IT Governance

    0
    1045
    views

    Yesterday (2/20/06), Everett Johnson, President of IT Governance Institute, Deloitte & Touche, gave a fantasic Microsoft Executive Circle webcast on IT governance. (You should be able to register to listen to or watch a replay at
    http://www.microsoft.com/events/EventDetails.aspx?CMTYSvcSource=MSCOMMedia&Params=%7eCMTYDataSvcParams%5e%7earg+Name%3d%22ID%22+Value%3d%221032290261%22%2f%5e%7earg+Name%3d%22ProviderID%22+Value%3d%22A6B43178-497C-4225-BA42-DF595171F04C%22%2f%5e%7earg+Name%3d%22lang%22+Value%3d%22en%22%2f%5e%7earg+Name%3d%22cr%22+Value%3d%22US%22%2f%5e%7esParams%5e%7e%2fsParams%5e%7e%2fCMTYDataSvcParams%5e, but if that doesn’t work, just find it at http://www.microsoft.com/webcasts.)


    Johnson, a CPA, is a retired partner with Deloitte & Touche where he served as director for the company’s computer assurance service and its enterprise risk services practice. He has more than 40 years of experience in audit, control, and security and currently serves as president of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).


    During his presentation (worth the replay), Mr. Johnson explained that IT governance has five components: strategic alignment, value delivery, resource management, risk management, and performance management. He also provided URLs to several useful resources, including these:



    During the Q&A session, I asked him several questions related to outsourcing. How can outsourced operations be integrated into an organization’s IT governance? In general, are any of the leading Indian outsourcing firms (Tata, Infosys, for example) ramping up both on their own IT governance as well as IT governance performed on behalf of their clients? Also, does CMMI cover IT governance? 


    His reply was that, ideally, these details should be specified in the contract. He admitted, though, that they rarely are. Often, he said, there’s just an audit clause.


    He also noted that, based on his organization’s forthcoming survey, it’s usually organizations that have healthy, well-run IT shops that are most likely to outsource some of their tasks. You can’t outsource problems effectively, he observed.


    Bottom line message for anyone considering outsourcing (my take on Mr. Johnson’s presentation): Think about your organization’s IT governance and try to weave it into service provider contract – and partnership.