IT Governance: The Solution to IT Anarchy

When is an IT project more than a project? An IT security plan more than a security plan? Or a risk analysis more than a risk analysis? According to proponents of the IT governance movement, the answer is: Always.

From IT analysts like the Gartner Group and Forrester Research to specialized communities such as the IT Governance Institute, there’s a groundswell in the IT community towards stricter application of an overall governing framework for the IT function. A framework that analyzes the strategic and business value of every IT investment, that requires a consistent and disciplined approach to the selection of projects, and that insists that every IT project and investment demonstrate positive ROI and relate directly to the organization’s strategic objectives.

Gaining momentum from the new regulatory environment following the passage of Sarbanes-Oxley, the IT governance movement is more than the latest IT management fad: it’s a comprehensive approach to solving many of the problems that have plagued the IT since the beginning of the client-server revolution.

Looking back at the history of the IT, it’s clear that the rise of the PC and server, while having a positive effect on the cost of computing resources and the productivity of the average organization, also brought significant disruption to the data center.

Before client server computing, the IT typically reported to the CFO, and the purchase of new hardware and software was subject to stringent financial controls — as befitted the multi-million dollar nature of the investment in mainframes, data centers, and applications.

When the PC and server arrived, their size, portability and their relatively negligible expense made it easy to ignore the controls of the IT division and bring in locally controlled computing resources. In fact, that was a major element of their appeal. Every division now had the chance, for a few thousand dollars, to create its own IT department, with applications and utilities specific to their needs, free from the constraints and disciplines of corporate IT.

IT organizations are still recovering from the balkanization effect that followed in which hundreds of disconnected desktops, servers, and applications proliferated throughout the organization, without any thought to their eventual need to be managed, integrated, secured, and controlled.

The bill for this uncontrolled explosion of IT resources only came due when the corporate network displaced the unconnected desktop PCs and ad-hoc departmental LANs. The need to rationalize and control this anarchy became one of the major dilemmas of the last decade, and is one of the factors that has led to the current quest for a disciplined governance structure.

The IT investment boom of the late 1990s is another major driver of the governance movement. After the Y2K hysteria and Internet hype dissipated, many organizations, large and small, were left with tremendous investments in IT and little business value to show for those expenditures.

In addition, as many non-IT executives have become more sophisticated on IT matters, they are less likely to be stampeded into IT investments by the latest hype or vendor sales pitch, and more likely to have a better understanding of the prudent use of IT to forward corporate objectives.

Most importantly, the connection of IT investment to the strategic needs of the business was often tenuous at best; with very little structured discipline applied to drive that alignment.

With U.S. businesses spending an average of 4.9% of revenues on IT, according to a Forrester Research survey, executives can’t afford to leave strategic alignment to chance.

Increasingly viewed as the cure for these well-known problems, rigorous IT governance is gaining currency at this moment for a number of other reasons: the failures of large organizations like Enron and WorldCom, the international quality movement that resulted in ISO 9000 and other well-known quality standards, and, perhaps most persuasively, most IT leaders have “touched the hot stove” of anarchic IT deployment and investment and have internalized the need for change.

Rick Freedman is worldwide project management practice leader at Intel Solution Services, a division of Intel Corp.