Stating that governance is of paramount importance is guaranteed to bring nods of approval from any audience; if the subject is IT governance, then the ‘approval meter’ is likely to register even higher."
— Gabriele Piccoli, Editor
This month's installment of Cutter Benchmark Review takes an in-depth look at one of the critical issues that typically emerges in our yearly series on IT budgets and the budgeting process: IT governance, which we define as the process of identifying responsibilities and implementing decision-making tools and structures for appropriate oversight of the management and use of IT resources. Stating that governance is of paramount importance is guaranteed to bring nods of approval from any audience; if the subject is IT governance, then the "approval meter" is likely to register even higher. This is not surprising given the significant financial impact of IT expenditures for most organizations, the role that IT alignment plays and has historically played, both in rhetorical exercises and in practice, as well as the intuitive necessity of control for informed decision making. Yet, in the very same presentations where the audience agrees on the importance of governance and governance mechanisms, the immediate follow-on is typically a statement about the intricacies and difficulties of implementing "effective" governance systems for something as far-reaching, complex, and ever-changing as IT.
But is governance really that important? The question may seem ludicrous, but it is in fact more interesting than it first appears. First, there is growing support in management literature that suggests that in some situations simple heuristics are a better-suited instrument for providing direction and control than extensive planning and structured systems. Second, until we find a demonstrable link between governance efforts and practices with positive outcomes, the question should be allowed to linger. If implementing detailed governance mechanisms and structures is indeed useful to the organization, then the question becomes, what are these systems and how should they be structured to achieve a given set of expected outcomes? Finally, having identified the design and structure of effective IT governance architecture, we need to understand the process of implementing it to its full effect. This is perhaps a lot to tackle in one issue of CBR, but we have three considerable experts who bring to bear their extensive knowledge and experience, as well as the tried-and-true benchmarking process that is the hallmark of CBR. As I've said before, we are not ones to shy away from complex topics, and so we decided to devote this month's issue to the thorny topic of governance.
Our academic contributor is Dennis Adams, Associate Professor of Decision and Information Sciences at the University of Houston (USA). Those of you who follow CBR already know Dennis, as he is the academic contributor for both our annual issues on IT trends and IT budgeting. Providing our view from the field is another team very well known to Cutter clients and to the readers of CBR: Bob Benson and Tom Bugnitz, Cutter Consortium Senior Consultants and members of the Beta Group. Bob and Tom also write the industry perspective on our yearly issue on IT budgets and the budgeting process and are frequent authors of Cutter reports beyond CBR.
Dennis begins his contribution with an interesting and engaging section on the history of alignment angst in which he traces the genesis of IT alignment as a concept and its relationship to different waves of organizational IT. He discusses how IT governance fits in with this conceptual background before focusing on the survey results. Particularly useful in his analysis is the systematic evaluation of differences in the governance practices of large and small organizations (albeit with an arbitrary cutoff set at US $100 million in annual revenue). He concludes with a set of guidelines for circumventing alignment angst, focusing on the question of IT value, which is, of course, not a simple one.
Bob and Tom bring their years of consulting, writing, and educational experience to bear in their commentary, which is particularly powerful because governance is a key area of their consulting practice and they have therefore accumulated both a wealth of experience and a number of interesting anecdotes and examples. Because of their long-term focus on governance, Bob and Tom are also able to utilize data from previous surveys in support of earlier reports. This cumulating of data sets, while introducing some confounds in the analysis, is very valuable on balance because it enables wider and longer-range analyses. Bob and Tom are thus able to systematically address findings in the area of IT governance practices, expectations of various constituencies for governance and the governance process, the relationship between governance (and governance practices) with performance, as well as the pervasiveness of governance practices across units. They end their article, as is standard practice for CBR, with tangible guidelines and suggestions. But in this issue, Bob and Tom go a step further and offer a self-study tool for benchmarking governance practices in your own organization.
Governance is one of those processes that is generally accepted as necessary. But linking its presence and characteristics with actual results is easier said than done. We put forth a valiant effort in this issue. While we are obviously far from a conclusive answer to this thorny topic, the process yields considerable food for thought and practical ideas about both the process and the structure of IT governance and governance mechanisms