What do board members need to know about ITIL?

In a 30 minute presentation, what is vital to get across to board members?

Many IT service managers have found they need their board members to understand what ITIL is and what it will achieve because, at the very least, they need the board to approve a budget to implement ITIL best practices. This, of course, is normally achieved through raising a business case to show the benefits that ITIL will bring to the business, together with required costs, resources, timescales and risk optimisation.

Can your business run IT without best practice frameworks that control IT? Hardly, and the really obvious point is that even before ITIL is implemented your IT department will already have a service desk and there will be ITIL functions such as technical teams for introduction, support and upgrades of business applications, networks, servers, PCs, tablets and smartphones etc. What is usually a key view of the business case for ITIL implementation is that adoption of best practice will improve processes already in place such as incident, problem, change and service level management, so that the IT services needed for business processes are more highly available and reliable. Also, that ITIL is the adopted best practice in your industry sector.

However, there are sound reasons why the board should not solely be told about what ITIL is and why it is needed but should be made aware of how implementation of ITIL best practices will enable the board themselves to direct and control their business more effectively. Here is a key part of ITIL practices (also a key part of other frameworks and standards) that your board should be made aware of the need for and encouraged to participate in.

IT Strategy Committee and IT Steering Committee
No business can run today without IT services and board members fully recognise that. They realise that whatever strategic direction they wish to drive the business in, they will not be able to do that without business-aligned IT services. Linking business strategy to IT strategy is best achieved by having an IT strategy committee that consists of the CIO, the governance, risk and control (GRC) manager, the IT security manager, the IT service manager and chaired by a board member. In a very large company there will also need to be an IT steering committee that makes IT decisions based on IT strategy committee requirements as well as driving and controlling major changes to computer technology such as datacentres, cloud computing, bring your own devices (BYOD) and upgrades to IT services and technology. In smaller business, frequently there is just one committee and names used for that committee are either of those two committee names or another name such as IT executive committee.

Resources to study about IT Strategy Committee and IT Steering Committee are:

  1. ITIL (2011 Edition) Service Strategy, Chapter 5, Section 5.1 Governance, pp. 285-290
  2. COBIT 5: A business framework for the governance and management of enterprise I.T. - freely downloadable from ISACA website
    • Appendix E: Mapping of COBIT 5 with the most relevant standards and frameworks, pp.57-61
    • Appendix G: Detailed Description of COBIT 5 Enablers: Organisational Structures, pp.75-77
  3. ISO/IEC 38500 Corporate Governance of IT, 3.3 Principle 2: Strategy, p.11

© 2014 Geoff Harmer

Your rating: None Average: 3.7 (3 votes)
Geoff Harmer (02/06/2014)

"The Board's role in overseeing IT strategy".

On May1 2014, an interesting set of very short, free webinars for Board Members to view about their role in IT strategy was made available by the National Association of Corporate Directors (NACD) in partnership with ISACA and KPMG.

Titled: "The Board's role in overseeing IT strategy"



Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <br><p>
  • Lines and paragraphs break automatically.

More information about formatting options

This question is for testing whether you are a human visitor and to prevent automated spam submissions.