Good IT governance means better business decisions.
IT governance is a hot topic though no one seems to be sure exactly what it is or how to explain it. In Gartner’s 2003 CIO top management priorities, IT governance jumped into the top three. But our experience is that just as corporate governance has been fraught with challenges, so too are both business governance and IT governance.
As information technology becomes more critical to enterprise success, IT-related decision-making becomes more complex. We have found that really effective CIOs cut through the complexity by adopting IT governance styles and mechanisms that effectively combine smart decision-making between top-level business and IT executives.
IT governance is about assigning decision rights and creating an accountability framework that encourages desirable behaviour in the use of IT. It’s not easy to get governance right, but it is critical to enterprise success. While there is considerable conjecture about what constitutes good governance and how to depict it, most is based on anecdotal evidence.
To bridge that gap and help our CIOs, Gartner’s Executive Programs (EXP) team worked with the MIT Sloan School’s Centre for Information Systems Research on a major study of IT governance. We obtained detailed information from our 250 CIOs from 23 countries about how their top-level business-IT governance operates and assessed their effectiveness.
IT governance is about who is entitled to make major decisions, who has input and who is accountable for implementing those decisions. It is not synonymous with IT management. IT governance is about decision rights, whereas IT management is about making and implementing specific IT decisions. Good IT governance effectively combines three components: what decisions need to be made, who makes them and how they are enacted
Five IT domains identify what decisions need to be made. Five key domains are the intersection of business and technology decision-making: IT principles or maxims, IT infrastructure strategies, IT architecture, business application needs and IT investment and prioritisation.
1. IT principles: how is it going to create business value? These are high-level statements about how IT will be used to create business value. They should reflect the enterprise business maxims. For example, in a large pharmaceutical firm, the business maxim of “develop partnerships with customers on a worldwide basis” led to several IT principles or maxims. These included “customer service representatives must have ready access to a complete file of each customer’s relationships with the firm”.
2. IT infrastructure strategies: how will we build shared services? IT infrastructure strategies describe why and how the enterprise will build and sustain a tailored set of shared and reliable services to meet business goals. For example, implementing customer profiling requires developing and managing certain standard applications across business units.
3. IT architecture: what technical guidelines and standards will we use? IT architecture is about the technical choices that guide the enterprise in satisfying business needs.
4. Business application needs: what applications do we need? Business application needs refers to applications that must be acquired or built to meet business requirements.
5. IT investment and prioritisation: how much and where will we invest? This covers the investment process for IT-enabled business initiatives, including how much and where to invest, how to progress, justify, approve and ensure accountability for initiatives.
Six IT governance styles define input and decision rights. The second component of IT governance is governance styles: who has input to the decisions and who makes the decisions. Six governancestyles involve different combinations of business and IT executives at different organisational levels.
In a business monarchy, the top business executives have the decision rights. These rights are often exercised through an executive committee or IT council, comprising business and IT executives. At UNICEF, C-level executives have the decision rights for four IT domains: IT principles, IT infrastructure strategies, IT architecture and It investment and prioritisation.
In an IT monarchy, the IT leadership group holds the decision rights. These are often exercised through an IT leadership council or office of the CIO. At the UK-based bank Abbey National Group (ANG), the information management leadership group has the decision rights for three IT domains: IT infrastructure strategies, IT architecture and business application needs.
In a feudal style, business unit leaders, or their delegates, hold the decision rights and authority is local. This style is found in enterprises with relatively autonomous business units and is often used to provide local responsiveness.
In the federal style, C-level executives and at least one other business group share governance rights. At InterAuto, decision rights in two IT domains — IT principles and IT investment and prioritisation — are held jointly by the global (internal) board and division leaders.
In a duopoly, rights are shared by IT executives and one other business group such as C-level executives or business unit leaders. Duopoly is the governance style for all domains at Old Mutual South Africa (OMSA), the largest financial services group in South Africa and part of the London-listed Old Mutual plc. OMSA’s IT governance follows business governance and has to balance pressures for both synergy and autonomy.
The sixth style, anarchy, exists where individual process owners or end users have the decision rights. Ad hoc decisions are made to satisfy local needs.
Governance mechanisms implement IT governance styles. The third component of IT governance are mechanisms. They can be specific to one IT domain or span multiple domains.
An executive committee is typically the mechanism used to make major enterprisewide decisions, including IT-related decisions, at the C- level. This approach encourages a holistic view, but unless there is top-level IT input via the CIO, these decisions might not be well informed about IT issues.
An IT leadership committee typically includes the most senior IT executives across the enterprise. This mechanism is particularly important in large, multibusiness enterprises.
Process teams that include IT members better ensure that IT is leveraged when business processes are re-engineered.
Business/IT relationship managers act as the intermediary between the business and IS, playing a critical daily two-way role.
IT councils of business and IT executives generally have overlapping memberships and provide focused environments for considering several levels of IT policies and investments.
Architecture committees define architectural guidelines and often involve both business and IT management.
Service-level agreements, tracking of IT projects and resources consumed, tracking the business value of IT and chargeback arrangements are all mechanisms that bring a level of professionalism and discipline to managing IT services supply and demand.
Use a matrix to demonstrate what your IT governance looks like. One of the biggest challenges in discussing governance is being able to “picture” it and put it down on one sheet of paper. If you can do this you have a great dialogue tool for discussions with both business colleagues and your IT team.
As part of our IT governance project we worked with organisations to depict their IT governance arrangements in a matrix. Across the top is the first component of governance, the five IT domains. On the vertical are the six IT governance styles. Then we suggest CIOs and their colleagues identify who has the input and decision rights for each domain by filling in the appropriate cell using the names of the mechanisms to identify how input is received and how decisions are made.
Once you have identified who is doing what you can use this as a basis for a trail of evidence linking enterprise business drivers and performance measures to desirable IT behaviours and IT metrics and accountabilities. In this way you can overtly use IT governance as a mechanism for change.
Effective IT governance has to be designed, it doesn’t just happen. Effective IT governance means making thoughtful decisions about those three major components. IT domains are areas where decisions need to be made. IT governance styles define who provides input and who makes decisions in the IT domains. IT governance mechanisms are techniques used to implement the IT governance style.
By evaluating the relationships between these components, you can map the IT governance arrangements in your enterprise. Some of these arrangements are more effective than others.
Next month I will detail the characteristics of enterprises that do IT governance better than others.
Dr Marianne Broadbent is group vice president and global head of research for Gartner’s CIO Executive Programs (EXP)