Mike Pickett is talking about Governance Audit &
Centralization/Decentralization. Why did they want a governance audit?
They didn’t ask for it – it’s starting to be a buzz topic among audit
departments at universities nationally. Maybe it’s a way to help
thinking about the maturity of the organization – you can treat the
lack of planning and maturity as a risk to the institution.
Audit was conducted June – Sept 2010. Talked to wide range of people
in virtually every part of the university, including the senior
Goals – Assessment of IT governance processes and key IT risks and
controls – spent about an equal amount of time looking at both. Used
COBIT to assess and benchmark quality of processes. Provide detailed
recommendations for improvements; provide a proposed action plan;
Provide estimated investment; provide strategic input
In talking about lack of IT funding as a risk, need to phrase it in
ways that make sense in a setting where nobody has adequate funding.
Probably needs to be communicated in terms of not being funded at an
adequate level to enable the academic goals of Brown.
Opportunity risks – what are the things that would prevent Brown from
being the institution it wants to be? e.g. what infrastructure is
needed to support growth in continuing education?
The report is recommending that the board of trustees have some
oversight of strategic technology investments.
There’s a question about whether we’re doing something wrong by not
persuading institutional leadership that technology is of enough
strategic importance, so that we’re seen as a cost center rather than
a strategic partner. Joel notes that it’s a challenge to have the
conversations about using technology to help research and teaching get
better. Tracy says that in industry oftentimes the CIO has come up
through the ranks within the business, which is less true in our
institutions. Building credibility with faculty and researchers then
becomes critically important.
Recommended reading: IT
Governance, Weill & Ross, 2004 HBS Press
Chuck Powell – Yale has drafted an institutional IT strategic plan. Grew out of a realization that the IT organization was too technical and not aligned with the institution. Had a strategic planning process, gathering input from a wide variety of sources. Created an ITS Relationship Management – like senior client account reps in corporate world. Aligned with strategic clients. Strong alignment with their strategic issues – mainly there to make sure that the latest great idea is captured, understood, and potentially funded. These are full-time roles for senior people, each of whom has a team of between 5-10 people. Sounds to me like they pulled the people who do requirements gathering and project definition and management across the organization and assigned them to work with specific units – like the people who used to do that for the student system are now assigned as relationship managers with academic administration. All projects over $250k must go through the process, and there is architectural and regulatory/compliance checks of smaller projects if they have large impacts.