IT Governance a Compass Without a Map?

Troy DuMoulin, VP Research & Development | June 28, 2007

Does your IT Governance output provide you with a detailed strategic blueprint and plan for business value generation or is it a compass without a map? Over the last few weeks I have been dealing with issues at a very operational level related to topics such as the correct use of classification schemes or how to handle emergency changes. While these are important topics I find that many organizations have a fundamental problem with a more strategic issue. Perhaps many of the challenges that we face today are a reflection on the state of maturity of IT Governance structures and roles. In part this is due to the fact that many people disagree on the definition and role of IT Governance and to quote one of my favorite sayings “what is not defined cannot be controlled, managed measured and improved.” Troy's abbreviated summary: IT Governance is responsible for (defining, establishing and measuring) the enterprise IT (vision, strategy, policies, structures and capabilities) required to support business value generation and corporate governance requirements. To use a building analogy, IT Governance is responsible for understanding business requirements, legislative constraints and technology opportunities. It then takes this knowledge and drafts the master blueprint and architecture for how to build, run and improve the IT organization. In this blueprint key design decisions are documented:

  • IT Accountability and decision making framework
  • Enterprise IT Policy
  • The IT Service Portfolio & Architecture
  • Organizational Structure and Supplier Model
  • Operating Model, IT Capabilities/Processes
  • Technology and IT Tool Standards
  • IT Investment and Funding Models
  • Performance Dashboard Characteristics
  • Etc..

Based on this blueprint, it is the responsibility of IT Management (the skilled tradesmen who build based on the blueprint) to adopt, implement and comply with the established vision and strategies. However it remains the responsibility of IT Governance to ensure that management does in fact implement and remains in compliance with the established blueprint. Without these elements having being clearly documented and communicated IT management and project investment decisions are made blindly in isolation without consideration or in alignment with an enterprise IT strategy. The key words from this summary are: (Define, Establish and Measure). It is my belief that the responsibility of IT Governance includes but extends beyond setting high level principles, policy and decision making models (the compass). Unless IT Governance defines the details around its operating model (the map) the vision and strategy is limited without, context and direction. The central problem I believe is that many organizations view the role of IT Governance as too heavenly minded to be much earthly good. Their approach to IT Governance goes as far a developing a high level vision and strategy but falls short of defining enough detail to support the creation of the IT organization they envision. Or at the very least what is defined at an executive level is not effectively communicated down to an operational level. However defining vision/strategy and establishing a blueprint is still only 2 out of 3 key activities. For IT Governance to be ultimately successful an executive level measurement model or dashboard needs to be established for all aspects of the blueprint. The purpose of this dashboard is to initially baseline in order to identify gaps and priorities and then to support continual improvement and ensure organizational compliance. (What is not measured is not done!) This post represents my personal views on the scope of IT Governance and I am aware that many people may believe I have pushed into the domain of IT Management. However, consider that IT Management is typically focused on technology domains or lines of service. What I have described as the role of IT Governance is related to establishing a comprehensive operating model for enterprise IT which establishes the rules of engagement and cooperation for all IT service provider types (business unit IT, shared IT and external suppliers). Two respected organizations that research and write on this topic are the IT Governance Institute and the MIT Sloan Center for Information System Research. Please consider the following quotations from these two sources in light of what I have shared so far.

IT governance is the responsibility of executives and the board of directors, and consists of the leadership, organizational, structures and processes that ensure that the enterprise's IT sustains and extends the organization's strategies and objectives. Furthermore, IT governance integrates and institutionalizes good practices to ensure that the enterprise's IT supports the business objectives. ~IT Governance Institute — “COBIT 4.1”
IT Governance is the decision rights and accountability framework for encouraging desirable behaviors in the use if IT. IT Governance reflects broader corporate governance principles while focusing on the management and use of IT to achieve corporate performance goals. IT Governance encompasses five major decision areas related to management and use of IT in a firm, all of which should be driven by the operating model:
  1. IT principles: high level decisions about the strategic role of IT in the business
  2. Enterprise Architecture: the organizing logic for business processes and IT infrastructure
  3. IT Infrastructure: centrally coordinated, shared IT services providing part of the foundation for execution
  4. Business Application Needs: business requirements for purchased or internally developed IT applications that both use and build the foundation for execution.
  5. Prioritization and Investment: decisions about how much and where to invest in IT, including project approval and justification
~ Harvard Business Review / MIT Sloan “Enterprise Service Architecture as Strategy”

Notice that while the two have subtle differences they share common characteristics and are both action oriented. IT Governance is active, directive and ongoing! One last thought: Consider that when organizations are making decisions to adopt and implement best practice IT Management frameworks such as CMMI or PMBOK they should in theory be motivated to do so by an established IT governance blueprint. These frameworks are in reality a set of tools that provide a means to an end. If the blueprint has already identified a need to adopt practices around Information Security, IT Service Management, or Application Lifecycle then these frameworks can be used to achieve pre-determined governance requirements. However, when this blueprint is missing we often find organizations struggling to explain the benefits of why they should adopt good practices such as a single change management process or a CMDB strategy for coordinating and presenting enterprise IT data. Without this critical blueprint it often appears if the tail is wagging the dog. Troy's thoughts what are yours? “There is a theory which states that if anybody ever discovers exactly what the Universe is for and why it is here, it will instantly disappear and be replaced by something even more bizarre and inexplicable. There is another theory which states that this has already happened” ~Douglas Adams

Like this article? Like

Comments

Post a comment