What is "IT Governance"?

Charlie Betz runs a Yahoo!Group called erp4it · ERP for IT, along with a corresponding blog called erp4it: Architecting IT Governance. There's been a lively debate in response to his recent posting entitled Defining "IT Governance". Below are edited excerpts from the discussion:

The definition in Peter Weill and Jeanne Ross's recent book, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, refers to a "firm's allocation of IT decision rights and accountability." The purpose is simple and straightforward -- "to encourage desirable behavior in using IT."

Weill and Ross ask the question, "Do your IT investments target enterprisewide strategic priorities -- or does your firm squander resources on diverse tactical initiatives?"

According to the authors, "firms manage assets -- people, money, plant, and customer relationships -- but information and the technologies that collect, store, and disseminate information may be the assets that perplex them the most. Business needs constantly change, while systems, once in place, remain relatively rigid."

As Weill and Ross point out, "IT governance encourages and leverages the ingenuity of the enterprise's people in IT usage and ensures compliance with the enterprise's overall vision and values."

They continue, "All enterprises have IT governance. Those with effective governance encourage behavior consistent with their enterprise's mission, strategy, values, norms, and culture. In contrast, enterprises that govern IT by default more often find that IT can sabotage business strategy. Good governance allows enterprises to deliver superior results on their IT investments."

Weill and Ross conclude, "Governance is the single most important predictor of the value an organization generates from IT."

Charlie Betz views the term "Governance" slightly differently, by extending its definition "to include IT service management, portfolio management, and the software development lifecycle."

Craig Symons, a Forrester analyst, wrote a US$349.00 research report entitled: 'IT Governance Framework' which states: IT governance at its most basic is the process of making decisions about IT. By this simple definition, every organization has some form of IT governance. Good IT governance ensures that IT investments are optimized, aligned with business strategy, and delivering value within acceptable risk boundaries -- taking into account culture, organizational structure, maturity, and strategy."

Daniel Rolles commented on the "analogy between IT governance and corporate governance. If corporate governance is about business unit & firm level risk management, accounting standards, ethics charters, etc., then IT governance is about application & infrastructure risk management, project management standards, etc." He defines corporate governance as "the process by which agencies are directed and controlled. It is generally understood to encompass authority, accountability, stewardship, leadership, direction and control."

Nick Gall, a Gartner analyst, added "governance is 'the management of management'". He points out how "nicely this fits the definition of the role of the board of directors vis-a-vis management":

• the board governs -- manages the management
• the managers manage -- manages the company

On the one hand, I agree with Peter Weill and Jeanne Ross's definition of IT Governance focusing as it does on decision behavior and accountability. On the other hand, compliance depends on operationalizing IT Governance.

While process control frameworks, such as CMMI (Capability Maturity Model Integration), ITIL (IT Infrastructure Library), ISO-9000, CobiT (Control objectives for information and related Technologies), and Six-Sigma, all play an important role in IT Governance, I personally believe the most important, relatively inexpensive first step begins by mapping an enterprise's technology portfolio of past IT investments onto a technology architecture and then identifying IT standards.

It doesn’t matter what performance metric you choose to measure, standardizing improves efficiency by lowering costs, shortening cycle times, and reducing staffing. Simultaneously, standardization coupled with consolidation increases effectiveness, expands interoperability, and even improves security.

IT Standards ought to serve as the foundation cornerstone for all IT Governance initiatives. If you want a responsive, agile IT organization: adopt a simplified, streamlined,less complex, standardized computing environment. Doing so will reduce inefficiencies and eliminate unnecessary replication.

Please pardon my soapbox. I've just recently written on this topic in a whitepaper entitled The IT Standards Manifesto. I feel pretty strongly that IT Governance ought to start by eliminating the huge ongoing waste of resources that go toward supporting redundant products that deliver identical functionality, purchased from multiple different vendors, by multiple different project teams, purchasing multiple different products. What’s not well-understood nor well-documented is how much the total cost of a product's ownership (its TCO) extends far beyond the initial purchase price.