Today up to 90% of all corporate processes are automated which means that the enterprise is more than ever dependent on its IT systems. In fact, many business workflows are actually embedded in, and dictated by systems like ERP brought in to support the business, making corporate best practice application-dependent. Because of this, CIOs are under increasing pressure to provide business and IT leadership and demonstrate best-practice IT governance, including price/performance efficiencies and solid ROI, in order to build confidence among stakeholders.

Achieving best-practice

Best practice IT governance can only be assessed within the context of industry-wide standards. Such components as the enterprise workflow, IT infrastructure, applications, support services and sourcing strategies (both in-house and external suppliers) need to be assessed and then compared with market norms and peer organisations of a similar size and IT infrastructure, after which performance improvement programmes (PIP) can be implemented using industry-standard like ITIL (Information Technology Infrastructure Library), which is a set of concepts and practices for managing IT services. However, implementing a PIP involves multiple challenges.

There is the understandable reluctance to invest in new programmes when belt-tightening – even if it promises longer-term cost efficiencies. The second challenge is perceptual. Some CIOs see performance measurement as a heavy stick imposed by above and a threat to the IT function. “If YOU can’t deliver service at £80 per business transaction then we‘ll outsource. The third challenge is getting access peer and market data that is both current and accurate, is one of the most difficult tasks of all.

The power of positive feedback

While performance measurements can shine a light on weaknesses it also confirms strengths. And because facts don’t lie, independent findings tend to be given more credence and can be a powerful tool to win respect or gain stakeholder acceptance for change programmes. Positive feedback can also have a profound effect on staff. As IT systems become more mission-critical, workload increases and there is less tolerance for failure. This can produce a general feeling of insecurity which a ‘thumbs-up’ can dispel, improving morale and creating the resilience needed to embrace improvements and set new performance targets.

To give an example, in a recent project with a large pharmaceutical client, we asked IT management to score its performance across a number of areas including the infrastructure, application (ERP) and user support. They were pleasantly surprised when an external benchmark study placed them in the top 10 percentile against peers, resulting in an increased IT investment and innovation.

Sourcing & pricing models

Sourcing is a significant component of IT governance and is fraught with risks, both known and unknown. Difficult, and sometimes political, decisions include: opting for an internal or external service; choosing appropriate cost structures for internal customers; and correctly weighing up the pros and cons of various charging models such as charging to the central IT budget or individual business units.


An informed decision depends on having actual, comparative market data rather than generalised and anecdotal information or guesswork. A fact-based approach means decisions can be made according to the relative value of internally or externally sourced service components such as SAP, data storage, the help desk, etc, which can deliver a best IT sourcing strategy.

Today, all organisations outsource at least some IT activities. Prior to approaching the market, however, the smart CIO first benchmarks the process or service so ascertain its ROI value and whether there is a business case. This provides two benefits: a clear scope and a realistic budget to present the intending outsourcing provider.

This preparation guarantees the contract will contain robust governance processes such as transparent pricing and service level agreements and performance rewards or penalties. It should also specify routine price/performance reviews. These contractual provisions minimise risk and while providing a fair playing field to both service provider and recipient.

Given the average IT organisation has multiple service providers, this can result in huge complexity within the co-ordination, delivery, relationship management and governance of internal or external services. Well-documented governance processes will eliminate potential gaps and overlaps between outsourcers and internal resources within this multi-sourced environment.

Closing the performance gap

When faced with a performance gap, CIOs often try and take on board all ITIL processes and practices at once, which is seldom feasible for even the largest and most mature IT operation. Far better to prioritise, say, the top three to five practices, either by risk/business impact, by opportunity/ reward, or some combination of both. Another good approach is to achieve a quick win in a highly visible customer-facing service such as desktop (service desk) support. This will provide momentum and confidence to take on bigger, more complex and difficult topics like configuration management and change management.

Managing continual change

Change management is one of the most difficult aspects of IT governance, largely because of its dynamic nature. Every minute something is changing, whether it’s swopping out a router, adding storage, changing a card or adding/deleting a user. The challenge is to manage all these changes without disrupting the business or the user.

A software patch must be added in, say, the manufacturing unit without causing customer support or accounts receivable systems, which worked ten minutes ago, to suddenly crash with potentially serious upstream or downstream consequences. Good IT governance mandates well documented and robust, risk-based change management processes, associated measurement analysis and governance structures will minimise the risk of disruption from these changes.

IT Governance health indicators

Fifteen years ago technologies like the internet and email were not business critical for most organisations and even it the entire IT infrastructure went down for a day, most business processes could carry on, albeit more slowly. Nowadays an hour without IT support may cripple the business.

Also, today’s IT users are more likely to be computer-literate and thus more demanding of service providers whether internal and external. Pre-recession, price and performance were unlikely to be scrutinised at a micro level. Nowadays every IT service and expenditure is under the microscope and even a small efficiency saving can determine the survival of the company – and it’s CIO.

Good IT governance is not just a competitive business differentiator, it enables IT heads to attract further investment and management support. So what does all this tell us? It indicates that a deep scrutiny of IT performance is here to stay, based on risk profile and business benefits delivered, and measured against best practice (qualitative) and competitive market norms (quantitative). To CIOs wondering about the health of their IT governance, there are three major questions: Are my IT support services and processes documented? Are they independently measured? Are they competitive?  If the answer to all three is ‘Yes’, you’re in good shape!  

Dee Carri is a director of Torque Management  and Paul Michaels is CEO of ImprovI

Dee was a former Director of Consulting at Gartner UK and former CIO of Elan Corporation Plc. She is founder and director of Torque Management, a consultancy that specialises in Business Process Management, Quality, IT Governance and IT best practice.

Paul Michaels, a Gartner alumnus, is CEO of ImprovIT, a leading UK-based technology and business consultancy