Information Technology Reference
In-Depth Information
board, and the management. Weill and Broadbent
(Weill 1998) established a model that allows to
implement mechanisms for IT to deliver value
to the business.
IT portfolio management has been seen as a key
technique to align IT investments with the business
strategy (Kaplan 2005; Maizlish 2005). Although
this technique includes and develops elements
of investment optimization, do not guarantee the
real value delivery to the business. This fact is
complemented with another aspect, that Weill and
Broadbent called dilution of impact (Weill 1998):
the value that IT investment are delivering to the
business can be clearly identified on the lower
level, this is at the IT infrastructure level; but this
value is diluting when it comes to measure it from
the business indicators perspective.
The problem is so difficult that should be treated
on a framework. The IT Governance Institute
has developed the Val IT framework (now on its
second version (ITGovernanceInstitute 2008a),
that consider not only the portfolio management
but key elements as the business case.
The problem persists, and its now based in
identifying best practices, not only about IT plan-
ning, IT portfolio management and IT budgeting
and controlling, but also more intangible elements
such as relationship management and IT com-
munication management (d'Information 2005).
aspects such as security, compliance, etc. Elieson
(Elieson 2006) did a comprehensive comparison
of them, and make a set of recommendations from
the perspective of the IT Governance Institute and
its publications.
The first attempt to define a framework for
IT risk management is done by Westerman and
Hunter (G. Westerman 2007), with the approach
of the 4As (availability, access, accuracy, agility).
Also, more recently, the release of the IT Risk
Framework draft for the IT Governance Institute
(Institute 2009) adds an attempt to introduce
another framework for this discipline.
It is clear that the management of the risk
of IT must start at the top of the organization.
Risk is a matter of the whole organization, and
understanding the risk appetite of the different
stakeholders is the beginning, but it is also im-
portant to implement a risk based culture on the
organization (G. Westerman 2007), in a way that
every person must be proactive in identifying,
analyzing and reporting risks.
resource Management
Resource management is another element asso-
ciated to IT governance (ITGovernanceInstitute
2007). Resources are considered applications,
information, infrastructure, and people, and should
be managed according with the business (and IT)
strategy, in order to provide the maximum value.
The current literature points to the portfolio
management (Kaplan 2005; Maizlish 2005) for
the efficient management of resources in order to
deliver the needed capabilities. But the manage-
ment of competencies is another area in which it
is necessary to insist. It is important to align hu-
man resources with the business and IT strategy;
especially in the IT area this is a must.
risk Management
Corporate risk is another discipline inherent to
corporate management. Initially associated to
the management of financial and physical lost, it
has become now, with the Enron, Worldcom and
other scandals, on a discipline that has to manage
risk at (and from) the board level, shareholders
and executive management (CIMA 2003). The
board of management should create the adequate
organizational structures, as well as the appropri-
ate risk environment, for the management of risk.
From the IT point of view, there are some frame-
works and standards that cover risk regarding with
organizational structures
The need to define or adequate organizational
structures to implement IT governance is pointed
Search WWH ::
Custom Search