IT Governance

Business Value Accelerator

IT governance is a discipline that focuses on Information Technology systems and managing their performance as well as their risks. It also focuses on helping IT to align with the business and help utilize IT's resources to achieve the desired objectives.

IT governance is also about defining measures and controls to ensure that IT operations are compliant with certain standards, and/or frameworks.

IT Governance helps organizations decide the desired strategies and objectives to align with the business requirements, how to prioritize those strategies and objectives, how to justify the investment required, how to define and manage risks, how to decide on different levels of resources needed, what projects need to be executed and with which order, gather measurements and define controls to reflect the IT's conformance to the plans set, and / or to standards defined.

IT Governance Solutions helps organizations control and coordinate between the different pieces of work, compliance with internal policy or regulation, justification of spending and connecting with the needs of the customers, the organization and other stakeholders.

IT Governance Services and Solutions encompass the following:

  • Better customer satisfaction
  • Application Management
  • Network Management
  • Operations Management
  • Services Management
  • Identity Management
  • Client Life Cycle Management
  • Data Center Management

COBIT Overview

Successful organizations understand the benefits of information technology (IT) and use this knowledge to drive their shareholders' value. They recognize the critical dependence of many business processes on IT, the need to comply with increasing regulatory compliance demands and the benefits of managing risk effectively. To aid organizations in successfully meeting today's business challenges, ISACA has published version COBIT® 4.1.

COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.

COBIT 4.1 can be used to enhance work already done based upon earlier versions; it does not invalidate that previous work. When major activities are planned for IT governance initiatives, or when an overhaul of the enterprise control framework is anticipated, it is recommended to start fresh with the most recent version of COBIT.

IT Health Check

IT Health Check looks at how end users perceive the IT service they receive and the systems they use and also gauges the skills and the standards of those providing the service. In addition, it provides a methodology by which systems can be assessed in relation to business need. Based on the results of the health check a detailed action plan can be developed to address perceived and real ailments that are affecting IT functions.

The health check has been designed for use by non'IT managers, auditors and IT professionals and uses questionnaires and structured scorecards as part of a step by step guide for the health check practitioner.

The health check would be particularly beneficial to:

  • 1) Senior management who understand the need for a strong IT service, but feel that their current IT function is not delivering what is required
  • Internal auditors looking for a practical methodology that can be used to determine the general health of an IT function.
  • IT management who want a means of establishing end user views of the service(s) provided.

IT Services Management

IT Service providers can struggle to maintain high levels of service to their customers, particularly with the increasing diversity of technologies available. Often, too much time is spent working reactively with little time spent on planning, training, investigating and working with customers. At the same time these providers are also being asked for improved quality, lower costs and faster customer responses.
An integrated framework for delivering and managing IT services to the customer, can provide control, greater effectiveness and opportunities for improvement within the organization. ISO/IEC 20000 represents such a framework.


The Organizational Project Management Maturity Model or OPM3 is a globally recognized best-practice standard for assessing and developing capabilities in Portfolio Management, Prorgram Management, and Project Management. It was published by the company Project Management Institute Incorporated (PMI). OPM3 provides a method for organizations to understand their Organizational Project Management processes and measure their capabilities in preparation for improvement. OPM3 then helps organizations develop the roadmap that the company will follow to improve performance.


The Project Management Body of Knowledge (PMBOK) is a collection of processes and knowledge areas generally accepted as best practice within the project management discipline.

As an internationally recognised standard (IEEE Std 1490-2003) it provides the fundamentals of project management, irrespective of the type of project be it construction, software, engineering, automotive etc.

PMBOK recognises 5 basic process groups and 9 knowledge areas typical of almost all projects. The basic concepts are applicable to projects, programs and operations.

The five basic process groups are:

  • Initiating
  • Planning
  • Executing
  • Monitoring and Controlling
  • Closing

Processes overlap and interact throughout a project or phase.

Processes are described in terms of:

  • Inputs (documents, plans, designs, etc.)
  • Tools and Techniques (mechanisms applied to inputs)
  • Outputs (documents, products, etc.)

The nine knowledge areas are:

  • Project Integration Management
  • Project Scope Management
  • Project Time Management
  • Project Cost Management
  • Project Quality Management
  • Project Human Resource Management
  • Project Communications Management
  • Project Risk Management
  • Project Procurement Management

Each knowledge area contains some or all of the project management processes. For example, Project Procurement Management includes:

  • Procurement Planning
  • Solicitation Planning
  • Solicitation
  • Source Selection
  • Contract Administration
  • Contract Closeout

Much of PMBOK is unique to project management e.g. critical path and work breakdown structure (WBS). Some areas overlap with other management disciplines. General management also includes planning, organising, staffing, executing and controlling the operations of an organisation. Financial forecasting, organisational behaviour and planning techniques are also similar.

Project Management Office

The Project Management Office (PMO) in a business or professional enterprise is the department or group that defines and maintains the standards of process, generally related to project management, within the organization. The PMO strives to standardize and introduce economies of repetition in the execution of projects. The PMO is the source of documentation, guidance and metrics on the practice of project management and execution.

A good PMO will base project management principles on accepted, industry standard methodologies such as PMBOK or PRINCE2. Increasingly influential industry certification programs such as ISO9000 and the Malcolm Baldrige National Quality Award (MBNQA) as well as government regulatory requirements such as Sarbanes-Oxley have propelled organizations to standardize processes. Organizations around the globe are defining, borrowing and collecting best practices in process and project management and are increasingly assigning the PMO to exert overall influence and evolution of thought to continual organizational improvement.

90% of projects do not meet time/cost/quality targets. Only 9% of large, 16% of medium and 28% of small company projects were completed on time, within budget and delivered measurable business and stakeholder benefits. [Standish Group Chaos Report, 1995] There are many reasons for such failures. As per a KPMG survey of 252 organizations, technology is not the most critical factor. Inadequate project management implementation constitutes 32% of project failures, lack of communication constitutes 20% and unfamiliarity with scope and complexity constitutes 17%. Accordingly 69% of project failures are due to lack and/or improper implementation of project management methodologies.

IT Sourcing Strategy

Assessing, developing and implementing sourcing strategies are among the most important sources of synergy effects in IT. The various forms of sourcing ' outsourcing, out'tasking, offshoring etc. vs. insourcing or the shared service center ' must be structured in close context with the purchasing process within IT and with the process of partner development.

Important factors affecting decisions on sourcing strategy arise from the core competency strategy and the cost development targets. Cost cutting targets need not only be achieved through outsourcing. This can also be done via insourcing by improving processes and setting up a shared service center. What is important is the core competency strategy, i.e. the following questions must be answered: Which services differentiate our company from others on the market? And: Which IT services make these operations possible?

Horvath & Partners has a procedural model for bringing about and implementing sourcing decisions. As all types of sourcing require a certain amount of process maturity, an IT assessment is often very helpful for preparing sourcing decisions, as is IT benchmarking.
Regardless of whether outsourcing IT operations (application hosting), out'tasking, outsourcing application development (offshoring), application management or a shared service center concept are chosen, an appropriate service management organization must remain within the company. You can rely upon the renowned expertise of Horvath & Partners and our extens