much more far-reaching than most technology professionals are accustomed to dealing with.

The industry as a whole is searching for structure and guidance. One place to look is the Sarbanes-Oxley Act of 2002, which spells out heightened standards for responsible corporate governance. This legislation places stringent requirements on financial reporting for U.S. public companies with market capitalization exceeding $75 million. Some sections of this legislation are suggestive of support that is needed from the IT infrastructure. Similarly, aspects of the guidelines of the Federal Accounting Standards Board (FASB) require a great deal of support from IT.

From a best practices standpoint, the IT Governance Institute has defined Control Objectives for Information and related Technology (COBIT) to assist in standardizing for the industry a bridge to communications between auditors, IT staffers, and business executives. These guidelines are largely oriented towards the needs of the business. Plus, there is a role for the Information Technology Infrastructure Library (ITIL), a set of best practices for managing IT services. ITIL’s value is that it offers a structured, consistent approach for IT delivery and support of services to support a company’s operational and strategic initiatives.

Like SLM, these ideas and concepts can be quite daunting. IT professionals are looking to understand the real requirements that pertain to their own business models. Many will use some of the resources mentioned above to define their own program. The most successful of those organizations look for a simpler way to get started and then grow from that base. Enterprise Management Associates sees the ultimate driver of requirements for IT governance to be IT and executive management. Best practices will continue to evolve, and most companies will adopt those practices that best fit their business needs.

Are you implementing IT governance strategies in your own environment? How successful have they been? To what extent are you connecting IT service management to IT governance? Let us know what you think about this subject at