Skip to content

IT Governance – A Simple Approach For Law Firms

February 13, 2013

Managing Partners and those with overall responsibility for IT will have often heard the term ‘IT Governance’. Typically they have a vague understanding that it has something to do with making sure IT does the right things with the IT budget. They also know that they, and not IT, are responsible for IT governance but in many cases this action just hasn’t quite reached the top of their ‘to do’ list.

IT governance is important but is definitely not an overhead – taking simple steps will make overseeing IT a quicker and easier task and will, in a short space of time, really help the firm’s top and bottom lines.

This post aims to offer an IT Governance ‘Lite’ framework that is easy to get started, is effective and will deliver results quickly. It is based on the IT Governance Institute definitions and approach, has some of my own experience thrown in and is pared back to be appropriate for law firm implementation.

What is IT Governance?

The structures and processes that ensure that the firm’s IT investment is optimised in pursuit of the firm’s strategies and objectives.

This is my wording and is consistent with both the ITGI and with Gartner’s definition of IT governance.

What it means is that you need to have groups (and this might just be the Exec Management Team), reporting and control mechanisms that structure the main decision making in IT.  An example might be a group made up of the Managing Partner, Head of HR, IT Director and FD that consider the portfolio of IT projects on a monthly basis with one objectives being the prioritisation of new projects to be initiated. If you have this then you already do some governance – if you don’t then how do you ensure that the IT spend is focused to the maximum benefit of the firm?

What Do these Structures and Processes Cover?

Again based on the ITGI framework. There are five domains to consider – in each area there needs to be governing bodies (can be just the exec management team in each case), reporting and control.

Strategic Alignment – Does IT align with day to day business operation? Is the annual IT budget aligned to the strategic objectives of the firm? How is new IT spend authorised? Is there an IT strategy? How is the IT strategy maintained in the light of changing business priorities?

Delivery – What is the status of the IT portfolio of projects? Which are late? Which are likely to overspend? What are the benefits of each project and will they be delivered? What is the availability of the key IT online services? How many IT incidents does the Help Desk receive each week?

Risk Management – Do you have an Information Security Management Framework (ISMF)? Is the ISMF embedded, maintained and reported against? Do you have a DR policy? Is it up to date and tested? You may also wish to instigate some level of operational risk management within IT -tracking and managing risks across the IT capability (e.g. are there key man dependencies? Are we seeking to reduce these? How significant is this risk in terms of likelihood and potential impact?).

Resource Management – Are the IT assets (people, technologies, applications, money) optimised? Is your sourcing strategy appropriate (e.g. do you outsource where you should)? Do you manage third parties effectively? Have you got too many/too few staff? What is the IT staff skill level? Do you have IT services that you pay for but don’t use? How do you allocate staff effort against customer demand?

Performance Management – Do you report on the end to end IT service? To whom do you report? Are the service reports used to improve IT service quality? Balanced scorecards are very useful here – simply, can you get (on one page) a set of performance indicators that show the ‘health’ of

  1. The IT Service
  2. The IT risk profile
  3. IT financial performance
  4. People satisfaction and performance
  5. Customer satisfaction

Implementing Governance

If you have read this far you probably realise that you do some but maybe not all of the different activities that come together within an IT Governance regime.  A good starting point is to get the management team together with IT and just brainstorm based on the five headings here – what do we report on and are there things here that would be useful? How will we report this? To whom and how often?


From → Strategy

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: