IT governance is about ensuring that the organisation's resources are used the right way to create value while managing IT risks. The Val-T framework from the IT Governance Institute helps address these challenges. The four "Ares" are the core of Val-IT framework. This is a sound framework which helps organisations ensure IT efforts are aligned and IT continues to deliver value.
1) Are we doing the right things?
To quote Peter Drucker: "There is nothing so useless as doing efficiently that which should not be done at all". This is the question about should we be doing something at all. It ensures strategic alignment between business and IT. Is what we are trying to do fit with the organisations vision and strategy? Is it consistent with the business principles?
2) Are we doing them the right way?
This is the question about architecture and standards. Is what we are doing conform to the architecture and process?
3) Are we getting it done well?
This is the question about the execution. Do we have the disciplined delivery and change management processes? Do we have the right skilled resources and are we managing them well? How does our performance measure up to others? Are we effectively managing risks?
4) Are we getting the benefits?
This is a question about realising value from investments in IT/projects. Are we clear about the benefits? Do we have metrics? Is the accountability for the benefits clearly defines?
Characteristics of Good IT Governance
- IT investments and decisions are assessed in a manner similar to business investments and IT is managed as a strategic asset. This means there is top management participation in key IT decisions. There is board oversight of IT investments and executives are held accountable for realising benefits.
- IT is essential part of corporate planning and strategic planning. IT understands the business dynamics and contributes to the development of business strategy, which is interlinked to IT strategy. IT and business work together to identify opportunities.
- Top IT risks are considered within the enterprise risk management framework. Risks such as data protection, IT security and business continuity receive periodic board oversight.
- IT performance is regularly measured and compared with peers and best practice.
- How decisions are made and why, is well understood and outcomes are clearly and formally communicated to the stakeholders. Formal exception processes are established and promote transparency as well as allowing organisational learning.