Understanding IT Governance

T governance is a hot topic, though no one seems to be sure exactly what it is or how to explain it. While there is considerable conjecture about what constitutes good governance and how to depict it, most is based on anecdotal evidence.

To bridge that gap, Gartner’s Executive Programs team worked with the MIT Sloan School’s Center for Information Systems Research on a major study of IT governance, involving 250 CIOs from 23 countries.

This is the first of two columns exploring effective IT governance, based on that study. This month focusses on what IT governance is; next month we’ll look at the characteristics of enterprises that do IT governance better than others.

IT governance is about who is entitled to make major decisions, who has input and who is accountable for implementing those decisions. It is not synonymous with IT management. IT governance is about decision rights, whereas IT management is about making and implementing specific IT decisions.

Five key domains support IT governance

IT governance comprises the following five key domains.

1. IT principles. These are high-level statements about how IT will be used to create business value. They should reflect the enterprise business maxims.

2. IT infrastructure strategies. These describe why and how the enterprise will build and sustain a tailored set of shared and reliable services to meet business goals.

3. IT architecture. This pertains to the technical choices that guide the enterprise in satisfying business needs.

4. Business application needs. These refer to applications that must be acquired or built to meet business requirements.

5. IT investment and prioritization. These cover the investment process for IT-enabled business initiatives, including how much and where to invest, and how to justify, approve and ensure accountability for initiatives.

Six IT governance styles

The second component of IT governance is governance styles — who has input to the decisions and who makes the decisions. Six governance styles involve different combinations of business and IT executives at different organizational levels.

In a business monarchy, the top business executives have the decision rights. These rights are often exercised through an executive committee or IT council, comprising business and IT executives.

In an IT monarchy, the IT leadership group holds the decision rights. These are often exercised through an IT leadership council or Office of the CIO.

In a feudal style, business unit leaders or their delegates hold the decision rights, and authority is local. This style is found in enterprises with relatively autonomous business units and is often used to provide local responsiveness.

In a federal style, governance rights are shared by C-level executives and at least one other business group.

In a duopoly, rights are shared by IT executives and one other business group such as C-level executives or business unit leaders.

The sixth style, anarchy, exists where individual process owners or end-users have the decision rights. Ad-hoc decisions are made to satisfy local needs.

Governance mechanisms

The third component of IT governance is mechanisms. They can be specific to one IT domain or span multiple domains.

An Executive Committee is typically the mechanism used to make major enterprise-wide decisions, including IT-related decisions, at the C-level.

An IT Leadership Committee typically includes the most senior IT executives across the enterprise. Process Teams that include IT members help ensure that IT is leveraged when business processes are re-engineered.

Business/IT relationship managers act as the intermediary between the business and IS, playing a critical daily two-way role.

IT Councils of business and IT executives generally have overlapping memberships and provide focussed environments for considering several levels of IT policies and investments.

Architecture Committees define architectural guidelines and often involve both business and IT management.

Service-level agreements, tracking of IT projects and resources consumed, tracking the business value of IT, and chargeback arrangements are all mechanisms that bring a level of professionalism and discipline to managing IT services supply and demand.

Effective IT governance has to be designed; it doesn’t just happen. By evaluating the relationships between IT domains, governance styles and IT governance mechanisms, you can map the IT governance arrangements in your enterprise. Some of these are more effective than others.

The key characteristics of effective IT governance are the subject of next month’s column.

Dr. Marianne Broadbent is Group Vice-President and Global Head of Research for Gartner’s Executive Programs.