CIOs will face many challenges in 2003. They must improve ROI, increase service levels, and enhance security-all while maintaining flat budgets and headcount.

How can CIOs meet these objectives while still living with current restrictions? By fundamentally changing how the IT department is run by implementing IT governance. It's a buzzword you'll hear a lot about this year. Here's why this new concept could be exactly what you've been looking for to improve processes without increased funds.

Defining IT governance

At its most basic level, IT governance is the set of policies, processes, and procedures that support everything else that IT does. Some disciplines that make up IT governance are change management, problem management, release management, availability management, and service-level management.

IT governance isn't sexy like the latest technology innovation, and no one is selling IT governance with hundred-million-dollar marketing budgets. Yet IT governance is at least as important as any piece of infrastructure or any application--perhaps more so in an environment where the CIO has to do more with less.

The need for IT governance

Thanks to enterprise applications, e-business, and Y2K, IT organisations were in constant fire-fighting mode from 1995 through 2000. The emphasis was on speed of implementation--even if this meant cutting corners or compromising on quality. This resulted in problems such as missed project deadlines, cost overruns, unanticipated downtime, and security lapses.

IT governance is meant to address and correct these bad habits. It's based on high-quality, well-defined, and repeatable processes. At a more detailed level, governance outlines policies, highlights procedures, requires meticulous documentation, and establishes a plan for constant improvement.

Models in place

There are several well-established IT governance models. The most popular is the IT Infrastructure Library (ITIL), which was formulated by the Central Computing and Telecommunications Agency (CCTA) for the UK government and is now owned by the Office of Government Commerce (OGC). ITIL has widespread support in Europe but is also gaining popularity in North America. ITIL defines a set of best practices in 24 disciplines.

Another established IT governance framework is the Control Objectives for Information and Related Technology (CobiT). CobiT was created to align IT resources and processes with business objectives, quality standards, monetary controls, and security needs. CobiT is composed of four domains:

• Planning and organisation
• Acquisition and implementation
• Delivery and support
• Monitoring

Each of these domains has a series of subdomains that fill in the details.

The ROI can be high

Many organisations have embraced ITIL and CobiT and have achieved measurable success. Proctor & Gamble adopted the ITIL model in 1997 and claims that through ITIL it has saved more than US$500 million over four years.

A study of the savings within Procter & Gamble's finance and accounting IT departments showed a six percent to eight percent cut in operating costs and a reduction in technology staff of between 15 percent and 20 percent.

Morton Cohen, Proctor & Gamble's manager of global service management, said, "When IT processes are done by 5000 people consistently across one company, service management can deliver tremendous savings."

Improving service

CobiT has its share of success stories as well. The state of Kansas uses CobiT standards as part of its virtual government strategy to keep costs low and deliver consistent service to its customers and constituents. Dell Computer includes CobiT best practices as part of its Control Self Assessment (CSA) corporate policy, a set of auditing checks and balances that helps the company maintain its high quality.

Establishing IT governance

These impressive results from well-respected organisations are clear indicators that IT governance can pay off. But sometimes starting can be the toughest step to take. Here are three tips on proceeding with IT governance:

• Focus on the biggest weaknesses. Implementing the entire ITIL or CobiT model would be overwhelming for any IT shop. Instead, start with the biggest pain point. For example, if your IT organisation is having trouble supporting a large distributed organisation, do what Ontario did and execute the ITIL help-desk processes. Work through the training, organizational changes, and implementation challenges in one area as a learning experience, then move on to other problem areas. Remember to benchmark the current environment before you begin the IT governance effort so you can measure progress over time.

• Get buy-in from executive management and the IT staff. Although IT governance is designed to improve efficiency and business responsiveness, it does involve some formal process changes that may introduce formality and friction in the organisation. Senior executives must lead the transition by rallying the company and communicating that any short-term changes are an investment for long-term benefits for the entire organisation. The CIO must get the troops behind the effort through compensation changes, where IT bonuses are based on overall metric improvements and budget reductions. Once IT governance standards are in place, experts say you can expect to see positive results in six months.

• Reach out for help. ITIL best practice volumes cost only US$90 to US$150 each, and they're worthwhile to seek out help with baselining, training, and process creation. Hewlett-Packard has a long history of ITIL excellence, while IBM Global Services has also established an IT governance practice. Local specialists such as Pink Elephant in Canada and Treadstone71 in New England are also IT governance experts.

Start now on the path to big rewards

CIOs can't continue to try to maintain the status quo when they are on the hook to improve results while decreasing staff and overall spending.

IT governance standards such as ITIL and CobiT obviously can help lower costs while improving service. Proctor & Gamble, the government of Ontario, the state of Kansas, and Dell Computer, and others have seen measurable improvements by establishing IT governance. That's why CIOs should start small and grow, get corporate and IT buy-in, and find service partners to start the governance process.

TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to fire walls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.

©2001 TechRepublic, Inc.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.