Lines of Authority
- 09 October, 2002 10:15
- Comments
When Gil Lithgow joined CitiPower as CIO a little less than four years ago he quickly discovered how little formal IT governance was in place. Sure, the business was meant to put up a business case to justify each and every item of IT expenditure, but there were no checks or tests to show the so-called business benefits of any expenditure.
As a result, Lithgow discovered something like 170 projects that had either started or were slated to start, or that people were trying to get up and running by working on various different forms of justification. The actual business benefit to be gained from many of those projects was so minimal that Lithgow, the executive management team and their direct reports easily culled the number to just 36 projects. In the end, he reports, only 16 were ever done.
The organisation is not suffering a jot for all the culling. In fact, after spending $6.5 million and plenty of energy on building and implementing a rigorous IT governance model, Lithgow says CitiPower is achieving vastly better rigour, discipline and alignment. In each of the three years of the governance program so far CitiPower has consistently achieved everything it set out to achieve in IT, within the original budgets defined. A recent review by PricewaterhouseCoopers concluded that CitiPower has largely delivered on its vision and, as Lithgow says,"it's all been done because we've been quite rigid in following our governance model".
Governance, says Lithgow, is about getting the business to own all of what it does, as opposed to leaving IT with the techos - a recipe that in his opinion practically guarantees expensive outcomes.
Formalised Structures
Recognising that IT today is so critical to the success of the enterprise that it needs intensive oversight by the executive, many organisations see IT governance as the best route to assuring the twin aims of using IT to add value to the organisation and helping it achieve its goals. Governance can deliver valuable prescriptions about control, accountability, responsibility and authority, lay down rules and regulations, and delineate lines of authority.
The IT Governance Institute (www.itgovernance.org) says IT governance is a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes. The relationships are between management and its governing body. The processes cover setting objectives, giving direction on how to attain them and measuring performance. Effectively applied, governance can deliver vastly improved discipline in technology investment. And, to borrow a sporting analogy, it can help eliminate the need for the team captain - the CIO - to double up as umpire.
So far in many Australian organisations governance has been severely neglected, which is unfortunate - indeed tragic - since some analysts believe that a lack of IT governance has played a major part in the downfall of some leading companies, both here and in the US, over recent times.
"One thing that came out about the Ansett crash was that they really had very little good management information, despite having spent large quantities of money on IT," says Kerandan CEO Kate Behan, who organised an IT Governance session for the Australian Computer Society (ACS) last year."Ansett didn't have the same quality of information systems that airlines that have survived had, although admittedly they had a few other problems, like having their guts ripped out of them by corporate raiders.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Australia's first 4G smartphone is the HTC Velocity 4G
-
Swedish e-commerce startup's execs linked to NYC sex crime
-
Face Time - Interview with John Brennan and Robert DiStefano
-
How to implement next-generation storage infrastructure for Big Data
-
Pfizer's Future Depends on IT Transformation
-
10 Essential Steps to Email Security
Modern business is reliant on email. All organisations using email need to answer the following questions: How do we control spam volumes without the risk of trapping a business email? How do we prevent infections from email-borne viruses? How do we stop leakage of confidential information? Can we detect and stop exploitation from phishing attacks? How do we control brand damage from occurring due to employee misuse? How do we prevent inappropriate content from being circulated? -
Delivering Tomorrow's Backup and Recovery Infrastructure
The data protection market has changed considerably over the past decade. During this time, the market witnessed a fundamental shift away from relying solely on tape for backup and recovery to using disk-based backup solutions to address challenges including backup performance, reliability, and recovery time objectives. This paper highlights that firms evaluating next-generation data protection solutions must expect a greater degree of integration between the technology components in today's data protection path. -
Using Application Control to Reduce Risk with Endpoint Security
Unwanted applications, like games, result in productivity loss. This is often the primary consideration when applying application control. But unauthorized applications also increase your company’s risks of malware infection and data loss. This paper details how endpoint security solutions that incorporate application control provide the most efficient, comprehensive defense against unauthorized applications.
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Post new comment