IT Governance Focus Areas
Strategic alignment and strategic governance are key to ensuring the company fully exploits opportunities and manages risks in an evolving marketplace. According to the IT Governance Institute, there are five focus areas:

Strategic alignment
Link business and IT so they work well together. Typically, the lightning rod is the planning process, and true alignment occurs only when the corporate side of the business communicates effectively with line-of-business (LOB) leaders and IT leaders about costs and benefits.

value delivery
Make sure the IT department does what it takes to deliver the benefits of an IT investment. Best practice is to develop processes to ensure that target values ​​grow and those that reduce value are removed.

Resource management
One way to manage resources more effectively is the efficient organization of staff, for example by skills rather than by line of business. This allows a better distribution of personnel and better management of demand.

Risk management
Instituting a formal risk framework puts rigor around how IT measures, accepts, and manages risk, as well as reports what risks are managed.

performance measures
Structure business performance measurement. One popular approach is to institute an IT Balanced Scorecard (BSC), which examines where IT contributes in terms of achieving business goals. It uses qualitative and quantitative measures for measurement.

Governance challenges in outsourcing
In 2004, a survey by the IT Governance Institute (ITGI) revealed that the required levels of governance are not reliably extended to relationships when service provisioning is outsourced. It is no longer ownership of an organization’s capabilities that matters, but its ability to leverage and scale its outsourcing capabilities. The findings show that the benefits of outsourcing are not just related to price, but also to quality of service, risk management, and freeing up key personnel to focus on core value-added activities.

Chief Information Officers (CIOs) looking to outsource parts of the IT operation to outsiders abroad should take a hard look at their own processes to determine if they are mature and ready for the organization. The need to demonstrate IT’s contributions to a company’s bottom line. Additionally, increasing financial regulations such as Sarbanes Oxley (SOX) and Basel II are forcing CIOs to take a close look at the IT landscape. Consequently, agents also look to third-party assurances to provide their directors with peace of mind about their internal control environment.

Many service providers in India have implemented recommendations from NASSCOM, the leading organization that represents and sets the tone for public policy in the Indian software industry. Most organizations are aware of the potential problems that can arise from information security abuses. Many Indian companies have taken strict measures to prevent the misuse of information. NASSCOM has been encouraging the Indian legislature to pass amendments to information technology laws to broaden the focus areas of data protection. “The client has to do certain things and is responsible for certain things, and so are we.said Ed Nalbandian, vice president of Avaya Operations Services, a global provider of business communications solutions.

We will begin our discussion of frameworks with Statement on Auditing Standards (SAS) No. 70, the most widely used auditing standard.

SAS 70
SAS No. 70 (SAS 70 for short), an auditing standard developed by the American Institute of Certified Public Accountants (AICPA), acknowledges that an audit was performed by an “independent” auditor and that a service organization has passed by a separate process. in-depth evaluation of your control objectives. This is critical because organizations or service providers must demonstrate adequate controls and protection mechanisms in place, especially when hosting or processing customer data.

COBIT
Control Objectives for Information Technology (COBIT) is another popular process framework created by the Information Systems Audit and Control Association (ISACA). COBIT is both an IT governance framework and a set of supporting tools that enables managers to close governance gaps across the organization. This framework encompasses core business and support processes. COBIT is a framework to be applied by both the IT department and the business as a whole.

Val IT
Complementing COBIT is ISACA’s Val IT governance framework that demonstrates the business value derived from IT investments. It is a set of guiding principles, processes, best practices, and management practices to help executive management demonstrate the value of IT at the business level. This framework goes beyond finance to include portfolio management.

IT Infrastructure Library (ITIL)
Information Technology Infrastructure Library (ITIL) is a set of practices developed by the UK Office of Government Commerce (OGC) for IT service management (ITSM). ITIL version 3 (the most recent) aligns IT services with business strategy and provides a holistic perspective that covers all IT and support organizations.

Calder-Moir IT Governance Framework
Calder-Moir’s IT governance framework is designed to help you get the most benefit from overlapping frameworks and standards. This framework is not another solution, but rather a way of organizing IT governance issues. It offers tools that the board could apply to assess, direct and monitor processes through a PDCA (Plan, Do, Check, Act) cycle.

ARENA
This model for evaluating internal controls is from the Committee of Sponsoring Organizations of the Treadway Commission. It includes guidance on many functions, including human resource management, inbound and outbound logistics, external resources, information technology, risk, legal, business, marketing and sales, operations, all finance functions, procurement and reporting. This is a more general business framework that is less IT specific than the others.

CMMi
The Capability Maturity Model Integration method, created by a group of government, industry, and the Carnegie-Mellon Software Engineering Institute, is a process improvement approach that contains 22 process areas. It is divided into appraisal, evaluation and structure. CMMI is particularly suitable for organizations that need help with application development, life cycle issues, and improving product delivery throughout the life cycle.

Frame Selection
Choosing the best corporate governance framework for a company is a matter of finding the right balance to serve all the stakeholders in which the company operates. A good governance framework should be managed and overseen by an independent board of directors that oversees the implementation of a corporate vision. The directors are guided by a set of policies that govern business practices in all areas of operation.

Today, most companies choose COBIT or ITIL, but other frameworks are also suitable. ITIL is especially a good operations framework, while CMMi is suitable for application development and life cycle issues. COBIT is a great general framework for risk management.

Although each framework has a unique value proposition, combine frameworks to design a custom framework that fits an organization’s goals. A company can use COBIT as a general framework and ITIL for specific operations, CMMI for development, and ISO frameworks for security. In fact, the combination of frames is quite common. A PricewaterhouseCoopers study found that in 65 percent of cases, companies used COBIT and ITIL together or with lesser-known frameworks.

Specifically, outsourcing governance is a subset of IT governance and its primary focus is regulating the interface between the organization and its outsourced service provider. A crucial consideration when considering outsourcing governance is the close interrelationship between the internal and outsourced IT environment; focusing on the governance of IT outsourcing is invariably inappropriate. It must be considered within the context of IT governance as a whole.

Most importantly, a framework should be used that fits the corporate culture and with which most stakeholders are familiar.

putting them together
To transform great ideas into great project results, Strategic IT Governance is a must. “If the IT governance framework is not implemented correctly, it can directly affect how IT is perceived at a high level. The last thing you want is for IT to be perceived as a cost center that produces no real value.says Marios Damianides, former international president of ISACA and the IT Governance Institute, and currently a partner at Ernst & Young.

Good governance goes hand in hand with good execution. This means establishing a Project Management Office (PMO) and a Governing Board. For larger projects, a Program Manager should be appointed and be responsible for all issues and escalations. The PMO must periodically report progress to the board of directors.

Furthermore, the chosen Governance framework should not be too complicated or difficult to manage. The structure must be simple and easy to understand; the objectives must be clear and understood by all stakeholders. In short, outsourcing governance frameworks must be effective, productive and aligned with the strategic needs and requirements of the business. It is important to note that the Governance framework must be periodically revitalized to remain relevant to business objectives.

further reading

1. When to Divest Support Services by Petter Østbø, Tor Jakob Ramsøy, and Anders Rasmussen, Corporate Finance Practice, McKinsey Quarterly, July 2009
2. The Value of Outsourcing Legacy Insurance Products by Matthias Daub and Ferruccio Lagutaine, Business Technology Office, McKinsey Quarterly, December 2010
3. The Black Book of Outsourcing: How to Manage the Changes, Challenges, and Opportunities (Wiley Desktop Editions) by Douglas Brown and Scott Wilson (May 2, 2005)
4. Operational Excellence: The New Force Driving High Performance Through Outsourcing by Jeff Osborne, Managing Director, BPO Global Delivery, Accenture, 2010
5. The Outsourcing Firm: From Cost Management to Collaborative Innovation by Leslie P. Willcocks, Sara Cullen, and Andrew Craig. ISBN: 9780230231917, published October 14, 2010
6. Information Technology Strategy and Management: Best Practices (Primary Reference Source) by Eng K. Chew and Petter Gottschalk (November 26, 2008)
7. Building Better Governance for Offshore Services, Judith C. Simona, Robin S. Postona, and Bill Kettingera, Information Systems Management, Volume 26, Number 2, 2009; DOI:10.1080/10580530902794778
8. Frameworks of the Information Systems Audit and Control Association
9. Indian fortress? by Pete Engardio, Majeet Kripalani, and Josey Puliyenthurrthel, Business Week, August 2010. 16, 2004