IT Governance is the collaborative process that helps the CIO to make good IT investment and risk decisions. ‘Good decisions’ are based on objective metrics as well as generally perceived ‘good’ by the impacted stakeholders. Alternate definitions are available here: Forrester, Gartner, ITGI
A few examples of IT Misgovernance:
No IT governance. IT decisions are made in the dark without business feedback or oversight. When the feedback eventually comes, it can be unpleasant.
Too many parties are trying to steer. After considering the feedback from the Governance Board, a single person (preferably the CIO) has to make or delegate the decisions and also suffer the consequences.
The CIO has no authority.
The CIO does not listen. A brilliant book on listening is Mark Goulston’s “Just Listen”
No engagement. The governance board members do not care about, do not understand or do not take their job seriously. The governance process does not have executive support.
No adults in the room. The Chair of the IT Governance Board (preferably not the CIO) cannot create a collaborative environment; most of the time is spent with random complaints or status reports
No communication. Information does not get communicated outward from the Subcouncil Process. Even the Papal Conclave sends out a smoke signal when they have a decision…
Institutional Memory. Failed past attempts to set up a functioning IT Governance prevent future success (Mark Twain)
Following is a single-page, five point IT Governance Manifesto. Something like this can be a starting point to construct the Constitution of your IT Governance:
1. Why is it important that the stakeholders actively participate in IT decision-making?
- The Enterprise is highly dependent on shared IT services
- IT is expensive
- The value of IT investments is not always meaningful or obvious to IT’s stakeholders
- Significant risks to the mission may result if Information Technologies are not properly deployed or configured
- Fast pace of change: Information Technology half-life is short, new enabling technologies emerge daily
2. The four Guiding Principles on which the IT Governance Process is based:
- The Business drives IT
- The CIO is authorized to, and accountable for making the IT investment and risk decisions
- IT investments, services, risks, and performance are transparent
- IT continuosly seeks improvement opportunities to provide better and more efficient services
3. The goals of IT Governance, based on the four Guiding Principles:
- Align IT investment decisions with Business Strategy to deliver meaningful value
- Drive the efficient use of IT resources
- Ensure that IT manages risks
- Ensure that IT manages performance, reports on it, and seeks improvement opportunities
- Maintain sustainable IT services through agreed-upon service levels and funding methods
4. What are the decisions the CIO makes with the help of the IT Governance Board to achieve these goals?
- Ratification of IT Principles, Information Technology Roadmaps, Technology Standards and Policies
- Approval of the IT Strategy
- Approval of IT Project Priorities and the IT Service Portfolio
- Approval of the IT Budget
- Acceptance of IT related risks and mitigations (may be delegated to process/information stewards)
5. What are the duties of the IT Governance Board members to help the CIO?
- Communicate what works and what does not work through regular performance feedback/evaluation
- Communicate what is important and what is less important. Input will be reflected in the Principles, Standards, Policies, Roadmaps, Service Portfolio, Project Portfolio, IT budget and IT strategy
- Credibly represent the home organizations, be accountable for providing accurate feedback
- Communicate and champion the CIO’s decisions in the home organizations
- Seek consensus when a decision is sub-optimal for any of the units while best for the whole Enterprise
- Share ownership and responsibility with the CIO when certain aspects are not fully under CIO control
- Review emerging technology investigation and investment decisions
- Create temporary task forces and commit resources to address specific tasks
- Bring the business strategy to the table and assess the alignment of the IT strategy
- Notify the CIO about upcoming events with IT impact (new regulations, business requirements etc.)
- Escalate to Executive Council in case a question cannot be resolved at the Governance Board level