Skip to content

10 Principles that Help Governance Thrive

June 24, 2008
tags: ,

1. Actively Design Governance

Many enterprises have created disparate IT governance mechanisms. These uncoordinated mechanism “silos” result from governance by default—introducing mechanisms one at a time to address a particular need (for example, architecture problems or overspending or duplication). Patching up problems as they arise is a defensive tactic that limits opportunities for strategic impact from IT. Instead, management should actively design IT governance around the enterprise’s objectives and performance goals.

Actively designing governance involves senior executives taking the lead and allocating resources, attention, and support to the process. The diagrams in this book enable an analysis of all the governance mechanisms and enterprise goals. For some enterprises, this will be the first time IT governance is explicitly designed. Often there are mature business governance processes to use as a starting point.

2. Know When to Redesign

Rethinking the whole governance structure requires that individuals learn new roles and relationships. Learning takes time. Thus, governance redesign should be infrequent. Our recommendation is that a change in governance is required with a change in desirable behavior.

IT governance can be used as one of the levers to encourage change. For example, State Street Corporation introduced enterprisewide IT budgeting, encouraging a shift in perspective from the business unit to the corporation.

3. Involve Senior Managers

Firms with more effective IT governance have more senior management involvement. CIOs must be effectively involved in IT governance for success. Other senior managers must participate in the committees, the approval processes, and performance reviews. For many enterprises, this involvement is a natural extension of senior management’s normal activities. Senior management necessarily gets involved in strategic decisions. This means that senior management is rarely concerned with the exception process. However, if an exception has strategic implications, it may reach the executive level IT Steering Committee. If the exception request escalates to the CEO, then it’s no longer a technology issue. At that point it’s a strategic choice.Many senior managers are willing to be involved but are not sure where to best contribute. It’s very helpful for the CIO and his or her staff to communicate IT governance on one page with a picture like A Arrangements Matrix. The matrix provides a vehicle for discussing each senior manager’s role and any concerns they have.

4. Make Choices

Good governance, like good strategy, requires choices. It’s not possible for IT governance to meet every goal, but governance can and should highlight conflicting goals for debate. As the number of tradeoffs increases, governance becomes more complex. Top performing enterprises handle goal conflicts with a few clear business principles. The resulting IT principles reflect these business principles. Some of the most ineffective governance I have observed was the result of conflicting goals. This problem was often observed in the government sector, where directives come from many agencies. The result was confusion, complexity, and mixed messages, so the governance was ignored. The unmanageable number of goals typically arose from not making strategic business choices and had nothing to do with IT. I observed that good managers trying diligently to meet all these goals became frustrated and ineffective.

5. Clarify the Exception-Handling Process

Exceptions are how enterprises learn. In IT terms, exceptions challenge the status quo, particularly the IT architecture and infrastructure. Some requests for exceptions are frivolous, but most come from a true desire to meet business needs. If the exception proposed by a business unit has value, a change to the IT architecture could benefit the entire enterprise. We have described the exceptions process of UPS, State Street Corporation, and other enterprises. All these exemplars have three common elements to their exceptions procedures:


The process is clearly defined and understood by all. Clear criteria and fast escalation encourage only business units with a strong case to pursue an exception.

The process has a few stages that quickly move the issue up to senior management. Thus, the process minimizes the chance that architecture standards will delay project implementation.

Successful exceptions are adopted into the enterprise architecture, completing the organizational learning process.

Formally approved exceptions offer a second benefit in addition to formalizing organizational learning about technology and architecture. Exceptions serve as a release valve, relieving the enterprise of built-up pressure. Managers become frustrated if they are told they can’t do something they are sure is good for business. Pressure increases and the exceptions process provides a transparent vehicle to release the frustration without threatening the governance process.

6. Provide the Right Incentives

There has been so much written about incentive and reward systems in enterprises that we feel the topic is well covered and understood. Nevertheless, a common problem I encountered in studying IT governance was a misalignment of incentive and reward systems with the behaviors the IT governance arrangements were designed to encourage. The typical concern: “How can we expect the governance to work when the incentive and reward systems are driving different behavior?” This mismatch is bigger than an IT governance issue. Nonetheless, IT governance is less effective when incentive and reward systems are not aligned with organizational goals.

A major governance and incentive alignment issue is business unit synergy. If IT governance is designed to encourage business unit synergy, autonomy, or some combination the incentives of the executives must also be aligned. Avoiding financial disincentives to desirable behavior is as important as offering financial incentives. Whenever incentives are based on business unit results, chargeback can be a point of contention. Enterprises can manipulate charges to encourage desirable behavior, but chargeback pricing must be reasonable and clearly understood. It is hard to overestimate the importance of aligning incentive and reward systems to governance arrangements. If well-designed IT governance is not as effective as expected, the first place to look is incentives.

7. Assign Ownership and Accountability for IT Governance

Like any major organizational initiatives, IT governance must have an owner and accountabilities. Ultimately, the board is responsible for all governance, but the board will expect or delegate an individual (probably the CEO or CIO) or group to be accountable for IT governance design, implementation, and performance—similar to the finance committee or CFO being accountable for financial asset governance. In choosing the right person or group, the board, or the CEO as their designate, should consider three issues.
First, IT governance cannot be designed in isolation from the other key assets of the firm (financial, human, and so on). Thus the person or group owning IT governance must have an enterprisewide view that goes beyond IT, as well as credibility with all business leaders.
Second, the person or group cannot implement IT governance alone. The board or CEO must make it clear that all managers are expected to contribute to IT governance as they would contribute to governance of financial or any other key asset.
Third, IT assets are more and more important to the performance of most enterprises. A reliable, cost-effective, regulation-compliant, secure, and strategic IT portfolio is more critical today than ever before. The person or group owning IT governance must understand what the technology is and is not capable of. It is not the technical details that are critical but a feel for the two-way symbiotic connection between strategy and IT.

The CIO owns IT governance in the majority of sizable firms today. It takes a very business-oriented—and well-positioned—CIO to deliver on the first consideration and a very technically interested COO or CEO to deliver on the third. Committees have the problem of meeting only periodically and dispersing the responsibility and accountability. My recommendation is that the board or CEO hold the CIO accountable for IT governance performance with some clear measures of success. Most CIOs will then create a group of senior business and IT managers to help design and implement IT governance. The action of the board or CEO to appoint and announce the CIO as accountable for IT governance performance is an essential first step in raising the stakes for IT governance. Without that action, some CIOs cannot engage their senior management colleagues in IT governance. Alternatively, the board or CEO may identify a group to be accountable for IT governance performance. This group will then often designate the CIO to design and implement IT governance.

8. Design Governance at Multiple Organizational Levels

In large multibusiness unit enterprises it is necessary to consider IT governance at several levels. The starting point is enterprise-wide IT governance driven by a small number of enterprisewide strategies and goals. Enterprises with separate IT functions in divisions, business units, or geographies require a separate but connected layer of IT governance. Usually the demand for synergies increases at the lower levels, whereas the need for autonomy between units is greatest at the top of the organization.
The lower levels of governance are influenced by mechanisms designed for higher levels. Thus, we advocate starting with the enterprisewide IT governance, as it will have implications for the other levels of governance. However, starting enterprisewide is sometimes not possible for political or focus reasons, and starting at the business unit level can be practical. Assembling the governance arrangements matrixes for the multiple levels in an enterprise makes explicit the connections and pressure points.

9. Provide Transparency and Education

It’s virtually impossible to have too much transparency or education about IT governance. Transparency and education often go together—the more education, the more transparency, and vice versa. The more transparency of the governance processes, the more confidence in the governance. Many firms l use portals or intranets to communicate IT governance. This includes under a section “IT Boards, Committees, and Councils” a description of the Architecture Committee and all the other governance bodies. The portal includes tools and resources, such as a glossary of IT terms and acronyms and the “Computer Contract Checklist.” Often portals include lists of approved or recommended products. Templates for proposing IT investments complete with spreadsheets to calculate the IT business value are often available.

The less transparent the governance processes are, the less people follow them. The more special deals are made, the less confidence there is in the process and the more workarounds are used. The less confidence there is in the governance, the less willingness there is to play by rules designed to lead to increased firmwide performance. Special deals and nontransparent governance set off a downward spiral in governance effectiveness.

Communicating and supporting IT governance is the single most important IT role of senior leaders. The person or group who owns IT governance has a major responsibility for communication. Firms with more effective governance also had more effective governance communication. The more formal vehicles for communication were the most important. For example, CIOs on average assessed their enterprises’ documentation of governance processes as ineffective. However, the firms with successful IT governance had highly effective documentation. Highly effective senior management announcements and CIO offices were also important to successful governance.

When senior managers, particularly those in business units, demonstrate lack of understanding of IT governance, an important opportunity is presented. Working with managers who don’t follow the rules is an opportunity to understand their objections. These discussions provide insight on whether the rules need refinement as well as a chance to explain and reinforce the governance.

10. Implement Common Mechanisms Across the Six Key Assets

All the mechanisms implementing each of the six key assets. Each asset may be expertly governed, but the opportunity for synergistic value is lost. For example, a firm implementing a single point of customer contact strategy must coordinate its assets to deliver that uniform experience. Just having good customer loyalty (that is, relationship assets) without the products to sell (IP assets) will drain value. Not having well-trained people (human assets) to work with customers supported by good data and technology (information and IT assets) will drain value. Not having the right buildings and shop fronts to work from or in which to make the goods (physical assets) will drain value. Finally, not coordinating the investments needed (financial assets) will drain value.

Put this way, the coordination of the six assets seems blindingly obvious. Many enterprises successfully coordinate their six assets within a project but not across the enterprise via governance. In designing IT governance, review the mechanisms used to govern the other key assets and consider broadening their charter (perhaps with a subcommittee) to IT rather than creating a new, independent IT mechanism.

These ten management principles highlight many of the key findings in our work with enterprises. Attention to all of them should lead to greater value from IT. The leadership of the CIO is also critical to creating IT value. Thus, assessing and providing incentives for the CIO is the next topic.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: