Your IT governance model is one of the most critical processes to the success of your IT department and your organization. IT governance in many organization’s occurs through a technology committee but uses an informal process, or function, resulting in IT governance operating at a low maturity level. Informal IT governance often leads to reactive IT services and bad IT investment decisions.
A mature IT governance model accounts has three distinct elements:
- Decision Making Rights and Responsibilities
- Demand Side Governance
- Supply Side Governance
To help explain these elements I will turn to the IT Governance Model I have used many times before. This model is based on the ‘Four Ares’ as described by John Thorp in his book The Information Paradox, written jointly with Fujitsu, first published in 1998 and revised in 2003. The biggest reason to use this model is that it relies on answering the four central questions of IT governance using a simple visual:
- Are we doing the right things? This question is about the alignment of the IT priorities with the priorities of the business.
- Are we doing them the right way? This question is about the processes and standards used in the delivery of IT services relative to generally accepted industry standards.
- Are we getting them done well? This question is about the efficiency and effectiveness which includes the capability and maturity of the methods being used.
- Are we getting the expected benefits? This is the accountability question focused on the business benefits including return on investment for operational and strategic expenditures.
Decision Making Rights and Responsibilities
The core of IT governance is not simply defining who can make what decisions. The core of effective IT governance is actually the accountability system which defines the responsibilities for results that must be delivered as a result of the decisions.
For those of you in higher education or organizations with similar cultures, your IT governance model likely struggles because of the cultural aversion to implementing accountability systems.
This element occurs in the top half of the IT Governance Model diagram where the focus is on deciding what the IT priorities will be and what accountability system is required to demonstrate the intended benefits have been achieved.
Demand Side Governance
Demand side governance focuses on IT investment decisions and project prioritization to maximize strategic value by minimizing operations and maintenance (O&M) demands. Demand side governance is focused on what IT will work on and occurs almost entirely in the upper left quadrant of the IT Governance Model.
Demand side governance ‘owns’ the criteria for evaluating IT investments, the financial analysis model and the thresholds for ROI, IRR, and NPV which are also used in the accountability system.
A technology committee usually fulfills the role of demand management in most organizations but may delegate some of it through a formal IT governance policy. But we all know most technology committees are mostly focused on the project related demands and are not actively managing the demand for operations and maintenance (O&M) support despite O&M demand usually consuming the majority of IT capacity.
Gaining control of the O&M demand is essential to freeing up capacity for strategic projects. That is why technology committees should insist on tracking all IT demand so they have visibility into the O&M demand as part of regular IT performance reporting. This is very easily done using a simple IT Project Portfolio Planning Toolkit.
Specific goals should also be set for managing O&M demand down which the technology committee uses in the accountability system.
It must be noted that even when a technology committee is the ‘owner’ of demand side governance, the work of demand side management is expected to be performed by the IT management team.
Restated, it is customarily the IT management team that does all the work required of demand side management so that the technology committee simply has to evaluate the information and recommendations presented and make the decisions.
One mistake IT managers make is in not facilitating the development of an effective technology committee including the training of its members.
Supply Side Governance
Supply side governance focuses on allocating resources, IT staff and technology, to the approved portfolio of work, organizational priorities, and achieving the expected value of the IT investments. Supply side governance occurs in the bottom half of the IT Governance Model and is the responsibility of IT management.
Supply side governance includes the workload management processes and managing the technology portfolio in a sustainable manner such that operations and maintenance demands can be minimized.
IT management is also responsible for optimizing the resources, human and technical, for maximum capacity and flexibility while also optimizing the processes and IT services for effectiveness and efficiency. This is where the idea of the IT Stress Test is used to determine the elasticity of IT capacity to scale up and out or contract based on changes in the business.
Supply side governance for many organizations is reactive with no formal system for managing workload. In these organizations there often seems to be an odd sense of pride in being able to react quickly to dynamic and shifting priorities without regard to the impact is has on job satisfaction and productivity.
Now that sounds good when you say it like that but it doesn’t change the fact that it is still chaotic fire fighting. In a mature IT governance model the accountability system would punish fire fighting and reward controlled and orderly execution of the portfolio.
What I like about this IT Governance Model is its simplicity and that it directly supports the discussion of the demand side and supply side governance functions. That means, it is easy to illustrate the issues of ownership and accountability which can be extremely useful in organizations where the non-IT folks want to get involved in deciding how IT should do things instead of focusing on what IT should be doing. But that cuts both ways in that it also tells IT they don’t get to carve out exceptions on what and that they must be accountable for results.