(Part II of VI – Governance)
Having discussed the Technology enabler dimension of the TOM in more detail in one of my previous bolgs (Part I of VI – Technolgy), I now want to focus on the details of the overarching Goverance dimension of a Target Operating Model. This Governance dimension approach is being derived from COBIT 5. (For more information about COBIT 5, please refer to Martin Andenmatten’s blog.)
Governance is all about value creation by realizing benefits, optimizing related risks and resources. In respect to Cloud Services it means: Creating values for the business by optimizing the known Cloud risks and the internal and external resources contributing to the Cloud Service.
Cloud Service are not self-standing entities within the whole service portfolio of an organization – in contrary, they need to be embedded in the entire value, lifecycle and governance chain of an enterprise. Besides the common governance elements, mutually applicable for any service provided to customer and business, there are special considerations to be made:
a) One principle of governance is cascading stakeholder needs to enterprise goals down to IT-related goals. In case of Cloud Services there is a slight tendency to exclude IT from the goal cascading exercise in some areas (i.e. stakeholder value of business investments, portfolio of competitive products and services)
b) The governance of risk optimization needs to be reviewed completely taking into account the increased exposure of privacy and compliance issue coming with Cloud Service in terms of external providers, data location and security over the internet concerns.
c) Cloud Services will although demand a different approach to resource optimization. Internally there needs to be a shift in terms of organizational capabilities and staffing. Optimizing external resources requires a new thinking concerning financial transparency and service culture.
The definition of the governance elements for a Target Operating Model enfolding Cloud Service will have to focus on setting the scene for all other enabler dimensions of the Model:
1. The IT Balanced Scorecard needs to be aligned with the shift of priorities, values and risks coming with external suppliers.
2. The Governance Principles, Policies and Frame Works need to be reworked covering the risk optimization challenges attached to Cloud Services. In particular, the following areas would need to be reviewed and aligned:
- The entire IT Service Management Frame Work
- Security Policy
- Compliance with external laws and regulations
- Audit Frame Works
- Financial Transparency of external services
3. The Service Portfolio Management approach needs to be tailored accommodating the lifecycle management of external services.
4. The Process Landscape would need to be reviewed to include specific processes managing the performance of external services, like Supplier management, Service Level Management, Security Management and IT Service Continuity.
5. Organizational Capabilities will have to be aligned to the priorities of a retained IT Organization. Operational capabilities will have to be diminished in favor of Service Strategy, Design and Transition capabilities.
6. People’s skills, experiences, motivations and development plans need to be managed towards the organizational capability requirements of an retained IT Organization.
7. The Technology Landscape definitions will have to be derived from:
- the Cloud Service integration challenges
- security, risk and compliance support requirements
- financial transparency and SLA reporting requirements
Overall, defining a Target Operating Model that includes external services like Cloud Services requires a much more stringent approach creating value by realizing benefits, optimizing related risks and resources than a traditional model around in-house services.
Please stay tuned, in the next blog I will contiune to review the TOM enabler by discussing the Service dimension.