Decision Bodies and Escalation
Establish IT governance bodies, defining their composition, scope, and decision rights, stating their role in complying with regulatory obligations, and setting out protocols for escalation between them and their organizational units.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Decision Bodies and Escalation at each level of maturity.
- 1Initial
- Practice
- Rely on the best endeavours of available personnel.
- 2Basic
- Practice
- Establish project working groups for important IT projects.
- Outcome
- Important projects have a basic governance model.
- Metric
- % of IT projects that have a governance model.
- Practice
- Establish basic escalation processes to manage IT failures in key areas of the organization.
- Outcome
- An approach to managing failures is starting to emerge.
- Metrics
- % of areas that have an IT failure escalation process in place.
- Time taken to resolve an IT failure.
- Practice
- Establish basic structures (e.g. IT forums) for communication with the user community, and encourage IT management to report periodically and formally to a level below the CEO.
- Outcome
- IT matters are on the agenda of the executive board on a scheduled periodic basis.
- Metric
- # of levels within the organization to which IT reports.
- 3Intermediate
- Practices
- Establish an IT steering committee, predominantly staffed by IT team members, to oversee all important IT decisions and monitor performance of the IT function.
- Involve a senior representative from the business (e.g. CFO) to co-chair this steering committee with the CIO.
- Outcome
- Both the CIO and a senior representative from the business oversee all important IT decisions.
- Metric
- % of IT decisions that involve both the CIO and the CFO.
- Practice
- Define IT escalation processes and apply them consistently.
- Outcome
- Decisions can be escalated if necessary, and addressed in a consistent manner.
- Metrics
- % of areas that have an IT failure escalation process in place.
- Time taken to resolve an IT failure.
- Practice
- Establish formal structures or forums for periodic briefings to both senior management and some other business units on IT plans and emerging technologies, and encourage the CIO to report periodically to the CEO and CXO suite.
- Outcome
- CXOs are aware of IT matters and there is an awareness within IT of the role/requirements of the CXO functions.
- Metric
- # of IT reports/year to the CXO suite.
- 4Advanced
- Practice
- Establish an IT governance council as a subset of the senior management team and ensure it is chaired by the CEO.
- Outcomes
- IT governance is anchored within the executive level.
- The IT governance council can deploy its authority through a cascade of subsidiary committees or working groups at the business unit and project levels.
- Metric
- % of top executives on the IT governance council.
- Practice
- Define, consistently apply, and periodically test the escalation processes to manage IT failures.
- Outcome
- Escalation of decisions is perceived as a normal process.
- Metrics
- % of areas that have an IT failure escalation process in place.
- Time taken to resolve an IT failure.
- % of IT decisions that are escalated.
- Practice
- Establish an effective IT governance and communication structure throughout the organization — from corporate level, to strategic business unit level, to project level, and align it with the specific needs of the various stakeholder groups.
- Outcome
- Business and IT governance structures are aligned.
- Metric
- Ratio of business personnel to IT personnel within the IT governance council.
- 5Optimized
- Practice
- Clearly establish IT governance as a subset of corporate governance of the organization, directed by the board of directors.
- Outcome
- The importance of IT governance is recognized through its anchoring within the corporate governance structures.
- Metric
- % of top executives on the IT governance council.
- Practice
- Continually improve and apply appropriate escalation processes in order to manage and learn from IT failures.
- Outcome
- The escalation processes are tailored to specific decisions.
- Metric
- Frequency of reviews of IT escalation processes.