Feb

5

Ten Principles of IT Governance

Filed Under Uncategorized 

The Harvard Working Knowledge has an article "Ten Principles of IT Governance" by Peter Weill and Jeanne W. Ross, taken from their HBS Press book "IT Governance". The ten principles listed below provide a good foundation for your IT governance programme.

  1. Actively design governance: "Many enterprises have created disparate IT governance mechanisms. These uncoordinated mechanism "silos" result from governance by default—introducing mechanisms one at a time to address a particular need (for example, architecture problems or overspending or duplication). Patching up problems as they arise is a defensive tactic that limits opportunities for strategic impact from IT. Instead, management should actively design IT governance around the enterprise’s objectives and performance goals….. Not only does overall governance require active design, but each mechanism also needs regular review. Focus on having the fewest number of effective mechanisms possible…..  Many enterprises with effective IT governance have between six and ten integrated and well-functioning mechanisms. One goal of any governance redesign should be to assess, improve, and then consolidate the number of mechanisms."
  2. Know when to redesign: "Rethinking the whole governance structure requires that individuals learn new roles and relationships. Learning takes time. Thus, governance redesign should be infrequent. Our recommendation is that a change in governance is required with a change in desirable behavior….. governance processes communicate and enforce new desirable behaviors to facilitate organizational transformations."
  3. Involve senior managers: "In our study, firms with more effective IT governance had more senior management involvement. CIOs must be effectively involved in IT governance for success. Other senior managers must participate in the committees, the approval processes, and performance reviews. For many enterprises, this involvement is a natural extension of senior management’s normal activities….. CIOs must be effectively involved in IT governance for success…. Many senior managers are willing to be involved but are not sure where to best contribute. It’s very helpful for the CIO and his or her staff to communicate IT governance on one page with a picture like the Governance Arrangements Matrix. The matrix provides a vehicle for discussing each senior manager’s role and any concerns they have."
  4. Make choices: "Good governance, like good strategy, requires choices. It’s not possible for IT governance to meet every goal, but governance can and should highlight conflicting goals for debate. As the number of tradeoffs increases, governance becomes more complex. Top-performing enterprises handle goal conflicts with a few clear business principles. The resulting IT principles reflect these business principles…. Some of the most ineffective governance we have observed was the result of conflicting goals."
  5. Clarify the exception-handling process: "Exceptions are how enterprises learn. In IT terms, exceptions challenge the status quo, particularly the IT architecture and infrastructure. Some requests for exceptions are frivolous, but most come from a true desire to meet business needs. Formally approved exceptions offer a second benefit in addition to formalizing organizational learning about technology and architecture. Exceptions serve as a release valve, relieving the enterprise of built-up pressure. Managers become frustrated if they are told they can’t do something they are sure is good for business…….If the exception proposed by a business unit has value, a change to the IT architecture could benefit the entire enterprise. We have described the exceptions process of UPS, State Street Corporation, and other enterprises. All these exemplars have three common elements to their exceptions procedures:
    • The process is clearly defined and understood by all. Clear criteria and fast escalation encourage only business units with a strong case to pursue an exception.
    • The process has a few stages that quickly move the issue up to senior management. Thus, the process minimizes the chance that architecture standards will delay project implementation.
    • Successful exceptions are adopted into the enterprise architecture, completing the organizational learning process."
  6. Provide the right incentives: "… a common problem we encountered in studying IT governance was a misalignment of incentive and reward systems with the behaviors the IT governance arrangements were designed to encourage. The typical concern: ‘How can we expect the governance to work when the incentive and reward systems are driving different behavior?’ "
  7. Assign ownership and accountability for IT governance: "Like any major organizational initiatives, IT governance must have an owner and accountabilities. Ultimately, the board is responsible for all governance, but the board will expect or delegate an individual (probably the CEO or CIO) or group to be accountable for IT governance design, implementation, and performance—similar to the finance committee or CFO being accountable for financial asset governance. In choosing the right person or group, the board, or the CEO as their designate, should consider three issues…. First, IT governance cannot be designed in isolation from the other key assets of the firm (financial, human, and so on). Thus the person or group owning IT governance must have an enterprise-wide view that goes beyond IT, as well as credibility with all business leaders…. Second, the person or group cannot implement IT governance alone. The board or CEO must make it clear that all managers are expected to contribute to IT governance as they would contribute to governance of financial or any other key asset…. Third, IT assets are more and more important to the performance of most enterprises. A reliable, cost-effective, regulation-compliant, secure, and strategic IT portfolio is more critical today than ever before. The person or group owning IT governance must understand what the technology is and is not capable of. It is not the technical details that are critical but a feel for the two-way symbiotic connection between strategy and IT…. Our recommendation is that the board or CEO hold the CIO accountable for IT governance performance with some clear measures of success."
  8. Design governance at multiple organizational levels: "In large multi-business unit enterprises it is necessary to consider IT governance at several levels. The starting point is enterprise-wide IT governance driven by a small number of enterprise-wide strategies and goals. Enterprises with separate IT functions in divisions, business units, or geographies require a separate but connected layer of IT governance…. The lower levels of governance are influenced by mechanisms designed for higher levels. Thus, we advocate starting with the enterprise-wide IT governance, as it will have implications for the other levels of governance."
  9. Provide transparency and education: "It’s virtually impossible to have too much transparency or education about IT governance. Transparency and education often go together—the more education, the more transparency, and vice versa. The more transparency of the governance processes, the more confidence in the governance.  Many firms like State Street Corporation use portals or intranets to communicate IT governance. State Street’s portal includes under the section ‘IT Boards, Committees, and Councils’ a description of the Architecture Committee and all the other governance bodies. The portal includes tools and resources, such as a glossary of IT terms and acronyms and the ‘Computer Contract Checklist.’ Often portals include lists of approved or recommended products. Templates for proposing IT investments complete with spreadsheets to calculate the IT business value are often available….. The less transparent the governance processes are, the less people follow them. The more special deals are made, the less confidence there is in the process and the more workarounds are used…. Communicating and supporting IT governance is the single most important IT role of senior leaders…… Firms in our study with more effective governance also had more effective governance communication. The more formal vehicles for communication were the most important."
  10. Implement common mechanisms across the six key assets:  "We began the book by describing how IT governance fits into corporate governance. We contend that enterprises using the same mechanisms to govern more than one of the six key assets have better governance…… relationship assets….IP assets……human assets…..information and IT assets……physical assets….financial assets….. Many enterprises successfully coordinate their six assets within a project but not across the enterprise via governance."

This is a great check list that can be used to start or review our existing IT governance structure and process. Given this list how effective is your existing governance mechanisms? Which one action can you take this week to strengthen IT governance with your organisation?

 

Technorati Tags: , , , , , , , , ,

Related Posts

Comments

Leave a Reply