IT Outsourcing Governance Frameworks

Digital Marketing
admin
21-01-2023

IT Governance Focus Areas

Strategic alignment and strategic governance are key to ensuring that the company fully exploits opportunities and manages risks in an evolving market. According to the IT Governance Institute, there are five focus areas:

Strategic alignment

Link business and IT so they work well together. Typically, the lightning rod is the planning process, and true alignment occurs only when the corporate side of the business communicates effectively with line of business (LOB) leaders and IT leaders about costs and benefits.

value delivery

Ensuring that the IT department does what is necessary to deliver the benefits of an IT investment. Best practice is to develop processes to ensure that target values ​​are raised and those that lower the value are eliminated.

resource management

One way to manage resources more effectively is to organize staff efficiently, for example, by skills rather than by line of business. This allows a better distribution of personnel and a better management of demand.

Risk management

Instituting a formal risk framework puts rigor around how IT measures, accepts, and manages risk, as well as reports on what risks are managed.

performance measures

Structure business performance measurement. One popular method is to institute an IT Balanced Scorecard (BSC), which examines where IT is contributing in terms of achieving business objectives. It uses qualitative and quantitative measures for measurement.

Governance challenges in outsourcing

In 2004, a survey by the IT Governance Institute (ITGI) revealed that the required levels of governance do not reliably extend to relationships when service provisioning is outsourced. It is no longer ownership of an organization’s capabilities that matters, but rather its ability to leverage and scale its outsourcing capabilities. The findings show that the benefits of outsourcing relate not only to price, but also to quality of service, risk management, and freeing up key personnel to focus on core value-adding activities.

Chief Information Officers (CIOs) looking to outsource parts of the IT operation to outsiders abroad need to take a hard look at their own processes to verify their organizational maturity and readiness. The need to demonstrate the contributions of IT to the results of a company. Additionally, increasing financial regulations such as the Sarbanes Oxley (SOX) Act and Basel II are forcing CIOs to take a close look at the IT landscape. Consequently, agents also look to third-party assurances to give their principals peace of mind about their internal control environment.

Many Indian service providers have implemented recommendations from NASSCOM, the leading organization representing and setting the tone for public policy in the Indian software industry. Most organizations are aware of the potential problems that can arise from information security abuses. Many Indian companies have taken strict measures to prevent misuse of information. NASSCOM has been encouraging the Indian legislature to pass amendments to the information technology laws to expand the focus areas of data protection. “The client has to do certain things and is responsible for certain things, and so are we.said Ed Nalbandian, vice president of Avaya Operations Services, a global provider of business communications solutions.

We will begin our discussion of frameworks with Statement on Auditing Standards (SAS) No. 70, the most widely used auditing standard.

SAS 70

SAS No. 70 (SAS 70 for short), an auditing standard developed by the American Institute of Certified Public Accountants (AICPA), recognizes that an audit has been conducted by an “independent” auditor and that a service organization has passed by an independent process. in-depth evaluation of your control objectives. This is critical because organizations or service providers need to demonstrate adequate controls and protection mechanisms in place, especially when hosting or processing customer data.

COBIT

Control Objectives for Information Technology (COBIT) is another popular process framework created by the Information Systems Audit and Control Association (ISACA). COBIT is both an IT governance framework and a set of supporting tools that enable managers to close governance gaps across the organization. This framework covers core business and support processes. COBIT is a framework to be applied by both the IT department and the business as a whole.

Val IT

Complementing COBIT is ISACA’s Val IT governance framework that demonstrates the business value derived from IT investments. It is a set of guiding principles, processes, best practices, and management practices to help executive management demonstrate the value of IT at the business level. This framework goes beyond finance to include portfolio management.

IT Infrastructure Library (ITIL)

The Information Technology Infrastructure Library (ITIL) is a set of practices developed by the UK Office of Government Commerce (OGC) for IT service management (ITSM). ITIL version 3 (the most recent) aligns IT services with business strategy and provides a holistic perspective that covers all IT and support organizations.

Calder-Moir IT Governance Framework

Calder-Moir’s IT governance framework is designed to help you get the most out of overlapping frameworks and standards. This framework is not another solution, but rather a way of organizing IT governance problems. It offers tools that the board could apply to assess, direct, and monitor processes through a PDCA (Plan, Do, Check, Act) cycle.

ARENA

This template for evaluating internal controls is from the Committee of Sponsoring Organizations of the Treadway Commission. It includes guidance on many functions, including human resource management, inbound and outbound logistics, external resources, information technology, risk, legal, business, marketing and sales, operations, all finance, procurement and reporting functions. This is a more general business framework that is less specific to IT than the others.

CMMi

The Capability Maturity Model Integration method, created by a group from government, industry, and the Carnegie-Mellon Software Engineering Institute, is a process improvement approach that contains 22 process areas. It is divided into appraisal, evaluation and structure. CMMI is particularly suitable for organizations that need help with application development, lifecycle issues, and improving product delivery throughout the lifecycle.

frame selection

Choosing the best corporate governance framework for a company is a matter of finding the right balance to serve all the stakeholders in which the company operates. A good governance framework should be managed and overseen by an independent board of directors that oversees the implementation of a corporate vision. Directors are guided by a set of policies that govern business practices in all areas of operation.

Today, most companies choose COBIT or ITIL, but other frameworks are also suitable. ITIL is especially a good operations framework, while CMMi is well-suited for application development and lifecycle issues. COBIT is a great general framework for risk management.

Although each framework has a unique value proposition, combine frameworks to design a custom framework that fits an organization’s goals. A company can use COBIT as a general framework and ITIL for specific operations, CMMI for development and ISO frameworks for security. In fact, the combination of frames is quite common. A PricewaterhouseCoopers study found that in 65 percent of cases, companies used COBIT and ITIL together or with lesser-known frameworks.

Specifically, outsourcing governance is a subset of IT governance and its primary focus is to regulate the interface between the organization and its outsourced service provider. A crucial consideration when considering outsourcing governance is the close interrelationship between the internal and external IT environment, and focusing on IT outsourcing governance is always inappropriate. It must be considered within the context of IT governance as a whole.

Most importantly, a framework should be used that fits with the corporate culture and with which most stakeholders are familiar.

putting them together

To transform great ideas into great project results, Strategic IT Governance is a must. “If the IT governance framework is not implemented correctly, it can directly affect how IT is perceived at a high level. The last thing you want is for IT to be perceived as a cost center that produces no real value.“, says Marios Damianides, former international president of ISACA and the IT Governance Institute, and now a partner at Ernst & Young.

Good governance goes hand in hand with good execution. This means establishing a Project Management Office (PMO) and a Governing Board. For larger projects, a Program Manager should be appointed and take responsibility for all issues and escalations. The PMO must periodically report progress to the board of directors.

In addition, the chosen Governance framework should not be too complicated or difficult to manage. The structure must be simple and easy to understand; The objectives must be clear and understood by all interested parties. In short, Outsourcing Governance frameworks need to be effective, productive and align with the strategic needs and requirements of the business. Importantly, the Governance framework must be revitalized on a regular basis to remain relevant to business objectives.

further reading

  1. When to Divest Support Services by Petter Østbø, Tor Jakob Ramsøy and Anders Rasmussen, Corporate Finance Practice, McKinsey Quarterly, July 2009

  2. The Value of Outsourcing Legacy Insurance Products by Matthias Daub and Ferruccio Lagutaine, Business Technology Office, McKinsey Quarterly, December 2010

  3. The Black Book of Outsourcing: How to Manage the Changes, Challenges, and Opportunities (Wiley Desktop Editions) by Douglas Brown and Scott Wilson (May 2, 2005)

  4. Operational Excellence: The New Force Driving High Performance Through Outsourcing by Jeff Osborne, Managing Director, BPO Global Delivery, Accenture, 2010

  5. The Outsourcing Firm: From Cost Management to Collaborative Innovation by Leslie P. Willcocks, Sara Cullen, and Andrew Craig. ISBN: 9780230231917, published October 14, 2010

  6. Information Technology Strategy and Management: Best Practices (Primary Reference Source) by Eng K. Chew and Petter Gottschalk (November 26, 2008)

  7. Creating Better Governance for Offshore Services, Judith C. Simona, Robin S. Postona, and Bill Kettingera, Managing Information Systems, Volume 26, Number 2, 2009; DOI:10.1080/10580530902794778

  8. Information Systems Audit and Control Association Frameworks

  9. Indian fort? by Pete Engardio, Majeet Kripalani, and Josey Puliyenthurrthel, Business Week, August 16, 2004

Leave a Reply

Your email address will not be published. Required fields are marked *