IT organizations and their CIOs have always had great difficulty getting the business areas they serve to do their part toward the governance of IT.
In essence, the business has approached IT as a “project vendor”, treating them as a systems integrator of sorts (“here’s what we want to do, how much? Do it.”) rather than as the engine for creating, managing and replacing a pool of assets that are the responsibility of the business, just as all its other assets are.
The “Strong CIO” approach is good for managing the project vendor model of IT, when the CIO has credibility and holds the respect of the business. It is woefully insufficient in practice to the asset approach, however — and it is that approach that is required for business success now that most of the decisions are about replacement and refreshing of assets rather than creating new ones.
What does work, in this situation, is a Governing Board.
However, a Governing Board (which has the CIO as Chair but otherwise is the extended executive of the firm) requires principles of operation to succeed. It must, in other words, be architected from first principles.
Four Classes of Principles: A Governing Board typically has four classes of principles to guide it.
These are developed and approved by the Board itself during its establishment, and periodically reviewed thereafter.
Each of these, in turn, points to the business purpose as opposed to the technologies that currently exist, or the views IT may have about future technologies.
Business Principles: Here is where the question “what is the role of technology in this firm?” gets answered.
There are many different developments that can emerge from debating these: for instance, in one situation, the reasonable requirement that “technology deployments should raise productivity” was put forward.
This led, in turn, to the recognition that the business must (a) embrace process change and (b) embrace and pay for deployment support and workplace change management.
Information Principles: Here the question “what are these assets leveraging?” can be answered.
Most organizations start with a highly incomplete data model, riddled with duplication and gaps.
The call to “organize the data” could lead to the creation of information utilities (including people) and warehouses (and paying for the resources to transform data for ease of use and rationalization), or it could lead to wholesale asset change to “buy” a data model (e.g. by moving to a “mostly ERP” asset pool).
Technology Principles: Here the question “what technology adds value?” can be answered.
This forces the never-ending challenge of new product offerings onto the table. In today’s bring your own device world, the services to be offered are able to defined here.
Governance Principles: This final category controls the operation of the Board itself.
Is attendance delegable? If the Board decides something, how can it be reopened? If you miss a meeting, can you overturn a decision? What happens when a business executive agrees at the table, then acts against that agreement?
Getting these both practical and accepted goes a long way toward constructing a proper asset-based governance regime.
Implementation: IT must supply the Governing Board with a number of pieces of work in order for it to perform well. These, in turn, change IT.
Architecture starts to be held accountable for directions, not just solutions. Security has to answer risk-reward questions, rather than simply offer fear and control as options. IT finances become more sophisticated. Periodic assessments of the organization are held.
It becomes the norm that, for instance, IT takes it upon itself to do quality analyses, sourcing analyses, contract comparisons to know what to renegotiate and when, etc.
In turn, in the business, similar expectations take hold as to the acquisition of outside services, “software as a service” solutions, etc.
The process of Governance needs to be updated for the Information Age. We are past the period where the primary purpose of technology was cost reduction or process support. Let’s act like it.