IT Governance and Outsourcing

The decision to outsource IT has become a part of strategic thinking process for a large number of organizations. Organizations across the globe are increasingly evulating what is core to their business and what isn't, and the non-critical functions (one such being IT) are being outsourced. Through outsourcing, organizations largely benefit from greater expertise, lower costs and higher quality; and also free up the management to focus on critical aspects of business rather than the support functions. The absence of good IT governance is leading to the outsourcing.

Role of IT governance
IT governance exists within the context of corporate governance, and the principles are essentially the same. IT governance is an accountability framework and management process that helps to define and communicate what must be done and provides the rigorous oversight to ensure that it is. It drives interactions and provides feedback mechanisms that encourage communication and desirable behaviors.

The accountability framework is typically made up of well-defined roles and responsibilities reflecting decision rights among the participants in the IT management process and is reinforced by effective reporting. Making sure decision rights are clearly defined is critical to resolving a myriad of issues around strategy, standards, monitoring and change introduction.

IT governance and the outsourcing contract
Because good IT governance is so essential to establishing an effective IT environment and even more essential to a successful outsourcing relationship, it should receive priority attention during the negotiation and contracting phase of an outsourcing deal. By focusing on governance in the negotiation stage of the relationship, both parties can clarify their respective roles and responsibilities to ensure the relationship's success. Incorporating an IT governance structure, responsibilities and reporting mechanisms into the contract increases the likelihood that the IT governance model will be implemented with the required discipline and rigor. Indeed, good IT governance should be viewed as a principle value of outsourcing. Contracted IT governance should cover three areas in particular:

1. Roles and responsibilities
2. Management structure
3. Reporting

Roles & Responsibilities
At a high level, four stakeholders are involved in a good IT governance model and their decision rights should be clarified in the contract:

1. Business unit or functional leadership
2. Business executive leadership
3. Senior IT leadership
4. IT delivery leadership

Management Structure
Equally important to defining roles and responsibilities is contracting a management structure to support the execution of those roles and responsibilities. A forum must exist wherein requirements can be reviewed and approved and where execution can be monitored. Ideally, this type of structure would already exist within an organization. Too often, however, this is not the case and the contract is an ideal opportunity to create the necessary structure.
A three-level structure made up of the following committees can be built into the contract, ensuring that stakeholders participate and execute their roles and responsibilities:

• User committees
• Operation committee
• Executive committee

User committees formed around business units, technology groupings or business processes are ideal forums in which to review emerging business needs and service delivery. By articulating the need for and the structure of such committees in the contract, the outsourcer establishes a forum for interaction with the client's user community.
The operation committee is generally composed of senior IT leadership and IT delivery leadership. Bringing together the IT leadership of the outsourcer and the client, the operation committee is charged with overseeing approved initiatives and service delivery. It is critical that the composition, agenda, frequency of meetings and deliverables of such a committee be contracted, as it is an essential factor for a successful outsourcing relationship.
The executive committee is the forum for approval of IT directions and initiatives, and the contract should specify the composition, agenda, frequency of meetings and deliverables of this committee as well.

Reporting
While outsourcing contracts typically require service level reporting to some extent, outsourcers are in an ideal position to introduce a broader scope of IT reporting and support the roles and responsibilities articulated in the contract. User committees would generally require progress reporting on approved projects, enhancement backlog reporting to monitor request status, and of course service level reports on critical processes. The operating committee would require similar reporting and, based on its responsibility for the execution of all IT services, supplemental financial information.
The executive committee reporting requirement would be highly summarized and may take the form of a balanced score card report, touching on four or five critical dimensions, such as business contribution, service quality, budget, user/client satisfaction and strategic direction.
The outsourcing contract should specify the reporting required to manage the relationship and services and, indeed, examples of required reporting should be included within the contract.

Conclusion
While companies are now treating IT as a key element of their business, they often fall short in the area of IT governance, especially when outsourcing their IT functions. By making good governance an essential part of the contract, outsourcers and clients can do a better job of setting expectations and increase significantly their chances of creating a win-win situation for all.