5. Leverage industry standards such as COBIT.
COBIT (Control Objectives for Information and related Technology) provides a framework of controls that "define how well the IT organization should be managed," Sun Microsystems' Worrall says. Sun's CIO recommended implementing COBIT, which the IT group adopted with positive results. While the company's IT department uses ITIL (Information Technology Infrastructure Library) as a blueprint for operational procedures, it uses COBIT to define the way the IT organization should be managed.
"We are absolutely a big proponent of COBIT," he says. "As part of our multi-year roadmap of activities that we used to get us to where we are now with clear documentation and controllable processes, we used COBIT as an overarching industry framework."