Leadership: Three CIOs Come Up With the Rules Of IT

1 2 Page 2
Page 2 of 2

Godfrey’s IT rules had their genesis in a couple of tough years for his department and Dow Jones’s ad revenue streams, in which IT struggled with a very heavy project load and a fast pace of change in the business. Cost management and project execution were both primary goals for Godfrey, even as demand for IT functions was still outpacing what he could supply. His list of Big Rules, he says, "was an attempt to hold chaos at bay."

So far, so good. Senior Dow Jones management has welcomed IT’s push into stricter IT governance and better business alignment. "We’ve been invited to lead," says Godfrey. "But leadership comes with expectations, and we need to get stronger." He insists that this is just version 1.0 of the Big Rules. In the works now is version 2.0, which will detail organizational strategy and how IT can be woven into the fabric of the company. "Just because I have rules, doesn’t mean we’re done," Godfrey says.

Bill Godfrey’s Big Rules for IT Service Governance

Rule 1 Strategic Planning

¿ All technology divisions will have a documented technology plan.

¿ All technology divisions will have published goals and objectives.

Rule 2 Production Prioritization

¿ Production problems classified as Severity One take resource precedence over all else. Management and staff will work on Severity One problems immediately and continously until resolved.

Rule 3 Enterprise Architecture

¿ All technology divisions will have a documented high-level architecture.

¿ All technology divisions will adhere to infrastructure standards or seek exception approval.

¿ All technology projects costing more than $250,000 total must be approved through the Early Look Architecture Zoning process prior to capital approval submission.

Rule 4 Project Management

¿ [There will be] 100 percent adherence to the Dow Jones (DJ) project management process for all nontrivial development projects (projects estimated to take more than two weeks of staff time).

¿ All development projects will have a specifically identified business sponsor and a specifically identified technology project leader prior to initiation.

¿ All development projects requiring infrastructure support will directly involve infrastructure support staff during project initiation, giving the infrastructure staff an opportunity to directly participate in the design of systems solutions.

Rule 5 Time Management

¿ All staff time will be appropriately entered into the IT time reporting system on a weekly basis.

Rule 6 Technology Business Management

¿ As represented in approved budgets, technology costs will not exceed plan unless explicit approval is granted by the CIO.

¿ Technology contracts will be managed and approved through business management services.

¿ All third-party contractors [and] consultants will sign non-disclosure agreements [and will be] managed under the non-employee security policy and through the DJ preferred vendor program.

Rule 7 Capital Approval Management

¿ All projects will adhere to corporate expenditure authorization processes.

¿ All projects are required to have appropriate IT senior leadership team sign-offs prior to business line submission.

¿ For all projects requiring CIO approval, all staff work and IT senior leadership team approvals will be complete prior to seeking CIO approval.

¿ Any project with a total cost of more than $250,000 will be submitted to finance for formal business case review.

Rule 8 Requesting Proposals from Third Parties

¿ All requests for proposals from third parties will be reviewed and approved by the CIO prior to execution.

¿ All requests for proposals from third parties that could have DJ infrastructure implications will be reviewed and approved by technology engineering services prior to execution.

Rule 9 Relationship Management

¿ Business technology directors are 100 percent accountable for all technology, direct and indirect, in support of their business lines.

¿ Business technology directors "own" all business application vendor relationships.

¿ Enterprise technology directors "own" all infrastructure vendor relationships.

Rule 10 Infrastructure Management

¿ Enterprise infrastructure services is 100 percent accountable for the DJ global infrastructure.

¿ Enterprise information services is the only organization that makes infrastructure decisions.

¿ Enterprise information services owns and manages all infrastructure capital.

Rule 11 Compliance with Audit, Regulatory and Legal

¿ Information technology services will comply with all audit, regulatory and legal requirements.

¿ The IT senior leadership team is accountable for compliance.

Rule 12 Operations Procedural Compliance

¿ [There will be] 100 percent compliance with [the] enterprise change control policy and procedure.

¿ All production applications will be supported by a service-level agreement.

Rule 13 Information Security

¿ All technology staff will comply with the Dow Jones information security policy.

¿ Information security approval must be secured prior to implementing new technology or making major enhancements to existing technology. This review and approval is to take place before any formal or informal obligations are made between DJ and a supplier.

¿ All credential and access management to a financially significant application will be managed and controlled through information security.

Rule 14 Sarbanes-Oxley Compliance

¿ [There will be] 100 percent compliance to all Sarbanes-Oxley controls.

¿ All IT leaders will be thoroughly familiar with the IT general control policies [regarding] governance, project management, operations, access control and data management.

¿ All IT leaders, supervisor and above, are responsible and accountable for Sarbanes-Oxley compliance across their respective areas of control.

Related:

Copyright © 2005 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
The CIO Fall digital issue is here! Learn how CIO100 award-winning organizations are reimagining products and services for a new era of customer and employee engagement.