Tuesday, May 12, 2009

Taking the risk out of IT Risk and Governance

,Do IT Risk and Governance measures really help organizations to avoid IT Project failures?

To coin a phrase used by a fellow Twitterer “No process at all is better than a bad process”.

So how many resources, either dollars or human, do organizations invest in establishing IT risk and Governance frameworks? How much time is spent administering, managing and monitoring these processes and what is an organization’s ROI for their IT governance investment?

For all of the above, most organizations would probably respond “Too much”!

It is surprising to find that many large organizations and government bodies that claim to have or would be required by stakeholders to have stringent IT Risk and Governance frameworks still have rogue, run-away or failed IT projects. The following are some of the many examples of organizations and government bodies who experienced the chaos of rogue IT projects:

If an organization’s IT risk umbrella covers IT governance with a comprehensive IT risk portfolio, then how do organizations still get lumbered with runaway and failed IT Projects?

An underlying cause is that IT Risk and Governance frameworks are focused almost exclusively on the “tangibles” of the organization and the direct outcomes of projects giving insufficient attention to the important “soft” intangibles of their organization. This is most critical at the crucial “pre-investment” IT decision making and process planning phase when identifying and determining how to achieve these project outcomes needs to take place.

IT governance will take into account the amount of human and financial resources required for the project and an IT risk portfolio will monitor IT projects, IT service continuity, service providers, information assets, new and emergent technologies, software applications and infrastructure to ensure they are integrated with management, the business benefits and their alignment with strategy.

As critical as these governance and risk measures are to the success of an IT Project, they will fail to deliver if left to act in isolation. Simply put, IT risk and governance measures do not address the internal psycho-analytical aspects of an organization, including its decision making process. Nor do they analyze the “What”, “Why”, “Who”, “When” “Where” and “How” decisions needed in investing in or undertaking IT projects.

These key decisions are fundamental to organizations in determining whether projects will succeed or not and are the foundations and key drivers for determining IT project success. They must therefore be diligently made by C-level executives and senior management *before* projects commence.

In short, all of these key decisions are uncovered and addressed when applying Corporate Profiling to an organization before initiating an IT Project.

Indeed, Corporate Profiling can assist organizations in achieving their expected ROI and other benefits from their IT and Risk Governance processes in delivering IT projects.

“Nothing and nobody fails as badly as when undertaking something that someone else has failed to plan” (Sarah Jane Runge).

Kind regards
Sarah Jane Runge