Cognizant 20-20 Insights

Maximizing Business Value Through Effective IT Governance

Implementing a holistic IT governance model not only helps IT deliver business value but also advances confidence with business.
Executive Summary
Business is getting only more IT intensive, and IT is getting more complex. Some of the factors contributing to this increased complexity include: expansion of business processes and models requiring greater IT involvement, adoption of emerging technologies such as the SMAC StackTM (social-mobile-analytics-cloud) to drive business innovation, coordination with multiple business and technology partners across various geographies and a greater focus on regulatory and audit compliance to meet industry and corporate standards. Maximizing value from IT investments has always been an imperative for business. From our experience, more than 50% of todays IT investments are wasted or fail to deliver returns to the business. With the increase in complexity, the cost of IT failure has become all the more significant. For IT investments to deliver business value in todays complex landscape, IT must: Therefore, effective IT governance must be a top item in the CIO agenda in order to maximize ITs contribution to business value. Based on our experience with one of the largest U.S. insurers (see sidebar), the key benefits of implementing an IT governance model include:

Strategic

alignment, resulting in increased business partner satisfaction in the order of 15% to 20%. project prioritization, leading to reduction of IT budget by 8% to 10%. ment, lowering the total cost of IT ownership by 10% to 15%. quality of IT output, resulting in a reduction in IT control issues by 50%.

Enhanced value delivery, driven by improved

Improved performance and resource manage Better

Be more tightly aligned with business objectives

than ever before. ational.

Our experience of working with Fortune 1000 clients suggests that CIOs need to focus on the following five key imperatives while implementing a successful IT governance model (see Figure 1): 1. Align IT governance with corporate governance and business objectives. 2. Define IT governance objectives1 around strategic alignment, value delivery, risk management, resource management and performance management.

Carefully control risks, both strategic and oper More effectively manage IT assets. Continuously improve IT performance.

cognizant 20-20 insights | may 2013

3. Establish holistic governance across disciplines spanning the entire IT value chain: IT strategy, architecture, project and portfolio, application lifecycle, infrastructure and data, vendor and sourcing, service lifecycle and modern SMAC technologies. 4. Identify the appropriate IT governance control practices2 to help achieve IT governance objectives. 5. Establish continuous tracking, monitoring and improvement of the IT governance model. Subsequently, this paper details the five key imperatives for designing an IT governance model.

For example, aligning IT risk management with corporate risk management practices, and aligning IT security standards with corporate security policies, drive consistency and compliance across the organization. Similarly, IT governance aligned with business objectives, such as achieving greater return on investments and reducing business risks, helps deliver business benefits. Define IT Governance Objectives Around Strategic Alignment, Value Delivery, Risk Management, Resource Management and Performance Management

IT governance objectives should be defined along the following dimensions:

Designing an IT Governance Model

The five key imperatives that underscore an effective IT governance model include:

Strategic Value Risk

alignment: Align IT strategy with business strategy, and ensure advancement of business priorities. delivery: Maximize value of IT investments. management: Identify and mitigate IT risks in a timely manner. appropriate IT resources to meet current as well as projected business demand.

Align IT Governance with Corporate Governance and Business Objectives

CIOs should focus on this to improve transparency for corporate management, and to ensure business objectives are realized.

Resource management: Ensure availability of

Achieving Effective IT Governance

Business Strategies and Objectives

Corporate e Governance
Set Direction

Risk and Compliance Office

Information Security Office

Align Strategically

Align IT governance with corporate governance and business objectives.

IT Governance
2
Dene IT governance objectives around strategic alignment, value delivery, risk management, resource management and performance management. Continuous Improvement

IT Governance Objectives
Strategic Alignment Value Delivery Risk Management Resource Management Performance Management

IT Governance Disciplines
IT Strategy Governance Architecture Governance Project and Portfolio Governance Service Lifecycle Governance Application Lifecycle Governance New Age Technology Governance

Establish holistic governance across governance disciplines spanning the entire IT value chain.

Infrastructure & Data Governance

Vendor and Sourcing Governance

Identify the appropriate IT governance control practices to help achieve the IT governance objective. Establish continuous tracking, monitoring and improvement of the IT governance model.

IT Governance Control Practices

Governance Committee/Body Governance Initiatives/ Meetings Documentation Controls/ Repositories Approvals/ Control Checks

Continuous Improvement

Figure 1

cognizant 20-20 insights

 Performance management: Monitor IT performance effectively. In our experience, the above-mentioned objectives are relevant for all IT functions and disciplines.

typical benefits and impacts we have seen when implementing IT governance for clients across various industry sectors. Identify the Appropriate IT Governance Control Practices to Help Achieve IT Governance Objectives

Establish Holistic Governance Across Disciplines Spanning the Entire IT Value Chain

The IT governance model should focus on establishing oversight and control across all key IT governance disciplines. Figure 2 illustrates the

Based on our experience, in order to establish the right level of governance, organizations should define measurable IT governance control practices aligned with the IT governance

Eight Disciplines for Effective IT Governance

IT Governance Discipline 1 IT Strategy Governance: Ensure alignment of IT investments with business priorities, and tracking, monitoring and improvement of business-IT engagement. Architecture Governance: Promote standardization in the application and technology portfolio and drive alignment of solution architecture to overall technology and reference architecture. Project & Portfolio Governance: Govern sequencing of the project portfolio to maximize operating efficiency, and enable identification and mitigation of project portfolio risks. Typical Benefits and Impacts Strategic Alignment: 10% to 15% improvement based on enhanced perception of value from IT. Value Delivery: Enhancement in overall value from IT through better management of IT investments. Performance Management and Resource Management: 15% to 20% increase in level of architecture reuse. Risk Management: 5% to 10% fewer risks through reuse of timetested architectural components. Strategic Alignment: 10% to 15% improvement based on enhanced value from the project portfolio. Performance Management and Resource Management: 10% to 15% improvement in project quality through peer reviews, phase reviews and project review board governance. 15% to 20% improvement in on-budget delivery of projects. Performance Management and Resource Management: 10% to 15% cost avoidance through maintenance of an optimal application portfolio. Performance Management and Resource Management: Reduction in overall infrastructure costs and data/information security costs through improved controls. Risk Management: 5% to 10% fewer risks through leverage of standardized infrastructure components. Performance Management: Improvement in quality of vendor services through better measurement, tracking and driving uplift of vendor performance. Resource Management: 20% to 25% reduction in average vendor onboarding time and effort. Risk Management: 10% to 20% reduction in vendor-related risks. Performance Management: 20% to 35% reduction in number of unauthorized changes in the production environment.

Application Lifecycle Governance: Control key facets of introduction, management and sunsetting of applications. Infrastructure and Data Governance: Optimize technology infrastructure costs and establish controls over organizational information assets. Vendor and Sourcing Governance: Ensure services provided by vendors deliver adequate business value, and reduce the business risk associated with nonperforming vendors.

Service Lifecycle Governance: Minimize or eliminate unauthorized changes into production environments, and maintain service and operational levels that promote business-IT alignment. New Age Technology Governance: Improve IT operating efficiency by adopting new age technologies, and minimize any risks associated with the same.

Performance Management and Resource Management: 20% to 25% improvement in operating efficiency post steady state.

Note: Indicated impacts are based on our experience with clients with a moderate level of organizational maturity. Figure 2

cognizant 20-20 insights

objectives for each of the eight IT governance disciplines (see Figure 3). They include:

repositories for establishing IT governance controls (e.g., a vendor information repository).

Governance bodies/committees: Control body

Approvals

or committee to help mandate compliance with IT governance objectives (e.g., an architecture review board). meetings and surveys: Formal meetings/established surveys to monitor and track compliance with IT governance objectives (e.g., business satisfaction survey). controls and repositories: Mandating documentation or storage in central

and control checks: Adequate approvals and process checks to ensure compliance with IT governance objectives (e.g., UAT signoff before production implementation).

Governance

Establish Continuous Tracking, Monitoring and Improvement of the IT Governance Model

Documentation

In order to derive maximum benefits from IT governance, organizations should treat it as an ongoing priority (i.e., ensure continuous improve-

Illustrative IT Governance Model

IT Governance Discipline
IT Strategy Governance Architecture Governance

IT Governance Model Strategic Alignment

Periodic business partner review. Annual application portfolio planning and technology roadmap definition. Project change control board to review and approve all changes. Business requirements document reviewed and signed-off by customer. Annual infrastructure planning. Annual site visits for strategic vendors. Service Management Office to track and improve SLA adherence. Independent cloud risk council.

Value Delivery
Investment prioritization committee. Promote architectural component reuse.

Risk Management
Formal business case for funding. Architecture Review Board (project-wise review of the solution architecture). Independent project risk review.

Resource Management
Annual headcount planning. Periodic technology roadmap refresh leading to application rationalization. Weekly resource change control meetings.

Performance Management
Formal business case to measure project success. Total cost of ownership reporting.

Project and Portfolio Governance

Periodic portfolio sequencing.

Periodic project metrics tracking and reporting.

Application Lifecycle Governance

Lifecycle tailoring criteria for various work effort types. Data quality management center of excellence. Semiannual vendor satisfaction survey. Incident resolution trend reporting.

Project Review Project team to Board to approve support operations phase exits. team during warranty support phase for all projects. Periodic capacity and availability reporting. Quarterly business review with strategic vendors. Change Advisory Board authorization of production releases. Mobility security audits. Capacity plans fed into the annual budget. Contracted staff policies and procedures. Periodic and planned baselines/ checkpoints established for configuration items. Application-centric cloud resource accounting.

Peer review efficiency reporting.

Infrastructure and Data Governance Vendor and Sourcing Governance Service Lifecycle Governance

Tool-based infrastructure monitoring. Semiannual vendor performance reviews. Measure and report customer satisfaction with service desk.

New Age Technology Governance

Tool-based social media policy.

Big data performance analytics.

Governance Committee/Body Figure 3

Governance Meeting/Survey

Documentation Control/Repository

Approvals/Control Checks

cognizant 20-20 insights

ments in IT governance practices to adapt to changing business and IT environments). To ensure success of the implemented IT governance model, organizations should focus on continuous planning, monitoring and improvement of the IT governance model. In our experience, along with the CIO and senior IT leadership team, the IT audit and control team should drive continuous improvements to IT governance models with appropriate participation from IT area owners.

processes and infrastructure to support the governance model. To realize benefits from implementing the IT governance model, the CIO and senior IT leadership team need to invest in instilling a deep-rooted IT governance culture through effective communication, training sessions for continuous reinforcement and appropriate incentives for better compliance. Additionally, CIOs should mandate IT functional owners to include IT governance as an integral element of their processes, and leverage governance controls in decision-making. Organizations also need to continuously invest in improving the IT governance model in response to ever-changing business and IT needs.

Looking Ahead
Implementing a successful IT governance model has never been easy. Typical challenges range from facilitating organizational change management for greater adoption, to developing

Quick Take
Implementing Effective IT Governance for a Leading U.S. Insurer Challenge
The IT group of one of the largest U.S.-based insurers was faced with several governance issues such as suboptimal technology planning, inadequate return on IT investment, increase in the external audit issues, etc. The new CIO wanted to establish an effective IT governance model to alleviate the aforementioned IT risks/issues. Toward this objective, the CIO, along with the corporate team, engaged our business consulting team to leverage our expertise in setting up an effective IT governance model.

>> An architecture review board to provide architecture guidance.

>> A

project review board to govern project phase exits. improve SLA adherence.

>> A service management office to track and >> An IT audit and control team to lead the
Benefits
The benefits achieved by implementing a best-inclass IT governance model included: implementation of IT governance practices and also drive continuous improvement.

Model
Our business consulting team engaged with the clients business and IT stakeholders to recommend an optimal IT governance model. It included:

Strategic alignment: Roughly a 15% to 20%

increase in business partner satisfaction.

An IT governance framework that addressed

various IT governance disciplines mentioned above.

Value

delivery: Approximately 8% to 10% decrease in the IT budget through effective project prioritization, thereby increasing the overall value of IT investments. management and resource management: About a 10% to 15% reduction in total cost of ownership through effective technology planning. management: A 50% year-on-year reduction in IT control issues.

>> Governance

practices which called for a dedicated business relationship management (BRM) function to conduct business partner reviews. IT capabilities with business priorities. prioritize IT investments.

Performance

>> A three-year technology roadmap to align >> A project prioritization committee to help
cognizant 20-20 insights

Risk

Footnotes
1 2

IT governance objectives are the stated governance purposes to be achieved for an IT process. IT governance control practices are the actionable activities to achieve an IT governance objective.

Reference

http://www.isaca.org/cobit/pages/default.aspx.
About the Authors
Philippe Dintrans is the Vice President and Practice Leader of Cognizant Business Consultings Strategic Services Group for North America. He has led numerous consulting engagements on business transformation, IT transformation and change management for marquee clients at Cognizant. Philippe holds a master of science degree in engineering from the Massachusetts Institute of Technology (MIT) and an M.B.A. from INSEAD. He can be reached at Philippe.Dintrans@cognizant.com. Amit Anand is a Director with Cognizant Business Consultings Strategic Services Practice. He has 12-plus years of experience in leading and managing large IT transformation and governance implementation initiatives for various clients. Amit holds a bachelors degree from IIT Delhi and an M.B.A. from the Indian School of Business, Hyderabad. He can be reached at Amit.Anand@cognizant.com. Madhusudan Ponnuveetil is an Engagement Manager with Cognizant Business Consultings Strategic Services Practice. He has nine years of experience in leading IT performance and process improvement initiatives, IT governance framework definition and implementation and change management. Madhu holds an M.B.A. from Asian Institute of Management, Philippines, and a bachelors degree in engineering from MSRIT, India. He can be reached at Madhusudan.Ponnuveetil@cognizant.com. Jayadevan Vijayakrishnan is a Senior Consultant with Cognizant Business Consultings Strategic Services Practice, with seven years of industry experience. His specific areas of expertise include IT performance and process improvements, IT organization and operating model redesign and IT strategy development. Jayadevan holds a bachelors degree in computer science engineering and an M.B.A. from the Indian Institute of Management, Bangalore. He can be reached at Jayadevan.Vijayakrishnan@cognizant.com.

About Cognizant
Cognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process outsourcing services, dedicated to helping the worlds leading companies build stronger businesses. Headquartered in Teaneck, New Jersey (U.S.), Cognizant combines a passion for client satisfaction, technology innovation, deep industry and business process expertise, and a global, collaborative workforce that embodies the future of work. With over 50 delivery centers worldwide and approximately 156,700 employees as of December 31, 2012, Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world. Visit us online at www.cognizant.com or follow us on Twitter: Cognizant.

World Headquarters
500 Frank W. Burr Blvd. Teaneck, NJ 07666 USA Phone: +1 201 801 0233 Fax: +1 201 801 0243 Toll Free: +1 888 937 3277 Email: inquiry@cognizant.com

European Headquarters
1 Kingdom Street Paddington Central London W2 6BD Phone: +44 (0) 20 7297 7600 Fax: +44 (0) 20 7121 0102 Email: infouk@cognizant.com

India Operations Headquarters

#5/535, Old Mahabalipuram Road Okkiyam Pettai, Thoraipakkam Chennai, 600 096 India Phone: +91 (0) 44 4209 6000 Fax: +91 (0) 44 4209 6060 Email: inquiryindia@cognizant.com

Copyright 2013, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners.