Saturday, October 8, 2011



John Kyriazoglou*, CICA, M.S, B.A(Honours), (

IT Consultant and Author of the book ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (


Very complex IT projects frequently fail either due to budget overruns, or due to implementation delays, or even due to mismatches of functional specifications and business expectations. If the designers and managers of IT projects succeed in overcoming these obstacles, then the IT project is put into productive use with the optimism to satisfy the multiple targets of its users and the strategic objectives of its leadership and the organization.

Also IT projects, frequently, during their productive operation, in their attempts to be aligned with corporate objectives, are faced with new challenges which many times change due to competitive forces, and due to a large set of threats that could both lead to undesirable developments.

This is why the most care possible and the prior organizational preparedness and implementation of well-thought out control plans and actions (broadly termed ‘corporate controls’) are required in advance, so that on the one hand the risks that will cause damages to the reputation, effectiveness, and profitability are minimized and, on the other hand the benefits accrued due to the IT project are maximized.

In almost all types of organizations, both private and public, corporate controls denote the set of policies, procedures, techniques, methods, and practices to manage and control their business operations. Within this corporate controls framework, Information Technology controls (or IT controls) are specific actions, usually specified by policies, procedures, practices, etc., performed by persons, hardware or software with the main objective to ensure that specific business objectives are met. The overall guiding aim of IT controls relate to the secure processing, confidentiality, integrity, and availability of data and the overall management of the IT function of the organizations.

IT General Controls are those controls that are applicable to all IT activities (systems, services, issues, processes, operations, etc.) and data for a given organization or IT systems environment. They include controls over such areas as the strategy for IT, systems development, data center operations, data base and data communications infrastructure, systems software support and maintenance, IT security, and ready-made application systems acquisition, development and maintenance.

IT Application controls are those controls that are appropriate for transaction processing by individual computerized subsystems, such as financial accounting, personnel administration, customer sales, inventory control, payroll or accounts payable, etc.

Both corporate and IT controls are most efficient and effective when they are monitored, reviewed and improved to deliver the expected results. This is the main objective of performance measurement and reporting system.

A performance measurement and reporting system is an integral part of the corporate performance management process and it provides feedback, relative to the specific objectives of an organization that increases the possibility of the organization in achieving the predefined strategic and operational goals efficiently and effectively. Performance measurement gains real value when it is used as the basis for timely decisions by management. In terms of the particular function the purpose of performance measures is to provide the basis for performance management, review and improvements of the area being examined. The purpose of performance measuring is not to know how the organization is performing but to enable it to perform better. The ultimate aim of implementing a performance measurement system is to improve the performance of the given organization. If management can get the performance measurement of the organization right, the performance data generated will tell management and stakeholders where the organization is and where it is heading.

Establishing the corporate performance management process includes:

Step1: formulating and setting up the performance measurement system (e.g., BSC at the corporate level, and IT BSC at the IT level, etc.),

Step 2: entering the performance data into the performance system,

Step 3: carrying out the required performance reports and analyses, and

Step 4: setting up a corporate awards system and linking it to performance.

A good performance system must communicate strategy, must measure performance in real time, must offer an integrated performance project management capability, and must acknowledge and enable emotional contracting with all staff, which is so vital for linking individual commitment and activity to the attainment of organizational plans and goals. Emotional contracting (also referred to as 'the psychological contract') is the crucial and powerful link between the organizational performance intent, and the motivations, values and aspirations of the people. This emotional contracting element is sometimes overlooked by organizations, and that is the reason that may explain why the people have failed to do what the organization expected and asked them to do.

Ensuring that the objectives of IT systems are achieved may be done by establishing, monitoring and reviewing the IT Performance and IT Compliance Measures. These measures ensure that the formulated IT plan has the required and expected performance, and to take the necessary improvement actions, as needed.

In the IT domain and its areas of IT organization, IT strategy, systems development, application operation, etc., the typical IT performance measures are indicated next.

These performance measures could be based on a mixed system with two components: Component 1 would be IT Strategic and Operational Performance Measures, possibly maintained by an IT-BSC (Information Technology-Balanced Scorecard) Measurement System, and Component 2 would be a Compliance Monitoring System for monitoring compliance to policies, procedures and related matters (e.g., budget issues).

Examples of these performance measures follow:

IT Strategic and Operational Performance Measures

IT Finance: Expenditures on maintenance vs. new development, Expenditures on preventative maintenance, Return on IT Investments,  IT Human Resource Management Turn-over ratios, Training per employee (amounts, hours),  etc. 

IT System Development: Functions developed worth to users, No. of lines coded / tested / changed, Number of Applications supporting critical business functions,  etc.

IT Operations: Timely delivery of reports to users, Average response time, Average availability time, Volume of data stored, Mean time between failures, etc.

IT Compliance Performance Measures 

IT Corporate procedures not documented and kept current, IT Corporate committee not established, IT Corporate committee not functioning, IT Personnel management controls not followed, IT procedures not followed, IT Budget not followed, IT Visitors not recorded, IT Problem solutions not recorded, Security incidents not recorded, etc.

The IT management of the company, may, depending on various aspects of the organization, analyze all this performance and compliance monitoring information to review, assess and improve the elements of the IT function and the given IT activities of the specific organization.


* For more detail information on IT Performance and related Controls, see the book:





Author: John Kyriazoglou

Publisher: IT Governance Publishing

ISBN: 9781849280617

Pages: 686

Format: Softcover

Published date: 2 September 2010


  1. I really like this blog, It's always nice when you can not only be informed, but also get knowledge, from these type of blog, nice entry. Thanks
    business performance management

  2. Great post. I hope you write more good stuff like this article.

    business performance management