In the first article of this series we introduced IT Governance in general, some of its history and some of the regulations that compel us to embrace it. We’ve acknowledged that it is, for many of us, an unpopular necessity. But we’ve also seen the golden promise of good that can come from it. In the second article we talked about some of the specific legislation, their common underlying IT Governance requirements, the two widely accepted frameworks for guidance and how that guidance specifically deals in controls. We talked about what controls are, and how there are preventive and detective controls, as well as manual and automated controls. And we have posited a persuasive argument for why automated controls are better. In many cases the automated controls require a greater initial effort, while the benefits are reaped over time. Because of this, companies often opt for manual controls initially. That initial period can stretch out to eternity, and end up being costly. The reality is that while it is probably necessary to take things one step at a time, it is important to have a plan for the next step and to stay motivated. That motivation can come from having a clear of understanding of what can be gained by implementing automated controls and overall IT Governance. Even if there were no direct, tangible return on investment, having good practices in IT governance is still a good idea. We can all agree on the long-term, perhaps less direct, tangible or financially obvious benefits of a more productive, responsive and transparent IT infrastructure. But SHOW ME THE MONEY!, right? There is real money to be found in this effort – savings, efficiencies. Actual, calculable financial benefit. A couple of examples found in a Tech Republic article:
- Proctor & Gamble US$500m over 4 years, savings.
Morton Cohen, P&G manager of global service management, said, “When IT processes are done by 5000 people consistently across one company, service management can deliver tremendous savings.” - Ontario, Canada government – by adopting ITIL, the government created a virtual service desk that not only improved response time and reduced trouble tickets but also decreased support costs by 40 percent.
- Dell Computer includes CobiT best practices as part of its Control Self Assessment (CSA) corporate policy, a set of auditing checks and balances that helps the company maintain its high quality.
So what holds us back? The number one thing is that we – as IT professionals – are already stretched pretty thin. And we don’t know where to start.And if we can get started, how do we get a clear roadmap of how to get where we are trying to go in manageable steps?And we don’t know how to measure the benefit if we did gain any.
<more to follow>