At the annual itSMF Finland conference in Helsinki on
October 2nd, I asked the opening keynote speaker, Frans Westerlund,
CIO at Fiskars Corporation, about the attitude of the Fiskars board members
with respect to IT. He said that he considered himself very lucky because the
board members had a good understanding of IT and how to deal with it. He
explained that many of them had learnt the hard way that you need to treat IT
seriously in order to prevent disasters and ensure a good return on investment.
He also mentioned being fortunate to be a permanent board member, instead of
being invited to a board meeting just to report about IT, and often being the
last and least important item on the agenda. I believe that it’s useful to
distinguish between three scenarios:
Board on board
The Fiskars scenario is pretty
much ideal, in which the board is conscious of the need to take ownership and
is competent to govern IT. Unfortunately this is not often the case, as Frans
intimated with his remarks about being lucky.
Lost at sea
The doom scenario at the other
end of the spectrum is of course the unconscious/incompetent combination.
Attempts by the CIO to ‘sell’ the governance role to the board have fallen on
deaf ears, and only a (near) disaster will get the message across. The CIO and
his or her team will just have to play a defensive game in damage control mode
until the climate changes.
Waving, not drowning
A more promising scenario is when
the board is conscious of the importance of IT and is managing but struggling
with their governance capabilities. This is probably the ideal situation to
play the BRM card. Not that you shouldn’t deploy Business Relationship
Management in the other two scenarios, but you’ll probably get the most return
in terms of capability growth.
According to the BRM Institute, Business Relationship
Management is not only a role ‘Business Relationship Manager’ but also an organizational
capability in the sense that many roles contribute to BRM, particularly the
customer-facing ones such as those tasked with service desk and service level
management. The Business Relationship Manager fulfils the role of an expert
trusted advisor who has sufficient expertise in key business domains to be
able to communicate the costs, the business value, and the risks of services in
clear, specific, and meaningful terms using the language the business partner
understands. The Business Relationship Manager is completely transparent
about the costs, benefits (business value and ROI), and risks of a service. It
is the Business Relationship Manager’s job to make sure that both the business
partner and the service provider have complete clarity. Finally the Business
Relationship Manager practices informed leadership, engaging from the
moment the business strategy is formulated to shape its implications on the IT
service delivery, overseeing its execution, and planning the next improved
iteration. The Business Relationship Manager understands the business and
service dynamics well enough to foresee and guide rather than be pushed around
by changes.
CIO’s who recognize this opportunity to demonstrate their
collaborative value are well-advised to invest in this strategic role. An
important precondition is that ‘IT-as-usual’ is under control before you start
talking about the strategic use of IT. If so, carefully select somebody who
will serve as the strategic interface between the provider and one or more business
partners to stimulate, surface, and shape demand for the provider’s products
and services and ensure that the potential business value from those products
and services is defined, realized, optimized, and recognized. Consider not only
the technical proficiencies but in particular the relational competences and
personal fit with the business partners.
Various standards and frameworks provide board level guidance,
amongst which:
ISO/IEC 38500:2008
The international standard for
Governance of IT sets the scene for the board’s role by providing a principles
for evaluating, directing and monitoring the use of IT in their organization. ISO
38500 assures stakeholders (including consumers, shareholders, and employees)
that, if the standard is followed, they can have confidence in the
organization’s corporate governance of IT. It also informs and guides directors
in governing the use of IT in their organization and provides a basis for
objective evaluation of the corporate governance of IT.
COBIT® 5
The COBIT framework helps
enterprises create optimal value from IT by maintaining a balance between
realising benefits and optimising risk levels and resource use. In particular, COBIT’s
Goals Cascade is useful in translating
strategic business goals into concrete goals for IT-related enablers.
ITIL® 2011
The ITIL framework is referred to
by COBIT for more detailed guidance for the supplier of IT services. This
guidance spans service operations to service strategy, and at the strategic
level, the service portfolio represents the commitments and investments made,
and the related value, outcomes, costs and risks.
BiSL®
Similarly, COBIT also refers to
BiSL. This framework provides guidance from operations to strategy for both information
management and demand and use of IT services, complementing ITIL’s supply-oriented
guidance. At the strategic level, policies regarding data ownership and
strategic use of information – e.g. Big Data and Social Media – are board level
topics.
With the exception of ISO 38500, board members are not expected
to understand these frameworks but the BIO and the Business Relationship
Manager will make use of this guidance in their board level interactions. The board
should foster a culture in which business and IT share the same table and have
a joint vision. The board should also encourage effective behaviour. Examples
of effective behaviour are that the business takes the lead by specifying and
prioritizing desired outcomes from IT investments, and trusts IT to propose
options for solutions. IT then communicates the various solutions in terms of the
associated benefits, costs and risks, in order that the business can take
well-informed decisions.
COBIT is a registered trademark of ISACA.
ITIL is a registered trademark of AXELOS Ltd.
BiSL is a registered trademark of the ASL BiSL Foundation.
No comments:
Post a Comment