Featured Product
This Week in Quality Digest Live
Quality Insider Features
Yosef Ayzencot
Develop and implement a solid company culture
Tracking changes in fluorescence from ultracold atoms is a super-sensitive indicator of pressure
Seb Murray
Switching to a circular economy could protect the environment and help companies generate more value
Jennifer Chu
Stamp-sized ultrasound adhesives produce clear images of heart, lungs, and other internal organs
Grant Ramaley
FDA seeks to align Part 820 with ISO 13485:2016; why that may not be enough.

More Features

Quality Insider News
Increases Xcelerator capabilities for climate-neutral aviation
Gantry designs feature enhanced performance
Precision manufacturers can monitor Universal Robots in real time and over time
New technology will allow customers to grow capacity, improve profit margins and gain efficiencies
Demonstrating a commitment to keeping people safe and organizations running
Making the new material freely available to testing laboratories and manufacturers worldwide
Virtual reality training curriculum prepares organizations for rapid transformation
Meet the latest generation of LC xx6 encoders

More News

Bipin Roy

Quality Insider

IT Governance and Compliance

Are they worth the trouble?

Published: Monday, July 23, 2007 - 22:00

Story update 11/1/2010: We had the incorrect author shown for this story. The author is Bipin Roy.


Welcome to the information technology world of governance boards, compliance councils, Sarbanes Oxley, and audit committees that continually invent stringent rules and regulations to make the daily job of an IT manager harder than ever before. It’s scary to visualize all these new regulatory bodies chiming in to see whether you’re doing the right thing!

What is good governance?

Good governance is the ability of an organization to steer itself into the future and is influenced by complex relationships among all its stakeholders. A governance model can only be as successful as the level at which its stakeholders allow themselves to be governed.

Before the IT industry matured, the rules of the game were very different. Compared to those times, the current scenario looks like overkill. Now a software-development manager may think, “Come on! Let’s just do our jobs and get out of here. Why should I bother about all these councils and rules trying to ensure that my job is done correctly? This is my job! What does a corporate scandal somewhere have to do with my project and my team? Give me a break!”

Typically, IT managers will try to do their job as they always did and then map project work into any new processes with which they need to be compliant. Here, the key term is “need,” rather than “want.” How many people want to be compliant with all the rules in the IT world? Not many, because everyone has deadlines to meet, customer relationships to take care of, and things to do to get the next promotion. How much value does a project manager see in being compliant with all the regulations and processes from the standpoint of project execution and delivery? Before we answer, let’s look at the evolution of the IT industry and project management.

The good old days

The 1950s to the 1970s were halcyon days—developers just had to churn out code and tell their managers when they were finished testing. The IT industry had little structure then, deliverables were done within accepted timelines, and processes seemed to work. IT remained aloof from other industry segments such as manufacturing, where everybody was quality-obsessed. The rules of the game were different for IT, and all that changed with time.

With bigger teams collaborating with one another around the world, there arose a need for better project-management techniques, and soon there were managers trying to run big projects within structured paradigms. In recent decades, because of the growth of the IT industry globally and the ever-increasing salaries of IT personnel, more and more people have been drawn to IT, including from other disciplines. This is especially true for developing economies, where IT salaries were enormously higher than those in manufacturing and older industries. The spiraling influence of IT and its invasion of other industrial segments made it part of daily corporate life. Soon there were big IT projects underway in all the major corporations, and IT became a competitive differentiator in the world of business.

Nearing the millennium, Y2K had corporations anticipating disaster on a fixed deadline, and outsourcing became a new way of developing software that helped companies mitigate rising labor costs and opened new avenues for fostering innovation. This was a turning point for IT, and many large software companies headquartered in Asia blossomed by resolving the business issues of companies spread around the globe. The way of doing business was transformed, and, to ensure high quality in software development, we saw global acceptance of capability maturity models (CMM) and, later, capability maturity model integration (CMMi).

Vendors with the best qualifications had an advantage over competitors for new projects, and software methodologies that could provide a competitive edge became must-haves for many companies. The companies with the best governance models thrived in these new circumstances by adapting to their environment and building good governance bodies that enabled them to be more successful. They did this by clearly linking their strategic objectives to measurable goals through well-defined processes. Compliance levels were continuously monitored to ensure excellence in execution.

In the changed world of software creation and maintenance, the factory model was adopted to cater to scale, different processes and methods came into being, and the perceived value of governance skyrocketed. Business processes soon had IT as one of its main implementers. The growing significance of IT governance also mandated effective compliance mechanisms. From administrative, legal, and management standpoints, IT governance and compliance became important practices in the industry and helped rake in more revenue for the top players.

Here are some essentials of good governance models:

  • Simplicity (achieved through fewer, well-orchestrated systems)
  • Adaptability of systems to changes in their operating environments. Exceptions are captured to make the governance model more holistic.
  • User friendliness. The model must integrate human considerations, because without internal support new initiatives are unlikely to succeed.
  • Strict mapping of processes with organizational objectives. The governance model chosen must align with the overall company culture or effective compliance won’t happen.
  • Transparency. The model should be chosen based on consent and should foster learning within its ranks without overkill.
  • Enterprisewide embrace of a standard set of tools and technologies.


Better compliance levels will result in rapid return on investment, simpler reconciliation, automatic or better audit trail mechanisms, reduced expenditures, improved data quality and accuracy, reduced rework, lower risks, and more informed decision-making structures within the organization.

How much compliance is enough?

As the IT industry has matured, good corporate governance standards have evolved into a yardstick to measure corporate performance. Still, one can do the basics for execution with little regard for strict compliance. If this is the case, what’s the real value derived from 100-percent compliance? Recent studies suggest that organizations with good governance structures enjoy a higher return—up to 20 percent—on assets than companies with weaker governance. For a company to achieve all the essentials of good governance standards, individual projects have to follow the adopted processes religiously.

Are so many checkpoints really necessary?

The corporate scandals involving Enron and WorldCom suggest stricter controls and compliance levels to ensure accountability, to build stakeholder trust, and to pursue customer satisfaction. The very existence of corporations can be jeopardized if effective control mechanisms aren’t in place. It’s a question of credibility. As an IT manager, if you can point out the project status at any given moment through effective IT processes, or with the aid of documentation that clearly captures the accountability of decisions and progress made, you can believe that you’re in safe harbor from a compliance standpoint. For IT managers, this translates to understanding where the control checkpoints are or should be, and ensuring compliance within disparate systems in terms of business process implementation, data sharing, and stakeholder management.

Identifying the right model in your organizational context is critical to ensuring compliance (please refer to the suggested governance criteria mentioned before in this article). Otherwise, your people will always find ways to work around the system and so defeat the purpose of building a better governance structure.

Most of the top-performing corporations in the world boast about good governance boards and compliance levels achieved through robust business and IT processes. Many factors have contributed to each company’s success story, and the contributions of effective corporate governance, transparency, and compliance are critical. Varying degrees of control and compliance levels are applicable, depending on the industry. For instance, it’s extremely difficult to employ metrics to understand the status and effectiveness of decisions for nonprofits involved in community development, and yet successful organizations have built better governance models in this sector.

In conclusion, good governance will definitely accelerate your company’s success, if success is thought of as a journey rather than a destination. Good governance has definite value and is a safer bet than merely hoping that your projects will end up successful. To the individual investor and to the public, corporations with good governance and verified compliance levels have aura of trustworthiness that can eventually affect the bottom line. Corporate governance and effective compliance are necessary for 21st-century corporations.


About The Author

Bipin Roy’s picture

Bipin Roy

Bipin Roy Lekshmanan is a certified project management professional with 11 years of experience in information technology. He manages projects and does program management for the Indian IT outsourcing giant Wipro Technologies and is based in the United States. He's also a member of the Project Management Institute exam development committee, U.S. chapter.