Helpful Tips
Get to the information you want quicker by selecting a category name or a popular tag.

What ROI does the CIO provide the business?  What is the next step for the CIO?  What is the evolutionary development path for IT?  All of these are daunting questions to which many have opinions and thoughts.  So, let me give my two cents.  Business and IT Alignment is necessary.  The CIO must play a significant role in this, not to mention develop beyond the role that he/she has been fulfilling for the last few decades within business and organizational constructs. In so doing, the elements of risk management, due diligence, and efficiency reverberate throughout most of the comments and thoughts that are going through your head at this very instant.  Not to mention the ironic and funny coincidence that a Chief Information Officer and a Chief Investment Officer both share the same acronym and, albeit abstract, similar function.

IT Governance is due diligence that must occur within any organization. Ironically, any business unit would be remiss if they did not have governance of some sort, so why is IT any different. Secondarily, there are legal concerns which mandate it (Gramm-Leach-Bliley, Basel, etc.). Thus, there is a ROI on IT Governance in terms of corporate litigation and financial penalties associated with lack of compliance.  The CIO is chiefly responsible and accountable for IT Governance!

Efficiency cannot be maintained without IT Governance. Every business objective can substantively be boiled down to a few basic demands in some form or fashion (in no particular order):

  • efficiency
  • simplicity
  • agility
  • cost
  • rigor
  • results
  • security

 To affect change on one of these demands, Governance plays a part in order to reproduce the desired outcome consistently. Governance takes the ‘adhoc’ out of the process and maintains standards, structures, and accountability. Additionally, those programs which fall into Governance are much larger than the individual silos of infrastructure, applications, and facilities which are all linked to user experience. You cannot alter one without directly and indirectly effecting the others.  For instance, employing server virtualization to reduce cost adversely effects simplicity (more than one OS to administer), efficiency (more / different processes in provisioning), results (generally more capacity required for redundancy), and so forth.

Business Continuity is not an IT Governance element; it is a Business Governance element which is supported by Disaster Recovery that is an IT Governance element. Thus, IT Governance is not only necessary but is a cost of doing business. It certainly is encompassed in risk management as well.

Risk Management, fundamentally, is about taking a position on a risk in three potential ways:

  1. acceptance
  2. assignment
  3. mitigation

Thus, IT Governance and ultimately a CIO has a ROI in risk management. Is it easy to generalize or put in generic terms across industries? No. It is absolutely simple to explain that for every vulnerability exposed by a risk there is a fiduciary cost to the organization. Some are very tangible such as a fine for non-compliance. Some are more abstract such as the waste of resources in the event of corrupt data.

Nonetheless, IT Governance is absolutely essential regardless of frameworks (ITIL, COBIT, ISO, COSO, etc.). Frameworks simply provide a foundation from which to start and customize to the needs of the business. Business governance is fundamental and not IT specific, so the evolution of the CIO into a relevant business leader is paramount with governance as a support platform for that transformation.

Leave a Reply

You must be logged in to post a comment.