Governance: Getting the best returns on IT investment is
an important part of IT governance. But to achieve this, the gap
between IT and the business needs to close.
In 1776, when Adam Smith wrote “when ownership and control of
corporations are not fully coincident, there is potential for
conflicts of interest between owners and controllers”, little did
he appreciate that he was sowing the seeds for what has become the
great corporate governance debate of the late 20th and early 21st
centuries.
Smith recognised that there were complex dynamics between the
roles of business ownership and business management and that, as
corporations grow there becomes a need for a layer of governance to
protect the interests of those who provide capital and those who,
effectively, spend it. Indeed, Smith himself may be regarded as the
grandfather of Sarbanes-Oxley and other regulatory legislation.
This need for corporate governance, whilst exacerbated by the
corporate scandals of the last 30 years (just think Maxwell, Enron,
Worldcom etc), has therefore been an essential component of good
business practice for well over 200 years.
The same basic principles also apply to IT governance where,
within many business entities, traditionally there has been a
separation between those responsible for allocating funds for
information technology investment, and those responsible for
managing the investment.
With the perception, and perhaps the reality, that everything to
do with IT is complex and hard to fully understand, there has often
been a reluctance for senior business managers, and in particular
the board of directors, to fully assume any sort of demonstrable
and effective governance responsibility for IT.
Even with today’s dependence upon IT it remains rare, for
example, for the CIO to have a seat on the board, and hence the
reporting lines and the accountability for IT, at the highest
levels, are at best ambiguous or inappropriate, and often
non-existent.
The need to establish effective IT governance within today’s
increasingly complex and IT-dependent businesses is generally
accepted as a given.
All too often, however, its effectiveness is lost among well
meaning, but ultimately meaningless, governance structures and
processes, exacerbated by a real lack of knowledge and often a
reluctance, perhaps a fear, to get involved at the most senior
business levels of the entity.
In this respect I recall a meeting with the board of a
significant institution in the City of London a couple of years
ago, where a formal review of that institution’s IT governance had
identified some very real issues that were contributing to the less
than optimum return being achieved from its significant investment
in IT.
Partly this was caused by communication problems between senior
business management and the IT function, leading to ineffective and
uncoordinated IT-related initiatives.
To help overcome this I had recommended some facilitated
training for both IT management and executive board members in the
development and implementation of IT strategy.
I had in mind partnering with an appropriate business school to
provide this through a combination of workshops and individual
mentoring over a period of time. Although the principle was
accepted by the board, their concept of such training was that 30
minutes be allocated for it (in totality) at a future board
meeting.
This demonstrated to me, yet again, the lack of fully informed
engagement between IT and the business that still exists within so
many corporate and public sector organisations.
It is a regularly repeated mantra that successful development
and deployment of IT-related business change can only happen when
IT and the business are able to work together in full partnership,
using a common language, having a proper understanding of each
other’s domains, within a culture of mutual respect.
A formalised, yet non-bureaucratic, approach to IT governance
will help to achieve this.
Indeed, the business case for implementing appropriate IT
governance is well proven. For example, research carried out by the
Sloan School at the Massachusetts Institute of Technology (MIT) has
identified that entities with higher levels of governance are able
to achieve 40% greater returns from their investment in IT through
their enhanced ability to:
- clarify business strategies and the role of IT in achieving
them
- measure and manage the amount spent on, and the value received
from, IT
- assign accountability for the organisational changes required
to benefit from new IT capabilities
- learn from each implementation and become more adept at sharing
and re-using IT assets.
This research is most encouraging as it provides evidence to
support the view that governance is not just about regulation,
compliance and bureaucracy; rather it is about how to obtain
optimum returns from investment in IT and how to ensure that
measurable and transparent long-term, sustainable stakeholder value
is achieved.
This has to be a worthwhile objective for all organisations.
However, according to a survey carried out by
PricewaterhouseCoopers for the IT Governance Institute at the end
of 2005, less than 20% of the almost 700 organisations surveyed
believed they had already implemented IT governance, and 39%
currently had no plans for implementing IT governance.
Partly this is a matter of definition. Ask two CIOs to explain
what IT governance is and it is likely that you will get two
different answers. Equally, ask the same question of two business
managers and you will again get different answers.
The answers may not wholly conflict, and indeed may be
compatible, but there remains much confusion as to what IT
governance really means. To many it is all about compliance and
regulation. To others it is all about delivering demonstrable value
from investment in IT. The reality is that it is about all of these
things – and more.
The definition used by Peter Weill of Sloan MIT in his book on
IT governance is “specifying the decision rights and accountability
framework to encourage desirable behaviours in the use of IT”. A
little vague for some perhaps, but useful nonetheless.
The IT Governance Institute has defined it as “the structure,
oversight and management processes which ensure the delivery of the
expected benefits of IT in a controlled way to help enhance the
long-term sustainable success of the enterprise”. Both of these
definitions are equally valid.
IT governance is of fundamental importance in helping businesses
maximise their returns from their IT spend. But it is about more
than that. It is about transparency and openness of IT
decision-making, and the delivery of sustainable returns.
It is about recognising and managing IT-related business risks.
It is about compliance with relevant laws and regulations.
Above all, it is about ensuring that IT is properly understood
and debated at boardroom level and that directors and senior
managers are fully informed and engaged, at the right level, in
IT-related business issues.
Paul Williams is a consultant, writer and speaker on IT
governance and related topics. He is a past president of the IT
Governance Institute and a former chair of the IT Faculty at the
Institute of Chartered Accountants in England and Wales
Have your say: Is your company meeting the challenge of
effective IT governance? What is your approach to achieving
high-level cooperation? E-mailcomputerweekly@rbi.co.uk