The topic of IT-Business Alignment isn't really new. It is discussed for years right now. And several software vendors, mainly in the area of "Business Service Management" claim to solve the threats in that area. But, honestly: I believe that we are, in most cases, far from a real IT-Business Alignment. I have blogged several times around this, topic (here, here, here, and here).
But let's start with my definition of what IT-Business Alignment is: IT does what the business requires - not more, not less. That includes aspects like the ability to efficiently respond on new business requests, the ability to report on and enforce business controls (including all the GRC requirements), and the efficiency of IT itself in the sense of a streamlined, lean IT organization.
There are, from my view, two main steps to go:
- Reorganize IT
- Implement a consistent control layer between Business and IT
The layer between IT and Business is, from my perspective, an GRC layer which goes well beyond Identity and Access Management related GRC approaches and well beyond BSM/ITSM, providing a consistent framework for business controls for IT.
For sure we can't change an organization immediately. There are several prerequisites:
- The CIO role has to change, clearly focusing on that IT-Business Alignment, with the responsibility for GRC as main task.
- You will need architects and strategists for the central department.
- You will need persons with a good IT understanding in the business departments.
- You will need managers which can really manage the IT "centers" as business managers.
- GRC tools have to go beyond just IAM or BSM support, moving towards real platforms.