IT Governance: Maximizing the Business Investment
Written By: Neil Stolovitsky
Published On: December 13 2005
Information technology (IT) management and chief information officers (CIO) share a common goal to maximize the value of their IT investments. Achieving this requires a strong foothold on the multiple projects taking place at any given time. Identifying risk, resource utilization, and earned value with a portfolio of IT projects necessitates the implementation and adoption of standards processes to track and respond to any "red flags" that may appear. This is accomplished by establishing IT governance, where a structure of relationships and processes will direct and control an organization in order to achieve its goals to add value and to balance risk. Moreover, the standards and processes put in place can assist organizations with compliance issues surrounding the Sarbanes-Oxley Act (SOX) and other governance standards (Organizational Project Management Maturity Model [OPM3], Capability Maturity Model Integration [CMMI], Information Technology Infrastructure Library [ITIL], etc.).
In light of the increasing interest in IT governance, numerous project portfolio management (PPM) vendors have directed their focus on addressing the pain points expressed by internal IT departments. With the inherent functionalities of portfolio analysis, budget/cost controls, risk analysis, and audit trails found in PPM software, many PPM vendors have recognized the value they provide to the challenge of putting in place an IT governance framework.
PPM's Place within IT Governance
A number of today's PPM vendors originally were established in response to the lack of available tools addressing the needs of internal IT departments. With the onset of professional services automation (PSA), these tools eventually extended their functionality to address professional services organizations. As the PSA industry matured, major enterprise resource planning (ERP) players entered the billable services space. In turn, a number of best-of-breed vendors, weaker in the area of financials, repositioned their offering by focusing their efforts on functionality for internal IT departments in resource planning and portfolio management. Thus, a number of vendors have adopted the IT governance mantra to differentiate their best-of breed functionality from the integrated PPM solutions offered by the ERP industry.
Vendors such as Computer Associate's Niku, ProSight, Pacific Edge, Augeo Software, PlanView, and Mercury Interactive, among others, recognize the value of positioning themselves as niche vendors in IT governance. In response to the strong billing and project accounting functionality offered by ERP and accounting vendors, these best-of-breed PPM vendors have focused their marketing efforts on IT governance to strengthen their offering.
Defining IT Governance
The differences between success and failure in today's high technology environment, for many organizations, are based on the IT governance framework they adopt. IT governance recognizes that information technology is what drives today's businesses. Implementing a framework of best practices to support and to efficiently run an organization's IT infrastructure facilitates an IT department's efforts to effectively carry out its objectives, while closely monitoring any bottlenecks along the way.
There are numerous vendor neutral governance frameworks that have been widely adopted by large IT departments. The most widely recognized and adopted for IT governance are Control Objectives for Information and Related Technology (CobiT) and ITIL:
CobiT is a best practices framework developed by the IT Governance Institute (ITGI). CobiT's best practices focus on the control and measurability of IT. Tools are provided to assess and measure all aspects of IT within the thirty-four identified CobiT processes. Increasingly, CobiT standards are adopted as best practices in the governance of information, IT, and risk. For CobiT, the purpose of IT governance is to ensure that IT's performance meets the following objectives.
- For IT to be aligned with the enterprise and to realize the promised benefits
- For IT to enable the enterprise by exploiting opportunities and maximizing benefits
- For IT resources to be used responsibly
- For IT-related risks to be managed appropriately
(See http://www.itgi.org, Board Briefing on IT Governance, Second Edition.)
ITIL is a set of best practices documents and standards originally developed by the UK Government of Commerce, and directed at IT service management. ITIL is organized into a series of best practices referring to service support, service delivery, planning to implement service management, information and communications technology (ICT) infrastructure management, applications management, and the business perspective (see http://www.itil-itsm-world.com/what.htm).
When SOX compliance is added to the above, many internal IT departments are left with the challenge of juggling US regulatory compliance, the standardization of service delivery and planning (with ITIL), and the control and auditing of financials (with CobiT).
PPM's Role in IT Governance
By nature, internal IT departments are project-centric. Consequently, the tools implemented to manage projects and their operational realities play a central role in the governance of all IT activities. PPM vendors have seized the opportunity to address this growing area of IT governance. PPM tools provide IT organizations with the ability to implement governance strategies while ensuring that the processes in place are adhered to by all relevant parties. PPM tools contribute to IT governance by providing the following core components.
- Portfolio planning and selection allows vendors to align their IT processes with strict controls on the planning of projects within the context of the portfolio. Risk, cost, and benefit analysis, as well as whatif scenario reports, contribute to the IT governance adage of maximizing return on investment (ROI).
- Executing best practices provides flexible resource utilization, project planning, time tracking, collaboration, and business intelligence functionality in line with best practice methodologies outlined by an IT department's governance framework.
- Assessment of performance and cost allows IT organizations to evaluate the true cost and benefit that a portfolio of projects contributes to the future incorporation of best practices and standard processes put in place. Portfolio analysis, project accounting, and real time system tracking of works, projects, and cost facilitate IT organizations' ability to measure compliance with internal policies, as well as external compliance regulation (such as SOX).
These components ensure that from inception to planning, execution, and post-assessment of projects, an IT organization's governance framework is in line with its business objectives from a cost and benefit perspective.
PPM Software Vendors
With many PPM vendors focusing their attention on IT governance, here are some vendors to consider when searching for a solution to model an organization's governance framework (a future article will provide more in-depth coverage of these vendors).
Computer Associate's (formerly Niku) Clarity product incorporates strong resource planning and financial management functionality with top-down portfolio analysis capabilities. Sophisticated real time capture and control of financials make Niku a strong candidate for regulatory compliance (e.g., SOX). Also, its robust resource planning module provides extensive resource management capabilities to support sophisticated IT governance policies. As one of the originators of PPM, Niku is a serious contender for organizations looking for extensive functionality to support their IT governance framework.
ProSight's portfolio management software's real strength lies in PPM and compliance for the government sector. ProSight's focus on government agencies help IT departments comply with a number of government-specific compliance regulations, such as Section 508 of the US Rehabilitation Act, the Federal Information Security Management Act (FISMA), privacy compliance, the Clinger-Cohen Act (CCA), and the Government Performance and Results Act (GPRA), to name a few. A good number of their clients are US federal government agencies.
Pacific Edge offers a different approach to IT governance by providing its maturity-based Accelerators solution, which allows organizations to incorporate their governance framework in a staged manner. Pacific Edge offers three stages of accelerators with the initiation and visibility of IT governance, the maturity of the execution of a governance framework, and the investment focus of project portfolios. These IT governance stages are priced and packaged to grow with an organization.
Augeo Software offers a PPM solution that is strong in tracking a high number of short term projects that need to comply with an organization's IT governance framework. Augeo 5 is strong in supporting many projects in multiple locations by using project templates and accurately tracking financials and resource utilization. Known for its strong resource planning capabilities, Augeo has attracted large multinational organizations in pharmaceutical, automotive, media, government, high technology, and financial services, especially in Europe.
PlanView's IT governance solution, PRISMS, offers its own best practices process maturity model based on PlanView's functionality. PRISMS provides the ability to measure performance and actuals, analyze and document decisions, execute changes efficiently, and monitor service deliveries with key performance indicators. In addition, PRISMS offers continuous improvement processes, allowing an organization to adapt to new best practices for IT governance. Supporting many of the top companies in the financial and insurance industries has made PlanView a strong vendor to consider for IT governance in those sectors.
Mercury Interactive provides IT Governance Center, where dashboard technology integrates all major components of demands, portfolios, programs, projects, resources, financials, and application changes for real time visibility of project portfolios. Mercury's IT Governance Center tracks all demands made from IT and allows an organization to adapt to the major processes and project control frameworks, such as Six Sigma, CobiT, and ITIL. Known for its testing tools, service level management (SLM), and focus on application management, Mercury is an important vendor to consider for IT governance frameworks covering SLM and application development (e.g., Six Sigma and CMMI), as well as regulatory compliance (e.g., Health Insurance Portability and Accountability Act [HIPAA] and SOX).
Compuware, whose Changepoint's original focus was primarily on the professional services space, has repositioned its offering (since its acquisition in 2004) as a direct competitor to Mercury in the application development sector. Its extended functionality with SLM and application management makes it a strong contender for IT governance and regulatory compliance in the application development space. In addition, Compuware is one of the only vendors to offer a complete solution in the professional services automation space.
Primavera's IT Project Office solution allows the flexible deployment of an IT governance framework. Putting governance into practice, Primavera provides real time dashboard, workflow, and collaboration capabilities. It offers reusable templates and workflows to quickly deploy an IT governance framework for various types of projects. As the largest independent PPM solution in the marketplace, with an install base of over 60,000 companies in 164 countries, Primavera offers a very mature product.
IBM Rational Portfolio Manager (formerly Systemcorp's PMOffice product) has the benefit of being used by IBM Global Services. It also offers integration with Tivoli, allowing support of the ITIL governance framework. As part of the IBM Rational product line, IBM Rational Portfolio Manager is a strong contender to Mercury interactive in the areas of application development, software testing, and quality control.
When searching for the appropriate PPM solution to adapt to an organization's governance framework, a vendor's experience in a particular vertical market should be noted. Each industry has unique governance and compliance issues, and a vendor's experience in those industries will most likely provide more adaptable or pre-configured solutions that will greatly reduce the total cost of ownership. In addition, IT organizations that are in the initial stages of defining their IT governance framework will benefit from a vendor's past experience in their market.
For IT organizations that need additional guidance with defining and implementing their IT governance framework, vendors like PlanView, Pacific Edge, and to some extent Mercury Interactive (with their IT Governance Center), are worthwhile to consider for the more integrated approach to IT governance. These vendors offer more of a "hand holding" approach to IT governance, as some vendors incorporate a proprietary governance framework, as well as having extensive documentation and services to support an organization through the process.