Storm Clouds

Rob Livingstone

Rob is a respected and experienced CIO, with more than three decades of industry and ICT experience. Over the last 16 years he has held the CIO role at several multinationals, most recently Ricoh. He is the owner of Rob Livingstone Advisory and a Fellow of University of Technology, Sydney. Rob delivers the Pathways Advanced and Business ICT leadership programs in conjunction with the CIO Executive Council.

I was talking recently with several CFOs of some large Australian organisations about finding the balance between speed, agility and governance in the delivery of IT systems across the business. It was not long before the topic of Cloud systems was thrown into the discussion in the context of ‘the democratisation of IT’ — that is, users and non-IT managers wanting to implement systems of their choosing to meet their local divisional needs, due in part to the frustration of the time it sometimes takes for the IT department to get things done.

Broadly speaking, CFOs and CIOs share a common view of the need for effective governance frameworks in organisations — from differing perspectives, of course. The focus of the former is mostly on prudential and financial governance; the latter mostly on enterprise system availability and overall integrity. A happy discussion, essentially. In many organisations, however, the tolerance for IT governance declines exponentially the further you travel away the offices of the CFO and CIO into the lines of business. It is often perceived as unnecessary.

Along come ‘on-demand’ Cloud software systems, where your organisation pays only a subscription fee, and the system is available to the enterprise almost immediately. In the eyes of many users and organisations, it is indeed a very compelling proposition. Potentially, you do not even need the involvement of your trusty IT department to launch a business system, and more importantly, all the hassles of IT governance are taken care of by the Cloud provider.

Consider for a moment the broad line of business view of the implementation:

  • On-Premises systems: Define requirements > specify > choose whether to build or to buy and modify (then maybe wait a long time) > implement > maintain.

  • SaaS Cloud: Subscribe > configure > deploy > adjust as you go.

It is, potentially, a very different approach.

The implications on prevailing frameworks

A few questions spring to mind:

  • Do you have to change existing governance frameworks for a rapid implementation enterprise SaaS Cloud initiative? If so, what and how?

  • What are the implications of any enterprise governance policies? Does your organisation have a Cloud computing policy, for example?

  • Are your frameworks configurable and adaptable to meet significantly different approaches to the implementation of Cloud enterprise systems? Not all the risks inherent in the emerging public Cloud technologies are well or equally understood across organisations, regardless of whether they are commercial, legal, security or governance.

Governance versus bureaucracy

Governance is represented in a large number of frameworks including ISO 20000, ITIL; Six Sigma, COBIT; Balanced Scorecard, Prince2 and PMBOK. The frameworks combine with statutory regulatory requirements to define how the organisation runs. ‘Better 90 per cent on time, than 100 per cent late’ is often the catch-cry of line of business stakeholders who are impatient with the complexity and lead times on IT projects.

The problem is the missing 10 per cent can have unintended consequences if ignored altogether. Competing interests between IT and the line of business must be reconciled within the organisation for it to truly realise its potential, and it is through the process that the optimum governance settings can be determined.

An organisation can be its own worst enemy due to internal conflicts and lack of internal alignment. Reconciliation is often far harder to achieve in practice, but the change in mindset that is required leads to improved outcomes for both the organisation and IT as a whole. Can IT and business have a truly peer relationship? It’s already happening in successful organisations. For others, it’s something to strive for.

Find Rob at

Tags: Cloud, SaaS, strategy, governance

Show Comments