CA Community

The New Norm: Business Governance of IT

Published: March 15 2010, 07:22 AM
by Steve Romero

I received a tweet from one of my favorite Twitterites @PeterKretzman . Peter retweeted @abbielundberg  and @twailgum (I already follow the former and now follow the latter) who cited a recent CIO Online Magazine blog post titled: "Why the New Normal Could Kill IT" http://bit.ly/aGcP1a . I found it to be an inspiring post and hope everyone will read it before this post. It would help to test my opinions, the first being that the gist of the article is how most CIOs and their IT organizations must change if they have any chance of serving the "new Norm" (the current state created by the monumental shift triggered by the Global Economic Downturn).

I absolutely agree far too many IT organizations are overly complex, too expensive, and incapable of either leading or responding quickly to fast-paced business change. I absolutely disagree with the implication it is the CIO and IT that need to change in the unilateral fashion I interpret from the post. Once again, the Dog expects the Tail to do the wagging - which is exactly why CIOs and their IT organizations are in trouble in the first place.

Consider this excerpt from the post:

"...a harsh light finally glared on unfavorable licensing agreements and much-too-much shelfware; ill-conceived purchasing and integration strategies; and questionable software married to entrenched business processes. And non-IT executives seated at the boardroom table were more than likely horrified by what they found during closer inspection of IT's operations."

I suggest it takes some nerve for a non-IT executive to be "horrified" at what they find in IT if they are only now closely inspecting IT's operations. Anything they find in IT is there because they let it happen. A likely defense is they didn't know what IT was doing - which is precisely the problem. They didn't know!

This was even more troubling:

"In many corners of the corporate HQ, in fact, there are plenty of execs who, from time to time, would probably take pleasure in watching IT fail, a la Lehman Brothers. This most recent inspection of IT's ledgers and strategy probably amplified that feeling."

Could this actually be true? How often do you see a better example of cutting off your nose to spite your face?  The post goes on to say why Execs can't let IT fail and how IT has to fix itself. IT has to fix itself. This implies IT is expected to do this on its own, even while the post rightly points out the downside of IT acting alone. Check this out:

"This is your wakeup call, big-league IT execs. After nearly five decades of gate-keeping prominence, corporate IT is in trouble and at a crossroads like never before in its mercurial and storied history as a corporate function. "The era of CIO dictatorship ends with 2009," writes Altimeter Group partner for enterprise strategy Ray Wang. "

If any CIO has been a dictatorial it is only because the business abdicated authority. This abdication is supported by the following statements from the post:

 "Given the aforementioned warning signs, it's easy to speculate that the CIO's role and the department's sovereign power might be slip-sliding away."

"CIO's have lost a lot of control in guiding how technology is used in the enterprise," blogs Altimeter Group's Wang, "because the world of consumer tech has out-innovated enterprise-class technologies."

The only possible way CIOs could act autonomously or control how any technology is used (enterprise-class or consumer) is if Business Leaders forgo their responsibility to "govern" IT. IT Governance (or more appropriately, the Business Governance of IT) provides the approach, framework, discipline and processes for the Business to ensure:

  • IT is aligned with the Enterprise it supports
  • IT delivers appropriate value for technology investment
  • IT appropriately manages risk
  • IT appropriately manages resources
  • IT appropriately manages performance

Unfortunately, the post does not cite IT Governance as the answer. Instead, as we've seen before, it provides recommendations for how the CIO must change. Each of the recommendations is reasoned and rational, but I found it hard to accept there are many CIOs who don't already practice them.

The post concludes by noting how many CIOs are already falling into the tail-wagging-the-dog trap I lament:

"Some CIOs have already responded: Capgemini's 2009 Global CIO Study found that 55 percent of the 490 respondents say they are giving priority to projects that contribute more to the business, and 34 percent are prioritizing projects that take advantage of new market conditions."

It appeared to me the blog presented this as good news. I contend it is bad news, because yet again, these CIOs are acting autonomously with the tacit approval of the business. It is not IT's responsibility to prioritize projects, it is Business Leadership who should decide. (And I do love it when CIO's are actually included at the Business Leadership Table. The downturn has driven the number down to low 40s so the current percentage saddens me.)

I agree with each of the problems cited in the post and with many of the changes sagely presented to overcome the latest round of Enterprise technology challenges. What I emphatically disagree with is the focus on CIO changes alone. I wince every time I hear Business Leaders have new/more /different expectations of IT, and how they won't tolerate entrenched IT practices and behaviors. How can they say this when they are partner to everything IT is today and everything IT has ever been? Since IT's inception, Boards of Directors and Business Unit Leaders have overlooked or misunderstood their role in leveraging technology and have subsequently neglected their responsibility to govern IT. They left IT to IT, and predictably, the results have been far less then optimal for the business.

Business needs to ensure IT is aligned, delivering value, managing risk, performance and resources. They do this in partnership with the CIO and with IT. All of the problems in IT, the licensing agreements, the huge ERP systems, the inability to react precisely and quickly, are due to the business letting them happen. Now they want the CIO to do something about their lack of oversight and their non-existent governance. Until the business takes full accountability for ensuring the realization of maximum value for their investment in technology, IT will continue to be misaligned, disconnected and ultimately out of touch.

Yes, I agree there should be a new norm - and that is: Business Governance of IT. It's time for the IT-tail to stop wagging the Enterprise-dog.

Steve Romero, IT Governance Evangelist

Share this post:  EmailEmail
ShareShare
Leave a comment

 

By: Steve Romero
Steve Romero is the IT Governance Evangelist at CA Technologies, Inc. His mission is to help enterprises realize the full potential of their IT investments for strategic and competitive advantage. In this capacity, he acts as a strong advocate for the customer, speaking around the world to users, prospective...
Read More..

4 people have left comments:

Steve --

This is a good post, and I appreciate you taking the time to read and analyze my article. Two things I wanted to mention:

1. Governance is a huge piece of the puzzle that I didn't mention in the article, simply because the article was growing too big. That should not dismiss its importance however, and your points are valid: These aren't solely IT's changes to make. The onus is on the business side too.

2. And yet I think that we have to be careful not to be CIO/IT apologists. For too many years the business hasn't been engaged in IT and with tech decision making. Why is that? Can there be that many disinterested businesspeople, or non-believers? Or is the blame shared between the two sides? I think we need CIOs to cajole or force the business side to become more engaged, to make the business side care about IT in a way like never before, to make them understand what will be the value delivered if managers and execs start sharing responsibility and governing IT with CIOs, which is why the communication facet is so vital to any CIOs' mission today.

Many CIOs have to make their case why shared governance of IT is critical for the enterprise's future. If not, then the vicious cycle will continue.

-Tom

Posted by: Tom Wailgum | March 15, 2010 12:39 PM

Excellent exchange. A few of us have been after this topic a long time -- we were focused on crisis prediction & prevention a decade ago, and then more focused on innovation failures in organizations when the financial crisis hit. Interest in our system went ballistic soon after, but even though we had personal relationships with leaders in business and gov, followed by demonstrated interest from literally most of the world, we still struggled greatly in getting org leaders and boards at the highest levels of business and gov to act.

Tom was spot on linking the financial crisis to the IT crisis -- I can related very well to the struggle in writing that piece -- complexity in both IT and finance allowed the too clever and unethical to place short term gain ahead of long term survival of everyone else -- often employing the law of best intentions as justification and motivation. Steve, your points are very well taken -- my own experience confirms your argument.

One point I shared not long ago internally was how troubled I was that boards seemed so reluctant to adopt smarter systems (any-- IT, governance, human, cultural) - particularly for improved innovation and crisis prevention. After months and months of similar engagement I finally had to admit that the evidence was overwhelming -- many don't want to prevent crises-- not much has proven better for increased market power than a global crisis..... many believe that nothing can get done anymore without crisis -- and the lack of protection for private property and individual IP on the web favors the entrenched in IT -- who is in a better position to exploit good free ideas better than dominant IT vendors? Who has profited more from stealing ideas?

One of my motivations for continuing with the disruptive path is that while the answers to those questions were obvious to many, few seem to be able to grasp this one -- where does it lead? Has anyone glanced at the Constitution to understand how important governance structures are? How about protecting the individual?

Bottom line is that for most of the planet, the current enterprise structure isn't sustainable. It therefore will change, timing being the difficult issue. One question for customers is whether they choose the path of extortion or the path of self rule. Another is to make sure the ecosystem itself is sustainable. Modern leaders have proven not to be terribly good at market farming -- harvesting, yes -- sustainable ecosystems -- no -- one can't be dominated by quarterly profits and bonuses structures for long-term survival. It is very much a systemic problem requiring systemic solutions. Having tried to partner with the entrenched, I am more convinced than ever that it will require new systems. A generational revolution in IT is tardy.

Better late than never, I suppose. Good discussion -- thanks.

Posted by: Mark Montgomery | March 15, 2010 2:56 PM

Better enterprise governance is absolutely key to making sure companies spend limited IT dollars on the highest value things. And certainly it's incumbent on the business executives to step up and engage. The problem that Tom's piece has as an underlying context is that even in companies where business execs don't get it -- perhaps especially in those companies --CIOs are still accountable for ensuring value from IT. As a result, they've got to keep trying new things to spark the interest and commitment of reticent colleagues from the other functions or from the lines of business. This is why it's so important that not only the CIO but everyone in IT understand the business and its KPIs, so they can use those things to "make the case" for IT's value and business engagement. My interview with Steve Bandrowsczak, former CIO at DHL and Nortel, talks about how CIOs can make this work. http://lundbergmedia.com

Posted by: Abbie Lundberg | March 17, 2010 11:57 AM

Steve, I fully agree with you. Of course our profession and practices need to evolve, but in the end the business wants the technology. They most often fully rely on the technology and even more and more the technology provides business opportunities. Businesses that are more succesful in integrating IT management into the business management practices will simply be more succesful businesses.

You would expect that this insight would have come years ago to the business leaders, but in many places this still is not the case. I found the article on CIO.com about CVS Caremark very interesting. (www.cio.com/.../CVS_IT_Chief_on_the_Remedy_for_Business_IT_Alignment). They seem to have it all resolved. Note the way how IT governance is integrated at the top.

The language we use in terms of "business" and "IT". As if they are two different things. IT simply is part of the business.

Posted by: Hein Bouman | March 31, 2010 5:51 PM

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  

 Submit