IT Governance: The Solution to IT Anarchy, Part II

So what are we talking about when we talk about IT Governance? According to Gartner,

“IT governance specifies the decision-making authority and accountability to encourage desirable behaviors in the use of IT. IT governance provides a framework in which the decisions made about IT issues are aligned with the overall business strategy and culture of the enterprise. Governance is about decision making per se — not about how the actions resulting from decisions are executed. Governance is concerned with setting directions, establishing standards and principles, and prioritizing investments; management is concerned with execution.”

The IT Governance Institute, an industry consortium that seeks to further the understanding and execution of IT management and control, informs us that the purpose of IT governance is to direct IT endeavors, to ensure that IT’s performance meets the following objectives:

  • Alignment of IT with the enterprise and realization of the promised benefits.
  • Use of IT to enable the enterprise by exploiting opportunities and maximizing benefits.
  • Responsible use of IT resources.
  • Appropriate management of IT-related risks.

    In the pithiest definition yet, Forrester Research tells us:

    “How decisions are made, who makes the decisions, who is held accountable, and how the results of decisions are measured and monitored are all parts of IT governance.”

    It is important to note that these definitions are focused on the process of IT decision-making, not the content. Firms may decide to invest heavily in IT as a strategic differentiator, or they may decide that IT is not showing the results expected and is not worth incremental expenditure.

    They may choose to purchase a new application or build a new data center, or not. The question that IT governance asks is how these decisions are made: Are they made in an ad hoc manner, with no formal governance structures and little consistency from one decision to the next, or are they consistent and disciplined, requiring that a measurable business case be made for all IT investments, and that a feedback mechanism be in place for all initiatives so their ultimate business value can be evaluated?

    While all these commentators have varying ideas about what constitutes proper IT governance, there are a few ideas that they hold in common. For instance, a review of the commentary around governance indicates that an IT governance strategy should address the following issues:

  • IT alignment with the organization’s strategic plan.
  • IT investment discipline, ensuring that investments are made based on a consistent set of criteria and a structured analysis of expected business value, and that balance is achieved across the IT investment portfolio between ongoing operational IT and future technologies to ensure competitive advantage.
  • Risk management, ensuring that the organization is considering, weighing, and planning for risks and contingencies, including disasters.
  • Performance management, ensuring that all IT initiatives and expenditures are analyzed and evaluated for value and stakeholder satisfaction.
  • Innovation, so that IT is used to the best advantage possible to develop competitive advantage for the enterprise.
  • Accountability, to confirm that management is held responsible for the success or failure of their IT investments and decisions.

    Next week, in part three, Freedman will discuss concrete steps you can use to get governance going in your organization.

    Rick Freedman is worldwide project management practice leader at Intel Solution Services, a division of Intel Corp.