Effective IT governance is a critical tool for CIOs to align their organizations and efforts to support business strategy and create shareholder value. Given the rapidly changing and evolving technology options that confront CIOs and business leaders, making sure the right decisions are being made about investments in IT is an essential priority.
There are many misconceptions about what constitutes a comprehensive IT governance model and how it is implemented. IT governance is more than just:
- Having a steering committee that meets periodically to review and approve IT plans and budgets
- Involving the business on an annual basis to assist in assigning IT priorities
- Using financial metrics such as ROI to determine whether to invest in specific initiatives
- Instituting best practices to ensure projects are completed on time and within budget
- Measuring and reporting on user satisfaction of IT services
While all of the above are important yardsticks to assess the impact of IT, taken one by one they do not guarantee that IT is contributing to the type of business performance that provides competitive advantage and achieves enterprise business goals. Most of all, they do not constitute an effective IT governance program.
How Best to Think About IT Governance
IT governance comprises a decision framework and set of processes that allow CIOs and management to articulate desired outcomes through programs that enable the organization to attain these results. The decision framework and the corresponding tools and processes to support them must be clearly communicated so that day-to-day activities and decisions are made within this context. In other words, IT governance needs to instill behavior and awareness that is understood at all levels in the organization, not just by senior management.
Clearly the desired outcomes that shape IT will vary between industries and organizations. For example, some enterprises may focus on product innovation and accelerated go-to-market strategies while others may strive to create operational efficiencies throughout the value chain. CIOs may also encourage management to consider new technologies such as a big data, real-time analytics initiative or social-media-based customer satisfaction programs to support business performance.
The essential success factor, regardless of the specific initiative undertaken, is the linkage to tangible, measureable top-line or bottom-line business outcomes. As tempting as the latest technology or trend might be, organizations must always calibrate their IT endeavors against this metric to ensure they are not investing financial and human capital where it will yield minimal return and offer no strategic value.
CIOs must take the lead in helping place the organization’s competitive model within the governance-making framework so that the right decisions are being made and, ultimately, institutionalized across the enterprise. From a top-down perspective this means:
- Linking business strategy to the IT programs that will be undertaken and funded; this will be reflected and communicated within the IT planning process.
- Aligning IT spend and investments to ensure that they reflect the appropriate strategic initiatives. This is a continual process and not just part of the annual budgeting cycle.
- Staffing the IT organization with the necessary skills and resources to effectively execute the committed programs.
- Implementing effective risk management processes that ensure regulatory compliance, accountability, transparency and resiliency.
- Creating a financial scorecard that tracks approved IT investments to each desired outcome measured in delivered business benefits.
Institutionalizing IT Governance
The missing link between a well-thought-out plan endorsed by management and actualization is often the absence of tactical processes and policies both inside and outside of IT. Some critical and foundational disciplines include:
The emergence of enterprise architectures – solutions that support end-to-end business processes – require CIOs to advocate for far greater business involvement than was traditionally required for “siloed” applications. Prerequisites are (1) business sponsorship at an executive level to provide the sense of urgency and commitment of mind share and resources required and (2) business process owners who oversee and control the impact of new technology throughout the organization. Without these two ingredients, any strategic project will be viewed as IT-centric with little accountability from the business and, by extension, limited commitment to the desired outcomes.
Consistent practices in managing IT projects and delivering solutions within agreed-upon parameters is a basic building block for most organizations. However, within the broader context of an IT governance framework, program management must incorporate metrics that were used within the governance framework. This would include not only the investment analysis, but also the desired outcomes that drove the decision-making process. These metrics can incorporated within dashboards that will help management view progress, benefits and the effectiveness of their decisions. As all effective management practices, IT governance needs to be continually reviewed, assessed and refined with proper measurement and transparency. Program management is essential to bridging decisions to the execution of strategic plans.
By their very nature, IT architectures consist of numerous technical layers and components, making them difficult to relate to in terms of business activities and decision making. Portfolios are useful tools for CIOs to integrate views of IT services and solutions to senior management so that they can be associated with desired outcomes. Often this will result in moving toward architecture standardization as an added dividend that will yield long-term benefits. The move to integrated solutions across the enterprise will require a restructuring of the portfolio as an overall strategy that will reduce IT costs and deliver greater operational efficiencies. The portfolio dimension is another key criteria that must be incorporated within management scorecards to guide future technology investments.
How Best to Move Forward
Developing a comprehensive IT governance program can be a daunting task even for organizations with mature management practices. The best place to start is to become familiar with the COBIT 5 framework and principles. ISACA (Information Systems Audit and Control Association) offers many valuable tools and information that will help with education and putting into place a road map for the IT governance journey.
Additionally, consider utilizing an experienced practitioner that can help implement practical and proven strategies to formulate an IT governance program and road map. They can also assist in engaging senior management in adopting the necessary practices that will lead to acceptance across the broader organization.
It cannot be stressed enough that IT governance is an ongoing journey that will continually evolve, not a one-time destination. It is up to CIOs to lead the way by helping their organizations think about, evaluate and adopt the “right” IT strategies for their businesses.