Establishing Sound IT Governance

Efficient IT organizations do not rely solely on a single individual, such as the CIO, to determine where and how the organization should invest in technology to best meet the needs of the organization. Instead, mature organizations typically leverage a group of individuals from both the organization’s lines of business and the IT organization to work in concert to direct, at the highest levels, where the organization should invest for maximum return or impact. This approach, frequently referred to as IT governance or steering, is intended to control and direct IT investments to their highest value and ensure the organization’s requirements are effectively met.

Most organizations possess some level of programmatic oversight related to IT investment management, but the coordination and quality of these capabilities often varies widely.  In some cases, organizations treat IT governance functions simply as mechanisms to track system investment and other data, however even in these cases the systems often lack information related to the complete portfolio of IT investments or the information is considered out-of-date or inaccurate by the organization because the currency of the information is not a critical path requirement (such as getting funding).

In other organizations, broader governance functions exist, including the use of steering committees or review boards. However, the processes are often insufficient to qualify as a true control activity because they are not followed for many system investments; or they simply don’t cover many non-systems related projects such as server or storage upgrades which frequently represent a substantial amount of spending and activity for an organization.

To realize efficiency from a fully-centralized governance and program management function, organizations frequently establish or enhance governance in four critical areas by implementing:

  • A standard, centralized chartering process for the initiation of new programs or activities.
  • A single steering committee for the review and approval of all IT related projects.
  • A scheduled review process for all planned and ongoing projects as well as existing systems and functions.
  • A consolidated view of project statuses including actual vs. budgeted investments by project phase.

Use of these centralized governance components often deliver numerous benefits including reduced spending stemming from a reduction in duplicative efforts. In organizations that lack mature governance for example, various IT groups are frequently engaged in similar overlapping activities, from asset management to developing the same applications.  Consolidated oversight of these projects frequently reduces the level of effort needed for each of these independent activities by identifying the redundancy and eliminating or consolidating the overlapping investments.

Centralized and mature governance also frequently results in a consolidation of an organization application portfolio. In organizations lacking mature governance processes, various groups frequently develop and maintain a diverse set of custom and package applications to satisfy the same requirements.  A centralized review of these disparate systems allows for the consolidation of many of these systems and their support structures as well as the retirement of systems that are under-utilized or no longer support the organization’s objectives.

Sound programmatic oversight also improves ongoing project management and investment controls. Projects handled by a variety of technical and business resources in the absence of appropriate programmatic controls typically develop their own mechanisms for tracking spending and progress.  These disparate approaches frequently inhibit the organization’s ability to track spending on both products and resources on an organization-wide basis. Additionally, a comparison to budgeted amounts, if they exist, is rendered unfeasible in many cases.

Implementation of Governance and Programmatic Oversight

To establish sound governance over an organization’s IT spending and activity, a number of components are required, including:

1. Establishing or enhancing a discrete and unified governance function, including:

  • Creating a single centralized investment council.
  • Determining membership and roles within the council.
  • Developing and institutionalizing IT investment control policies.
  • Integrating the governance approach into established IT and acquisition processes to ensure effectiveness and compliance.

2. Implementing the required organizational support components, including:

  • Creating a discrete planning and project management group and aligning any existing program management functions under it.
  • Aligning IT finance functions (budgets, contracts and procurement) into a single organization.

3. Developing and implementing supporting processes including:

  • Developing and implementing Planning and Project Management processes.
  • Creating and enforcing a project approval and initiation process.
  • Developing review and support processes.

In most organizations establishing new governance functions, it’s important to set initial performance and impact expectations low to provide time for the members of any governance groups to ‘eat the learning curve’ as they develop a better understanding of the IT landscape necessary for sound decision-making.