IT governance for small and micro business

IT governance ...
• IT risk and security management ...
• Strategic business / IT alignment …
• Project governance …
• Project portfolio management …
• IT architecture …
• IT strategy …
• Software, hardware, and network planning …
• Service management …
• Contingency planning (business continuity and disaster recovery) … and more …

Few will disagree that these elements are all very necessary for large businesses, but are they really necessary for small businesses?

The answer must be a resounding YES! Small businesses that do not direct and control every aspect of IT governance run the risk that any one aspect could destroy short and long-term business value, or even threaten short term survival!

The problem is that – at face value – this is a rather formidable list of management processes that add costs without adding apparent benefits! How can a small business hope to cover them all without succumbing to the dreaded death-by-overheads?

Small and micro businesses need to "rightsize" the whole subject of IT governance to suit their needs (yes – that’s where the "rightsized" web site and company names came from):
• using a systematic approach to planning, implementing and managing IT governance
• “rightsizing” the IT governance solutions and processes

The systematic approach

First, get some background reading, such as the downloadable overviews by Alan Calder, available from IT Governance Ltd.

Second, step back from the detail that vendors and some practitioners will want you start with (such as any one of the topics listed above, or specific products that purport to solve all your IT governance problems!) and take a look at IT governance using a holistic view such as the Calder-Moir IT Governance Framework. Follow the link to IT Governance Ltd and look under the IT Governance tab for a free download which provides a simple (not simplistic!) view of IT governance across six topics:
• Business strategy (and how it drives IT)
• Governance, compliance, & risk management (and how they constrain, control, and monitor both business and IT)
• IT strategy (and how it shapes IT and business/IT change)
• Change (and how it is controlled for greater business benefit)
• Capabilities (and how they are shaped to maximise business utility)
• Operations (and how it supports greater business value with lower risk)

Third, gauge how well your organisation directs, monitors, and evaluates IT (regardless of whether IT is insourced or outsourced!) across the six topics. You need to understand whether:
• IT may be detracting from or even destroying business value
• IT may be somehow disconnected from or irrelevant to the business and its strategies
• Non-technical directors and executives receive jargon-free information that allows them to understand, evaluate, and make decisions about IT across all six topics

Fourth, develop a priority list from your assessment, organise that list into an action plan, gain full commitment from the Board, the Executive Team, and the IT manager, then embark on an implementation.

Rightsizing IT governance

Most of the IT governance solutions and tools that are widely used in large organisations are totally unsuitable for use by small organisations – they can be expensive, unwieldy, require specialist skills, and are configured for the largest public and private sector organisations.

It would be unwise for small organisations to use some of these solutions and tools – apart from the high costs, they can impose processes and detail that are distracting and wasteful. In many cases they add institutionalised costs without adding benefits. The same happened with early, poorly scoped, implementations of quality systems (such as ISO9000) and other management fads.

Small businesses can, however, gain the benefits of IT governance with few of the disadvantages that come with the “big business” solutions and tools. The answer lies in fully understanding the why, what, and how of IT governance, designing simple processes to suit the size and culture of the organisation, and using readily available tools such as spreadsheets and email to avoid the licence and support costs that come with the big business solutions.

There is a large range of books and toolkits that small businesses can use to plan and implement their own IT governance processes, standards and solutions without having to use large scale solutions and incur the large scale consulting costs that come with them.

Of course it is always useful to draw on expert advice (from someone who knows about business and IT governance – not a pimply-faced graduate who learns at your expense!) but by using the resources and toolkits that are now available, external costs can be minimised.

Time for the shameless plug. I created The IT Governance Framework Toolkit, which contains nearly 1,600 pages of resources (98 different documents, including templates, guidelines, checklists, questionnaires, slide presentations, assessments and planning tools) as well as copies of both IT Governance: Guidelines for Directors and IT Governance Today: a Practitioner's Handbook. The toolkit is available only from IT Governance Ltd. Look for the toolkit’s promotional page, and try the free demo version (a severely abridged and "de-formatted" version that saves on download time).

Next: When IT goes wrong

• Home
• Resources
• IT Governance
  • ITG is more than risk management
  • ITG for small business
  • When IT goes wrong
  • Where IT goes wrong
  • Why IT goes wrong
  • Dot-coms ain't all technology
  • It's the people, stupid!
• About us
• Contact us
• Copyright & disclaimers