Business executives intuitively understand the importance of governance for organizational assets such as human capital, financial assets and physical assets. Still, many don’t necessarily appreciate the need to govern information and IT assets. Given the intangibility of information, and the resources invested in IT by the average business, it makes perfect sense to govern IT assets in an effort to control risks and ensure performance.
The truth is, sometimes things don’t go well within the IT groups for organizations of any size. There are the obvious failures, such as an expensive, failed IT project, or a disaster in which important business data is lost. Where does the fault really lie? With the IT people? Or with how IT is managed at the executive level?
Understanding IT Governance
Business executives of all walks are traditionally baffled by the complexity, costs and challenges of a constantly changing technology landscape. Perhaps growing frustrated with IT, many have become accustomed to abdicating the responsibility for key IT decision making to people within their IT group. This is a mistake, one that we have discovered consistently contributes to an under-performing IT organization.
IT governance can be defined as the set of mechanisms and processes any business organization must set up to make key decisions about IT. There is freedom and flexibility in the design of your organizational IT governance strategy based on need, but all remain rooted in commonalities as well. In their HBR paper published in Nov 2002, Weill and Ross argue there are several key decisions business leaders should never delegate to IT. These include – How much money should we spend on IT?; Which business areas should receive our limited IT resources?; and What security and disaster risks will we accept?
Getting Started With IT Governance
IT has many facets, and its business value can only be measured and interpreted by business executives. IT governance has to be done by committee – usually called the IT steering committee. To get started with IT governance, take the following simple steps:
- Form an IT steering committee consisting of key stakeholders of IT. This usually includes the business leaders of various departments in the organization.
- Develop a simple charter to guide the IT steering committee including goals, expectations, membership, roles and responsibilities. Also, include mechanisms for risk assessment, increasing alignment, monitoring performance and resource management.
- The committee should meet monthly, with an agenda to discuss key IT projects, assess progress, and take corrective actions where necessary. A goal of the committee should be to become tech savvy and learn how IT can be leveraged in new ways to help the business.
- Define an IT scorecard for the business, and prioritize IT projects.
- Perform a full annual evaluation of IT’s contribution to the business.
This may sound like a lot of work, and some executives still may choose to believe this to be the job of the CIO, or another IT leader in their organization, but the reality could not be further from the truth. Because IT has so many dimensions and affects everyone in an organization, IT governance cannot be done solely by the IT leader in any organization.
Assessing IT governance maturity in your organization
As with any major change management effort, it can take years to implement adjusted business processes across organizations and get people to adopt new methods. The IT governance maturity scale offered below is adapted from ISACA COBIT framework, and provides a simple way for organizations to understand where they rank:
Keep in mind, most mid-size businesses starting-out will find themselves to be at Stage 0, or 1. The key is to know where you stand now, and work to make progress advancing to the next level, a process which may take 2-3 years to implement.
The Value of IT Governance
When IT governance begins to work within any organization, benefits of many types are realized. First, business executives begin to make sense of the sometimes mysterious world of IT. Second, they begin to work towards the good of the entire organization as opposed to optimizing their part of the organization, only. Third, already limited IT resources are only allocated where they are needed the most. Finally, regular monitoring of key IT initiatives will discover problems much earlier, and will receive the help needed from executives in order to get back on track.
For a more in-depth treatment of this topic, please download our white paper titled How to align Information Technology with Your Business Needs.