Are you looking for "the" solution to a specific problem in IT? Are you looking for a single solution for all of your problems in IT? Do you seek the "one" best practice that will make things better? Do you want that silver-bullet?

Don't look here, because I can't give it to you.

I have said this, time and time again. And there have been occasions when it was not well received at all. In fact, you might be wondering why you should even continue reading this post. You likely know plenty of sources to which you can turn that are more than willing to give you "the" answer.

I have been working as CA's IT Governance Evangelist for more than 2½ years now. I have had the honor to present and speak to thousands of people around the world. In those interactions I have been asked over and over, "Steve, here is our situation, what do we do?" My answer (though it makes my stomach hurt each and every time I say it) is always the same, "It depends." Even in those cases where there is a single solution, the approach, starting point, sequence and implementation roadmap will vary greatly from instance to instance.

I am certain this is not what they want to hear. Some are openly frustrated by my response. A few dismiss me outright and turn quickly towards others who will be delighted to tell them exactly what to do. Thankfully, most folks let me explain.

I am sure I don't need to convince you that the world of IT is incredibly complex. This intricate atmosphere creates multifaceted challenges, problems, issues and opportunities. The circumstances and variables are countless. Given this complexity, how can there be any single or simple answer? In fact, it will be a series and sequence of integrated solutions that will simplify and unify their complex IT environments, ultimately reduce its complexity, and make it far more manageable.

I tell everyone they have some homework to do before they can adequately answer their question. I provide them a laundry list of things they need to understand:

• Business problem or opportunity and related risks
• Industry and business sector
• Current capacity and capability
• Strengths and weaknesses
• Culture and organizational constructs
• Governance and decision-making mechanisms
• Policies, Standards, Processes and Procedures

In addition to understanding the elements I list above, they then need investigate:

• Disciplines and frameworks
• Approaches and Best Practices
• Standards and conventions
• Solutions, systems and tools
• External resources and potential Partners
• Mountains of research

Confronted with these lists (and please, I entice you to add to them) they will find they have a sometimes overwhelming myriad of choices and alternatives. This approach requires acute understanding, in-depth analysis, accurate interpretation and courageous decision. Most importantly, it requires time. If you don't have sufficient and adequate time then you must understand, mitigate and potentially accept the risk of not taking the time.

I was inspired to broach this subject because in addition to being asked what to do, I have had the luxury of immersing myself in research and interacting with countless brilliant and astute people in my profession. I enjoy their ideas, insights and theories. At the same time, I am bothered by some of their conclusions. I have witnessed a propensity if not an obligation to accompany investigation with one-size-fits-all recommendation. Why? Go back to the first paragraph of this post. Too many of us want "the" answer. We want the solution to be singular, simple, and even easy. As I have said countless times, if it was easy, we would already be doing it.

I urge caution in those instances when specific recommendations follow research. I will give said researchers the benefit of the doubt that these recommendations are based on their devoted and fervent desire to help others succeed. It is quite reasonable to accept the notion that following the singular recommendation is better than doing nothing. Enterprises are likely subscribing to the 80/20 rule, which is many cases is adequate. My hope is that those adopting this approach are doing so due to reasoned and rational necessity as opposed to expediency or worse, recklessness. I also hope they luckily if not accidentally select a recommendation that is "coincidently" appropriate for them.

Whatever the case may be, I will continue my quest to evangelize IT Governance and resist the urge to downplay its complexity. I will try to persuade folks there is power and promise in the discipline when it is applied thoughtfully and appropriately. I will try to convince them to take the time to do the right things, and to do them right. I will inform them that their approaches and paths to success will vary greatly from their contemporaries as well as their counterparts. I will tell them it is a journey that requires audacity, courage, perseverance and resilience. I will continue to insist there are no easy answers, and I will warn everyone to question any "one size fits all" recommendation or solution.

One last note, I drafted this post on my flight to Boston to attend MIT's CISR Executive Summer Session. This is my third trip to MIT and I don't want to give you the impression my time with these incredible minds (led by Peter Weill and Jeanne Ross - both heroes of mine) inspired this post, quite the contrary. I have never seen them oversimplify the answers to the incredibly complex question of how enterprises derive value from technology. MIT CISR has been addressing that question for 35 years and they are the first to admit, there are no easy answers.

Steve Romero, IT Governance Evangelist