16 May 2006

IT governance and IT processes

By Andrew Clifford

Current IT governance frameworks such as COBIT focus on IT's internal processes. Governance can be made even more effective by including metrics structured around systems.

At Metrici, we have been comparing our system governance approach with COBIT, which is probably the most widely adopted framework for IT governance.

COBIT is very broad, and system governance is not a replacement, but complementary. Our Metrici Advisor product can be used to capture, analyse and report on many of the key metrics that COBIT uses.

But there is a difference in emphasis between COBIT and system governance. COBIT is arranged around IT's internal processes, and system governance is arranged around systems.

The focus on process is absolutely appropriate to ensure that the IT function works effectively. But an exclusively process-based approach has drawbacks.

System governance redresses this balance. It focuses on the outcome of IT processes, as shown in the capabilities and qualities of the systems. It does not require a high degree of process maturity. It directly suggests where to act. And it makes sense outside IT because it presents IT issues structured around systems that are familiar to the broader organisation.

System governance still allows you to view measures by process. But an exclusively process-based approach does not allow you to view measures by system because the underlying facts are not gathered per system.

If you use a process-based framework like COBIT, consider using system governance within it. This will help you distinguish between externally significant outcomes and internal working practices. It will help you make the figures relevant and understandable outside IT. Our comparison found that 60% of COBIT's key metrics relate to systems and can be captured, analysed and presented using a system governance approach. (Of the remainder, 20% are general IT-business relationship measures, and 20% are measures of internal IT practices.)

If you do not use a governance framework, you can use system governance anyway. Unlike COBIT, it does not aim to give you control and assurance of IT's internal processes. But it will give you many of the same measures you need to manage IT effectively, at a fraction of the cost of a full process-based governance framework.