But Carrow made a convincing case to Unisys CEO Lawrence Weinbach, and got the backing throughout his push to be able to make the tough callsand stick to them. The payoff? "Five years ago our IT shop had 1,300 people; now we have 850, and we are running better systems." Did this completely wipe out rogue IT at Unisys? No, Carrow acknowledges. "There is some leakage," he says. "There's always resistance because individuals want to make their marks." But the problem has diminished considerably.
At Boston-based FleetBoston Financial Corp., Joe Smialowski, vice chairman of operations and technology, remembers having to get similar buy-in from higher-ups to attack the ghost IT problem, which he said was costing the company millions of dollars, though he was unwilling to put a specific price tag on the problem. When the bank changed from a holding company intent on growth through M&A activity to a customer-service-oriented institution, data sharing became the center of CRM strategy, and ghost IT a more serious threat. In the bad old days, as legacy systems from Shawmut, Bank of New England, BankBoston and other acquisitions collided under the Fleet tent, shadow IT ran rampant.
To stop the flow of lost money, Smialowski in 1999 established an Executive Tech Council, which meets three times each year and includes about 20 people who make policy, explore cooperative procurement and establish technology standards. Fleet brings in key personnel from Argentina and Brazil to participate. The Architectural Review Board, a subset of the larger group, ensures that all designs and technology make sense and can be leveraged throughout the company. FleetBoston now gets the sharing and discipline it wants. Smialowski believes it's a lot tougher to get a shadow-IT project off the ground because FleetBoston's Resource Allocation Process (RAP) requires sign-off by a centralized IT governance group. "There is no way to spend money when you have centralized control of the purse strings," Smialowski says.
At Humana, not only does CIO Bruce Goodman now control the purse strings, he employs a strict system for IT governance. After having to fix that first billing-project-gone-awry, Goodman vowed there would be no more clean-up missions under his watch.
Goodman requires that all proposed IT projects be scored based on set criteria, and must reach a specific threshold to be approved. Projects get the green light based on how well they do in a variety of formalized categories: Cost/Benefit Analysis, Strategic Alignment, Competitive Position, External Customer Impact, Negative Impact, Regulatory Requirements, and Risks to the Project. Today, he says, ghost IT has been minimized considerably. "If you've got good governance in place, you can head it off," he says.
Now, when he comes across a ghost IT project gone awry, Goodman says he asks two important questions of business managers in trouble: "You want me to do what? You want it when?" For Goodman, having the power to say "no" is the best way to convince business units not to strike out on their ownand give up the ghost, right from the start.