IT Governance: Does it Work?

My good friend Peter Weill, Chairman of MIT’s Center for Information Systems Research (CISR), defines IT governance as “specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT.” In a perfect system, desirable behavior would be the norm and governance would deal with the exceptions. Unfortunately, in many organizations, the reverse is true.

Consider the results of a question from Diamond’s most recent Digital IQ survey asking for indications of project success. Diamond Digital IQ 2009 - IT Project SuccessAside from the provision of a high quality computing platform, consistent project delivery has got to be one of the primary ways to measure IT’s value to the business. In this year’s survey, fewer than 50% said that projects were delivered on-time and only 16% said they delivered all of the features and capabilities initially planned. What is wrong here? Some would say that this is a governance problem – how could IT leaders constantly allow projects to continue to burn time and money without intervention?

I would argue that IT governance does not work if it is treated as separate set of overlays on top of the core day-to-day processes. In my experience, many of the performance improvements IT governance is intended to fix cannot be fixed by governance alone.

What is likely at fault in the project delivery case, is not a lack of IT governance, but rather poorly understood, poorly trained, poorly documented and poorly enforced set of work processes. In the case of IT project delivery, an organization’s use of its chosen software development lifecycle processes, or SDLC, while often talked about, is usually at the root of the problem. Symtopms of this problem that I often hear:

  1. “We use the vendor’s/outsourcer’s methodology” (you need one too to drive the action)
  2. “We have a standard set of templates” (that’s not enough)
  3. “We use (fill in the name of a project workplanning tool)” (a tool cannot replace a well-defined and followed process)

Enterprise architecture (EA) is another area where governance is often applied. In the case of EA, lack of a solid core process is also often to blame in poor architecture adherence and adoption. Again, organizations must spend the time to enhance its project planning and SDLC processes with the proper EA tasks instead of simply adding an EA governance mechanism on top of a set of immature or broken core processes.

So, before launching a new IT governance design effort, make sure to inspect your core work processes first. They are often at the root of the problem.  IT governance does work, but only when designed along with the processes it is supposed to help.

  • http://www.newat.com Glenn Whitfield

    Chris,

    Great Post. You are right on that one should look a the work processes first. I strongly believe the approach any IT project should take is to focus on the process while engaging and involving the people to prepare for the technology. I talk a lot more about this in various posts on my blog: http://itbusinessalignment.wordpress.com/

    Fix the process first, then apply the technology!

  • http://www.newat.com Glenn Whitfield

    Chris,

    Great Post. You are right on that one should look a the work processes first. I strongly believe the approach any IT project should take is to focus on the process while engaging and involving the people to prepare for the technology. I talk a lot more about this in various posts on my blog: http://itbusinessalignment.wordpress.com/

    Fix the process first, then apply the technology!

  • pktm

    While not being defensive (I certainly believe that inconsistent IT governance AND faulty work processes are legion throughout the industry), I’d point out the likely weakness in your survey that you quote at the top. As we all know, people’s perceptions of what is promised have been known (ahem) not to align with the reality of what’s in scope. I’ve often seen the syndrome of the “Silver Bullet Project”–a major undertaking, heavily funded, which suddenly gets assumed, on the business side, to cure every ill they’ve ever had. Disappointment under that scenario is almost guaranteed. I have spent a lot of my time as CIO ramping DOWN expectations in situations like that, because they’re flat-out unrealistic.

  • pktm

    While not being defensive (I certainly believe that inconsistent IT governance AND faulty work processes are legion throughout the industry), I’d point out the likely weakness in your survey that you quote at the top. As we all know, people’s perceptions of what is promised have been known (ahem) not to align with the reality of what’s in scope. I’ve often seen the syndrome of the “Silver Bullet Project”–a major undertaking, heavily funded, which suddenly gets assumed, on the business side, to cure every ill they’ve ever had. Disappointment under that scenario is almost guaranteed. I have spent a lot of my time as CIO ramping DOWN expectations in situations like that, because they’re flat-out unrealistic.

  • cbcurran

    Thanks for your comment, Peter. Regarding the survey, it included 450 participants of a “Fortune 1000″ size, half business and half IT execs. So, while any survey isn’t perfect, the project delivery results can’t be totally attributed to misaligned business expectations.

  • http://www.argonconsult.no Kjell Soerensen

    The core business processes must be in place for any IT development or investment. But the IT professionals are not doing their job unless they involve and participate in improving and developing the business processes. The IT professional responsibility thus should extend into a shared responsibility with main business development to establish and maintain business structures that IT should syncronize with optimally.
    The earlier IT professionals with a “process mind” are involved in process work – the better IT Business support will be later on, and thus improved business value. IT Governance thus define the arenas, “procedures” and rules to follow directing these efforts – consistent with the business descion structure.

  • http://www.argonconsult.no Kjell Soerensen

    The core business processes must be in place for any IT development or investment. But the IT professionals are not doing their job unless they involve and participate in improving and developing the business processes. The IT professional responsibility thus should extend into a shared responsibility with main business development to establish and maintain business structures that IT should syncronize with optimally.
    The earlier IT professionals with a “process mind” are involved in process work – the better IT Business support will be later on, and thus improved business value. IT Governance thus define the arenas, “procedures” and rules to follow directing these efforts – consistent with the business descion structure.

  • Pingback: SOA, Simples Assim! » Governança de TI funciona?()

  • Pingback: 5 IT Governance Attitudes Foreshadow Failure — CIO Dashboard()

  • Pingback: The Life and Death of IT — CIO Dashboard()

  • http://community.ca.com/blogs/theitgovernanceevangelist/ Steve Romero

    Chris, this post is music to my ears! You are one of the few experts out there who realizes the essential nature of the “other dimension” of the IT governance mechanisms Peter Weill and Jeanne Ross describe in their watershed book on IT governance. Most organizations jump all over the “role” aspect of IT governance mechanisms – assigning executive accountability and establishing governing committees. But almost all of these organizations fail to address the other dimension of IT governance mechanisms – processes. Thanks for another great post.

  • http://community.ca.com/blogs/theitgovernanceevangelist/ Steve Romero

    Chris, this post is music to my ears! You are one of the few experts out there who realizes the essential nature of the “other dimension” of the IT governance mechanisms Peter Weill and Jeanne Ross describe in their watershed book on IT governance. Most organizations jump all over the “role” aspect of IT governance mechanisms – assigning executive accountability and establishing governing committees. But almost all of these organizations fail to address the other dimension of IT governance mechanisms – processes. Thanks for another great post.

  • http://community.ca.com/blogs/theitgovernanceevangelist/ Steve Romero

    Chris, this post is music to my ears! You are one of the few experts out there who realizes the essential nature of the “other dimension” of the IT governance mechanisms Peter Weill and Jeanne Ross describe in their watershed book on IT governance. Most organizations jump all over the “role” aspect of IT governance mechanisms – assigning executive accountability and establishing governing committees. But almost all of these organizations fail to address the other dimension of IT governance mechanisms – processes. Thanks for another great post.

  • Pingback: A CIO Can’t Do More With Less — CIO Dashboard()

  • cbcurran

    Thanks for your comment, Peter. Regarding the survey, it included 450 participants of a “Fortune 1000″ size, half business and half IT execs. So, while any survey isn’t perfect, the project delivery results can’t be totally attributed to misaligned business expectations.