IT governance reminds me a bit of energy-conscious data center strategies. Lots of folks are talking about these concepts. While many companies buy into them -- at least on paper -- they are far from common practices in the real world.
For instance, a recent PricewaterhouseCoopers survey found that while more than 50 percent of IT executives are aware of the Control Objectives for Information and Related Technology (COBIT), only 16 percent of companies had adopted the best practices framework.
Like "green" data centers, the biggest challenge involved with IT governance is asking folks to change deeply ingrained behavior patterns. As Robert Stroud, international vice president of the IT Governance Institute, told me in an interview last week:
We are replacing ad-hoc, minimally controlled processes -- usually without clear or good metrics -- with sound processes that are utilized for investment selection, monitoring and measuring. So in essence, the key issues are ones of cultural change as we implement organizational accountability and responsibility based on sound metrics.
Management must "set the tone at the top for change," says Stroud, and the more structured the process, the better. Project portfolio management products -- which automate project identification, selection and implementation, then monitor to the production environment -- can help companies achieve the latter goal.
This standard process moves the organization to consider value as a key determinate when implementing business-enabled change and then can be linked to operational metrics once in the production environment in the second phase and so on. Now this structure of process demands that the process is used and is a change for many organizations from their currently non- or semi-structured process.
Imposing structure on IT processes can seem daunting, says Stroud. But the need for governance is greater now than ever, because IT has effectively migrated from the back office to the front office. Few if any business activities are not affected by IT -- and the impact is increasingly visible to end users.
Though I have learned a fair amount about the IT Infrastructure Library (ITIL) over the past year or so -- thanks largely to a new version of the framework released over the summer -- I was not as familiar with COBIT. I was acutely aware of this in my interview with Stroud, a COBIT proponent.
So I was pleased to see an informative overview at CIOUpdate. According to the overview, COBIT outlines 34 high-level objectives that are contained in four broad categories: planning and organization, acquisition and implementation, delivery and support, and monitoring and evaluation.
Like Stroud, the authors of the overview stress the importance of dealing upfront with anticipated cultural change and resistance to COBIT. It's one of seven smart steps they recommend for the assessment and planning stage. Two of the others: Map business drivers against process areas to determine relative importance to the business. When creating a roadmap, balance priorities against anticipated ROI.
Also handy is the advice gleaned from the authors' list of four characteristics common to successful adopters of COBIT and other best-practices frameworks: