In my career as an IT consultant and project manager, my observation of companies from the inside has led me to the inescapable conclusion that IT governance is a myth. This is not to say that the organizations I've worked with have weak project management or poor software design practices — many companies excel at these activities. I'm also not implying that organizations don't see the benefit of robust IT governance; more than 70% of CIOs surveyed by the CIO Executive Board (CEB) say an IT governance strategy is important. In another survey of IT executives, 38% told the IT Governance Institute that they have mature IT governance processes in place; the rest said they do governance ad hoc or not at all.
The IT Governance Institute does not, however, present a detailed framework that describes what governance is and how to get there. That's where the CIO Executive Board comes in. The CEB, a member-focused community composed of working CIOs dedicated to enhancing their members' skills in strategic IT management, polled its members and created a competency framework for IT governance titled Key Attributes of the World-Class Information Technology Organization. The document presents a stringent guideline for IT governance, which includes 25 clearly defined attributes. Within eight overall categories, including IT Performance Measurement and Value Demonstration and Infrastructure Delivery and Management, the CEB names 25 areas of responsibility that CIOs must direct in order for IT to be properly governed.
Let's look at the first seven of these attributes, as prioritized by the CIOs. These areas are highlighted by the diagnostic tool as Attributes of Interest to CEO/CFO.
- Strategy and Planning
- Enterprise Architecture
- Business Case Discipline
- Portfolio Management
- Value Demonstration
- Performance Reporting
- Risk Management
These are pretty generic recommendations, and most enterprises large enough to worry about these functions have some mechanism in place to manage them. As working consultants or IT insiders, I challenge you to name three organizations you've encountered that excel in all of these areas.
IT is often divorced from strategy, as evidenced in the IT Governance Institute's survey I referenced earlier. Those findings show that 27% of CIOs aren't invited to their companies' executive meetings, and 42% of CIOs still report to the CFO. Enterprise Architecture is frequently ad hoc, built up by application, with no overall structural design, and is often disjointed over departments and geographies. Business Case Discipline is rare and often overruled by less objective measures like political clout. IT's inability to clearly quantify and demonstrate its value is legendary. My point is simple: Most IT professionals will agree that their business and clients have a long way to go in order to claim IT governance, even if we just use the first seven attributes.
When you look at the other 18 items on the list, you'll see such items as Security Policies and Standards and Disaster Recovery and Business Continuity Planning — both of which are as core to a successful IT organization as the first seven attributes outlined. IT Staff Development? Check! Data and Knowledge Management? Check! Turns out, the same is true across the entire list of 25 attributes — there are not many you can do without. The CIOs that created this material agree; only 7% of those involved didn't think these attributes were all "high priority."
I encourage you to read the diagnostic and the associated material because it offers a clear and logical set of focus areas, against which you can judge your company or your client's company. The diagnostic that the CEB supplies is not just a list of focus areas — it's also an improvement action plan. By following the guidelines and using the tool to self-rate and using the results to create a prioritized action plan, you can utilize this distillation of the wisdom and experience of CIOs and apply it to your enterprise. For CEB members, it offers an added resource: case studies specifically written to illustrate a best practice in one of the practice areas. So, in Portfolio Management, for example, the CEB presents a case study featuring Schlumberger, the global energy services company, and its Enterprise-Level Portfolio Prioritization process.
The document's main diagnostic layout is a great tool to convince customers that they ought to take governance, and each of the practice areas outlined in the CEB's report, seriously. A simple self-rating session, in which a facilitator leads the IT organization through an honest evaluation process, can work wonders in revealing and prioritizing the team's development areas. The CEB recommends that the diagnostics it provides be used in a "surface, test, and communicate" program. Just discussing the listed attributes surfaces the areas of competency and potential development in the firm. Trying them out on different audiences, to test different stakeholders' sensitivities to them, is a recommended next step. Then, once self-evaluation and improvement efforts start, you can use the diagnostic and its results to communicate the improvement effort to the organization to gain momentum.
I've used the CEB's diagnostic material to educate and consult with clients regarding IT governance, and it's the clearest depiction of the IT function and its practice areas I've encountered.
Additional IT governance resources from TechRepublic
- Learn how IT governance can benefit your organization
- Why SMBs should formalize IT governance processes
- Project governance and failure
- Develop a culture of IT governance within your organization
- Product Spotlight: Varonis Data Governance Suite 4.0
Rick Freedman is the author of three books on IT consulting, including "The IT Consultant." Rick is an independent consultant and trainer, working, through his company Consulting Strategies Inc., to help agile teams and organizations understand agile practices and migrate successfully.