5 Myths of IT Governance

Myths of IT GovernanceI discovered 5 myths of IT governance while following a recent discussion of college CIO’s which are common misconceptions of IT governance. This post picks up from the Definition of IT Governance: What many colleges get wrong by focusing on more general thinking behind IT governance that leads to getting it wrong.

Since there was certainly more that could be said on the many perversions of IT governance which leads to all sorts of  dysfunctional decision making, I figured I would do a follow-up in the hopes of advancing the dialogue and igniting an IT governance revolution. 

5 Myths of IT Governance

IT Governance is About IT

IT Governance is not actually about IT. It is about corporate governance focusing on achieving the strategic goals and creating value through the use of information and technology investments. It is about how the organization manages the demands for scarce resources for those initiatives that produce the greatest movement towards the goals. Or, how it allocates resources so there is a balanced movement on all goals. This makes IT governance an organizational issue focused on the funneling down demand side by deciding what IT should work on based on its capacity.

IT Governance is About Decision Rights

It is easy to forget that decision making responsibility is the other half of the common definition of IT governance. This is where accountability is attached to the decision makers and project sponsors to deliver the value they promised in the business case behind their initiative.

So when a project sponsor advocates for committing limited resources for project A over project B because it represents a greater value, they must be accountable for delivering that value. But getting approval is actually the easy part of IT Governance and the real challenge, the real value of IT Governance is in the accountability systems used to produce the expected returns.

IT Governance is About IT Projects

Another distortion is equating IT governance solely with IT project management. The reality is that there are very few ‘IT projects’. Instead we have business initiatives with technology components. This means the accountability systems must monitor progress towards achieving the full value of the business case long after the technology project has been completed – 1 year, 3 years, 5 years out.

IT Governance is Shared Decision Making

Proper IT governance can disrupt the cultural power structures or decision making models by forcing the use of more objective criteria in decision making and the accountability for the results. Done properly, it IT Governance relies on stakeholder input. But many IT Governance models confuse stakeholder input for a democracy where everyone gets a vote instead of using it to inform the decision. This myth can also surface when IT governance does not remain focused on the strategic, value creating major initiatives – the big rocks, and instead gets pulled into refereeing the decisions on the small rocks.

IT Governance Oversees IT Operations

IT Governance should not become involved in IT management decisions which should be the responsibility of the experienced professionals who are accountable for the results. IT governance, to use Gartner’s definition, has two components – the supply side and the demand side. When organizations allow IT governance committees to take over the supply side they create “IT management by committee”. This situation is usually very offensive to the IT leadership and would no more be tolerated by any other manager.

CIO’s can’t run away from the fight over IT governance for fear of being accused of running an IT Monarchy or a Benevolent Dictatorship. If you do it right, there will be no basis for such accusations. Part of doing it right though includes having clarity around the differences between the supply side and demand side of and what the CIO’s role is in each.

Suggested Links for IT Governance Tools.
This entry was posted in IT Governance and tagged , , , , . Bookmark the permalink.

11 Responses to 5 Myths of IT Governance

  1. PS says:

    Myth 1 is wrong. How many times have we been in meetings and had the CIO tell us how to prioritize, how to set up processes, or how to evaluate (btw, a professional evaluator, planner, or researcher knows a lot more about this). We should tell the IT person what our priorities are, and have them provide support. As Nicholas Carr states, technology should always follow, never ever lead your organizations goals or priorities. IT governance should focus on IT – we don’t have time for bad advice from people who are subject-matter experts, and do not understand our culture, stakeholders, value created, or people.

    Myth 2 is half right. IT should never determine the value of your program or conduct the cost-benefit analysis. You are your team (the actual people who lead the are) should do that.

    Myth 3 is also only half-right. This is because IT will soon be like electricity or other utilities, but not because IT will be an integral partner, but because support systems and frameworks will be established and in place.

    Myth 4 is correct, but also obvious. Of course, all programs and processes should be focused on strategic goals and value (or impact, effectiveness, or efficiency, whatever the case may be). Myth 5 is correct.

    Don’t ever let IT lead or advise on strategy or business processes, but by all means ask for their advice in terms of support. If you do allow your IT people to do that, you will end up with higher costs, processes that are not aligned with your practices and don’t fit your culture (but are aligned and fit with what IT wants), and your CIO will be telling you how to do a strategic plan.

  2. The Higher Ed CIO says:

    It seems I have failed. but for the life of me I don’t know how I could have created this impression on Myth 1 & 2.

    The IT Governance function is usually carried out by an IT governance committee comprised of non-IT decision makers who can represent the collective interest of the organization as an extension of corporate governance. As such IT governance is accountable for assets and investments support the Boards goals be they shareholder wealth, public good or what have you. IT’s role is an adviser to the committee and rarely even gets a vote.

    If someone proposes a project they should have to submit the business case that supports the investment or allocation of resources. The requester determines the value. IT may validate or assist in developing the IT elements, but the project requester/sponsor ‘own’ the business case. The real point is that the IT governance function, that committee of non-IT decision makers, needs to hold the requester/sponsor accountable for delivering the value of the business case. Accountability is to the business not to IT.

    I tend to believe IT will move past the utility model and go to outsourcing which I have written about it extensively. But that doesn’t change anything on IT governance. If someone proposes using a SaaS solution, let’s say e-Recruiting, they still need a business case that accounts for the cost-benefit even though the IT piece it entirely outsourced. And, they are still accountable for both the costs and the benefits.

    Remember, if the company has $1M it must decide how to allocate it for investments – Build buildings, R&D, expand operations, upgrade plants, etc….The decision to buy e-Recruiting isn’t just about e-Recruiting versus some other IT project it means not doing something else. Read Opportunity Cost: The Forgotten Cost of IT Investments

    I think your final conclusions depends on the individual. There are certainly loads of bad business decisions where the CIO had no involvement. Similarly, there are numerous business models where the core product or service is driven by IT and the CIO is integral to product development and strategy.

  3. Pingback: IT Governance and the LMS - Principles of IT Governance

  4. Raquel Dungy says:

    Fantastic blog post.

  5. The Higher Ed CIO says:

    Thanks Raquel, I had a lot of fun writing it.

  6. JoAnn Becker says:

    When all of IT, both project work and service delivery, is managed/lead as though it was a separate business (meaning that managers had MBA ~ exposure to business concepts), these myths are minimized if they exist at all. Having worked in banking IT for many years in leadership positions before stepping into consulting, not only managers but project managers had MBAs and we understood there were no “IT projects.” I wonder how many folks in IT today, pursue MBAs or see the value of that. Challenges today are being successfully lead by people with knowledge and experience in more than one professional discipline – i.e., MDs with MBAs.

  7. The Higher Ed CIO says:

    An MBA may increase the likelihood of understanding there are no IT projects. I just don’t know by how much considering how many organizations that have plenty of MBA and CPA’s with audit background fail to understand that principle.

  8. Pingback: Is Information Technology a support area? « Business Technology Partner

  9. Counter P says:

    (To address the opinion that IT should never lead business efforts or that there are no IT projects)
    There are many projects that are in fact, purely IT projects. Replacing aging infrastructure, plugging security holes, replacing outdated software versions, hardware improvements (clients, servers, network, telephony, etc), and on and on. Many times this is done only because IT knows it needs to be done. If you waited for a business case to arrive, you would be out of luck. I would argue that there is a certain percentage of resource bandwidth that always has to remain locked down for this type of work. It shouldn’t be subject to ‘governence.’ I wholeheartedly agree that the majority of IT efforts should match overall strategy defined by the business and that non-IT parties need to be resonsible for defining those priorities. I also agree that there needs to be accountability to the business owners for the success or those projects (but I have yet to work anywhere that agrees). In my opionion, the single largest gap in Governence of projects with IT involvement is in the area of detailed follow-up analysis to determine if initial promises of benefits were actually proven out. All too often, IT expends many of its resources on projects that never deliver and the business allows those same parties to continue to make project demands without accountability of past failures.

    (Addressing any concept that all IT work will be outsourced someday)
    I think if people ever really think there will be a day that all IT work is outsourced, they are completely fooling themselves. I have seen many examples of previously outsourced development work come back onshore due to quality issues. Yes, there are ways to mitigate some costs with specialized work, but there will always be a need for some IT presence within larger organizations. The workplace and institutions of higher learning are only becoming more dependent on technology and I don’t see everyone suddenly becoming IT experts in addition to their given profession. Some can pull this off, but many others have realized that there are trade-offs to outsourcing everything that sometimes do not offset early appearances of cost savings. Hype works both ways.

  10. The Higher Ed CIO says:

    I appreciate the thought and time you have put in to your feedback. Oddly, you reinforce the very thing you argue against. The issue with follow-up, or as I prefer to call it value realization, holds true for the “IT” and “non-IT” projects.

    I like that you use the upgrade as an example. Because if you can’t develop the business case for staying on a supported version of an application/system, given the lead time we have on such things, without a lot of effort then there is something dramatically wrong.

    I would also say that everything is subject to governance because nobody is above the’law’. In a corporate setting governance is the accountability mechanism to shareholders that their financing is being put to good use to produce a return and by extension IT governance is the accountability for IT investments are being used to produce returns for shareholders. IN government the accountability is to the public interest and taxpayers. Most get this wrong because they only focus on the decision making side of governance and forget it includes the accountability side you refer to as follow-up.

    Just think of all the things that are tactical or strategic that are outsourced everyday in any organization. And, outsourced doesn’t mean offshore. Why would IT be immune?

  11. Pingback: 5 Myths of IT Governance | IT governance for moroccan CIO | Scoop.it

Comments are closed.