What is i.T. Governance? While the subject continues to be a hot topic, everyone seems to have a different notion about what it is. Too many CIOs (and conference organizers) treat it as a catchall phrase covering how the IT group is organized and led. That doesn't make any sense to meand, besides, there are other names for those things. I prefer to focus on the original concept of governance as it's defined in the non-IT world: decision rights and accountabilities between groups of people. When you put "IT" in front of "governance," it's about how decision rights and accountabilities are distributed and shared between business and IT executives.
In this view, IT governance concerns something very basic, and important: how IT-related business decisions are made, who gets to make them, who has input and who's accountable for what. Governance is not about bureaucratic rules and regulations, and it's not a synonym for management, either. It's about how you bring togetherand keep togethertop-level business and IT executives for better and faster decision-making around information and technology choices, deployment and use.
That's what makes governance the glue that links an executable business strategy with an executable IT strategy. To establish that link successfully, you need the right people providing inputand the right people making decisions and being held accountable. And nowadays, you need to have a clear line of sight on who can make those decisions quickly.
As recently as the early 1990s, "official" business strategy was developed through an extensive planning process that resulted in a documented three- to five-year plan. In that environment, IT projects that lasted one, two, or even three years could be undertaken with reasonable expectations of successful completion. But that's changed dramatically. A difficult aspect of business life today is that business strategy and IT strategy, by necessity, move at much faster rhythms, and in different cycles. So do the various inputs to those strategies, such as your competitive environment as well as wider economic issues such as the current price of oil. As business cycles have sped up, there are virtually no static three-year plans left. More and more often, planning and execution happen simultaneously. If you are in a well-run organization, there might be a big-picture corporate intent for your enterprise and a small number of business principles or maxims that live in the hearts and heads of all employees. However, the business strategy that determines how you deliver on that intent now tends to be continually emerging, and smart businesses are able to rapidly sense and respond.
That's where the need for strong systems of governance comes in. The ability to integrate business and IT can exist only when clear and robust systems of IT governance also existsystems that will allow your organization to make well-informed decisions, and make them faster. It's about being agile. Nothing can reduce action to a crawl as quickly as uncertainty about who decides what and who's responsible for what. With good IT governancetransparency and the right people making decisionsthe enterprise is more effective at synchronizing IT strategy with business context.
But decisions about what? For starters, what is the role of IT in your enterprise? What are the underlying principles? How do you use IT compared with competitors? Whether your answers to those questions are thoughtfully constructed or simply implied through action, every organization acts on the basis of a set of maxims for IT that should be well thought-out, argued about and then acted on. At UNICEF, the maxim is "We use IT to drive a world-class supply chain." At Singapore-based DBS Bank, the maxim is "We leverage technology for maximum customer intimacy and to minimize business costs." At both enterprises, these principles are set by the top-level executive committee and become the basis for driving decision-making throughout the organization.
Second, how are priorities for IT-related investments created and who sets those priorities? Are they made on the same basis as other priorities, so that, above a certain level, they always go to the same spending committee? Or is the decision-making based on the ad hoc "squeaky-wheel" principle, a procedure that rarely leads to the best business decisions being made?
Third, how are decisions involving infrastructure strategies and shared services made? Who decides how "thick" or "thin" the layer of enterprise infrastructure services needs to be? What should be done centrally and what is done by business units?
IT architecture, the fourth domain, is often a mystery to both business and IT people. But IT architecture can constrain or enhance business decisions. Who decides how the architecture is to evolve? Can business or regional groups, or specific product managers, decide on their own that the firm's architecture principles don't make sense, that they constrain what the business wants to do, and then work around them? It is very usefulbut difficultfor business executives to try to understand how important IT architecture is for the business. JP Morgan Chase, for instance, has two different groups involved in this processone deciding on architectural guidelines, and another deciding on the technologies that meet those guidelines. The first has strong business participation, whereas most of the members of the second are from IT.
Finally, who gets to decide what business applications will be purchased and embedded in the enterprise? Does this decision belong with each businessprovided they can afford it? Or is it better to consolidate, or at least coordinate, these decisions? This is often one of the most contentious areas in IT governance. At one large U.S.-based retailer I have worked with, the CEO and CIO agreed that the executives in the different business units were too inexperienced to make those decisions. The evidence was the large number of failed investments to date. Decision rights were reassigned from these executives to a subgroup of the corporate executive group for 12 months, while the business-unit executives and managers were given more education and allowed more experience in making decisions about, and then executing, successful IT-related projects. At the end of the year, decision rights were returned to the business-unit executives and managers.
It takes time to get IT governance right, and the process can be frustrating. CIOs need to be very sensitive to how the business is organized and how decision-making really works. The best place to start is to clarify how your IT governance is structured now, and to get the perspectives of your executive colleagues as to what would be best. In studies Gartner has undertaken with MIT's Sloan School of Management, the ability of business executives to explain their organizations' IT governance was a key predictor of effective IT governance (which in turn correlated to better financial performance).
Effective IT governance is the secret weapon for successful CIOs. Initially, many CIOs think that spending time on governance will make their lives more complex. They soon realize that the opposite is true: Done right, it reduces complexity and makes life much simpler.
MARIANNE BROADBENT is Senior Vice President at Gartner responsible for Gartner's global research business strategy, and a Gartner Fellow. Her next column will appear in February.