News

The Upside of Compliance: It’s Driving IT Governance

• By John K. Waters
• May 11, 2005

Plenty of companies are making the connection between compliance and the policies and practices that align IT with business goals. In its 2004 global status report, the IT Governance Institute reported that 76 percent of executives surveyed acknowledged having IT problems that could be resolved by implementing an IT governance framework.

In a more recent survey of 800 IT executives in 22 countries conducted by the Economist Intelligence Unit, almost 70 percent of the U.S. firms reported that Sarbanes-Oxley would have the most significant impact on their IT operations over the next three years. And 60 percent of those respondents rated IT governance as a key driver of “business value” in their compliance efforts.

“Compliance is a huge resource strain, especially in year one,” says Sue Barsamian, VP of marketing at Mercury Interactive, which commissioned the EIU survey. “We’ve had CIOs tell us that their entire team did nothing but SOX compliance for three months. But by year two, companies…see there’s a silver lining here—which is, if you actually implement good IT governance practices, you get compliance almost for free.”

Some companies are finding regulatory compliance to be more of an inspiration than a driver. As a private corporation, Giant Eagle isn’t under the regulatory gun, but the country’s leading supermarket retailer and food distributor has been using SOX as a model for better practices.

Giant Eagle had been using Mercury Interactive’s well-known testing solutions before implementing Mercury’s IT Governance Center product to help with governance. IT governance is the newest piece of Mercury’s business optimization strategy. BTO is an emerging industry category of solutions to optimize technology and business processes in the enterprise.

Mercury’s ITGC offers three core functions: “demand management,” which gives IT visibility into all sources of demand, from the business in the form of strategic projects, or from IT itself in terms of updates and enhancement requests; “project and portfolio management,” which provides the ability to drill down to the level of an individual project and manage it to completion, and also provides an aggregated view of the entire portfolio; and “change management,” which helps IT govern the way projects are rolled into production.

Giant Eagle went live with version 5.5 of Mercury’s ITGC last October. About 400 users, mostly at the management level and above, use it now, Fitting says. Approximately 180 users are IT people; the rest are business users. “We have executive vice presidents playing roles in the work flow,” she says. “It’s creating a real collaborative environment.”

Mercury recently unveiled version 6.0, which provides an enhanced set of IT governance applications and best practices, an executive dashboard and an enterprise foundation. The new Mercury Managed Services offer hosted governance software delivered over the Internet, plus a team of experts to help customers rapidly execute initiatives.