More often than not, I find myself asking how IT governance is done in their organization?
And I've begun to see a very strong correlation between good governance and good IT.
What's This All About?
Governance shouldn't be a new or esoteric concept to anyone.
We're all familiar with how it usually works in the public sector -- we appoint or elect people to represent our interests, multiple agendas are debated and discussion, decisions and tradeoffs are made, policies are drafted, and then implemented. That's the idea, anyway :-)
The same sort of activity has strong analogs in the private sector as well. If you're a public company, you usually have strong governance for finance-related issues. Ditto with people resources -- HR.
Well, if IT requires a big investment, and is seen as important to the organization, wouldn't IT governance be a logical candidate?
You Might Not Want To Hear The Answer
Quite frankly, using IT as a competitive advantage isn't a top priority for some of the customers I meet. Their IT needs are pretty well defined ; maximizing their core competencies doesn't depend heavily on advanced IT capabilities. Their agenda is usually pretty simple: do what you did last year, only do it incrementally faster / better / cheaper. Maybe a few interesting projects thrown in ; nothing too daunting.
Now, as a career employee of IT vendors, I might have some self-perception issues with the above statement, but as a student of business it's very important to understand business models and core competencies.
If you're an IT employee of one of these "IT ain't so critical" organizations, you might get frustrated that the rest of the organization doesn't "get it". Well, maybe there's a good reason.
But That's The Exception ...
I don't know whether it's personal sampling bias, but the vast majority of the enterprises I deal with treat IT strategy and execution as a very serious deal, and the topic is on the short list of overall organizational priorities.
And that's when the governance discussion becomes so compelling to me.
It's All About Tradeoffs
Usually, the tradeoff in IT strategy and execution boils down to three competing forces.
First and foremost is the need for the business to make money. Whether this is finding new customers, selling to existing customers more successfully, lowering costs of goods and services sold, or perhaps improving quality -- IT is a key weapon in most of these endeavors.
The logical conclusion? Good IT governance will require a reasonable "voice of the business" at the table. And by "business", I'm referring to the revenue side of things :-) The agenda shifts a bit in the public sector, but the idea is still valid.
Secondly, IT at scale is an expensive proposition. Budgets are not infinite; available capex and opex can be used for non-IT purposes as well, and basically it's almost impossible to have an IT discussion without having the corresponding "how will we pay for all of this?" discussion.
The logical conclusion? The finance function is an integral part of good IT governance. Not only from a "how much money are we spending in IT" perspective, but -- ideally -- the broader perspective of all the various investment opportunities competing for capex and opex resources.
Finally, IT usually entails aspects of risks that are meaningful to the business. From outages to information leaks, IT is responsible for all of the organizations information assets -- and there's all sorts of untoward things that can happen as a result
The logical conclusion? There needs to be a voice at the table that speaks for assessing the probability and impacts of potential risks to the business. Ideally, this would be someone who has a legal background, or similar.
Assembling The Seats At The Table
We now have an idealized four-way picture -- revenue, cost, risk -- and, of course, representation from the IT discipline itself. Whether you'll need multiple individuals to represent one of the above perspectives is a matter of implementation, but I'd argue that good IT governance requires strong and continued participation from al the roles above.
Indeed, when I meet with customers who absolutely depend on IT as a key part of their overall business strategy (large financial firms, for example), they've got this absolutely nailed, and there are few questions about how IT policies are set and measured.
What If You're In The Middle?
Unfortunately, the vast majority of customers I meet with are somewhere in a no-man's land between the two extremes: strong, institutional governance of IT on one end, and very minimal governance (or even non-IT exec participation) at the other end.
The question then becomes -- how much governance is enough in these situations?
The challenge is that having some sort of IT governance function is terribly helpful when you've got a big IT issue to wrestle with, i.e. new data center, acquisition, new regulations to comply with, etc.
Unfortunately, it's very unwise to convene a meeting with people who are not up-to-speed on the issues, and probably wishing they were somewhere else :-)
When I get into this topic with customers, I usually argue for a modest up-front investment in time to find and engage key leaders on a variety of softball policy topics -- well before a big, hairy issue comes up!
Governance and Sub-Governance
I've had the privilege of seeing more than few IT organizations over a prolonged period of time, and how they've progressed down this path.
Many of them have sprouted a healthy crop of sub-governance teams that tackle particularly interesting IT issues. For example, within the EMC IT organization, not only do we have reasonably good IT governance, we also have cross-functional teams working on policies around cloud, collaboration, and other relevant business-IT topics.
Yes, there are more meetings to go to. But, that being said, everyone I've met would agree that good cross-functional governance of IT functions is a "good thing". Good decisions get made, and made more quickly.
And what IT professional wouldn't want that?A Hard Look In The Mirror
It's typical for people in the IT organization to bemoan the lack of engagement by business leaders in IT issues. And, to be honest, I hear a lot of that on a very regular basis.
But ask yourself -- have you invested in creating a lightweight IT governance team?
Because, from where I sit, good IT governance usually results in good enterprise IT.