IT Governance: The Solution to IT Anarchy, Part III

Manage risk. From 9/11, to Enron and WorldCom, and changes to the regulatory environment like Sarbanes-Oxley, the need to manage risk has become apparent to managers at every level.

Financial risk is, of course, a key component of any risk strategy, but other risks, such as operational risk and information security, are equally critical.

CIOs should develop a holistic risk strategy that ensures that all risks are exposed and analyzed, and that documented mitigation and contingency strategies are developed.

Active risk avoidance, which utilizes techniques like after-project “lessons learned” reviews, should be implemented at the departmental and project levels and then elevated to the board level as IT governance takes hold. ·

Manage resources. Just as directors on the board must stay focused on using existing assets — such as plant, materials, people, and relationships — to the best possible advantage, so must IT leaders.

The infrastructure, transport, data, facilities, and teams that make up the IT function must be maximized to deliver the highest possible benefit to the enterprise, and the costs associated with these resources must be strictly controlled.

CIOs need to develop strategies for outsourcing, co-sourcing, and partnering in order to extend the capabilities of IT while keeping costs competitive. Management of resources also means having a talent development program in place so that leadership in the next generation is incubated and encouraged.

The use of techniques like service level agreements (SLAs) is an integral element of governance, since they document expectations and set clear service objectives. Asset tracking and lifecycle management is another key component of a robust governance strategy.

Elevate accountability. Ultimately, teams and leaders need to understand that their ability, or lack thereof, to deliver against IT objectives and to utilize IT to achieve the strategic goals of the enterprise, will have consequences.

Clearly documented roles, responsibilities, and operational processes set a foundation against which performance can be measured. Firms that use individual objective-setting exercises such as documented management by objectives (MBOs), are already on the right path to governance.

If the enforcement of accountability is a challenge in your organization, you may want to review the literature on objective-setting, and also explore other tactics for encouraging accountable behavior such as incentives and rewards for high achievers as well as mentoring, coaching, and corrective action plans for those team members not accomplishing their objectives.

One of the challenges of IT governance is that many are doing some or all of these things with varying levels of rigor and discipline, leading to the “we’re doing that already” reaction. It’s important to remember that IT governance is not about a set of unconnected processes and techniques, but rather is a single, unified discipline that addresses all of these matters, comprehensively and holistically, at a senior level.

A recent study by the CIO executive board, a subgroup of the Corporate Executive Board in Washington, DC, shows that many IT leaders excel at some elements of these disciplines, but very few rate themselves highly in regard to overall governance. Responding to this survey were over 200 of the most influential organizations in the world, and over 800 IT executives.

These IT executives named IT governance as their top priority for improvement, and rated themselves poorly on some of the key governance techniques we’ve outlined here, such as business case discipline, performance measurement, and IT value measurement.

Most IT executives recognize that neither ad hoc, fire-fighting methods nor unconnected, inconsistent and siloed processes will make the grade in this era of higher scrutiny, transparency, and visibility. The holistic disciplines recommended by advocates of IT governance, if applied judiciously and appropriately based on the needs of the organization, can’t help but place IT on a more manageable footing.

CIOs and CEOs alike should recognize that the days of anarchy in the data center are over, as are the days of unlimited, unaccountable IT investment. In this new world, CIOs who lead their enterprises towards more disciplined governance structures, processes, and messages do their companies and own their careers a real service.

Rick Freedman is worldwide project management practice leader at Intel Solution Services, a division of Intel Corp.