Culture, change, office politics and resistance are common barriers cited by global CIOs of leading organisations when implementing IT governance. But CIOs continue to enjoy the benefits, which include cost savings, improved customer satisfaction and better security. To shed more light on the findings of the IT Governance Institute (ITGI)'s second global status report on IT Governance in 2006, PricewaterhouseCoopers (PwC) interviewed some 50 CIOs and IT governance specialists from a range of sectors worldwide. The interviews sought to obtain their views on IT governance, experience in implementing it, and what it takes to make the initiatives work.
IT alignment as key driver of governance practices:
A majority of the respondents (approximately 60 per cent) stated that alignment with the business is a key driver, or expected outcome, of IT governance initiatives. The results also showed there was a clear link between the awareness of the importance of alignment and the stated maturity of IT governance within an organisation. In addition, centralised organisations appear to be more open to the concept of IT and business alignment. The other drivers of IT governance practices include regulatory pressure, performance improvement, risk management and extension of corporate governance initiatives.
Wide, varying perspective: As IT governance continues to evolve and mature, the respondents have a wide and varied definition of what it encompasses. One common theme is evident in the report: half of the respondents see IT governance to be more operationally focused on issues such as compliance, risk, control, IT service delivery and cost control. However, few organisations have a holistic view that includes alignment, value delivery, risk management and resource management.
Benefits not always measured: Few organisations have mechanisms in place to measure the success or benefits of IT governance initiatives. In instances where practices are in place, they are informal, subjective and qualitative. Only a minority of the respondents (16 per cent) indicated they have quantitative measures available. The common reported benefits include cost savings, improved customer satisfaction, enhanced alignment with business and improved security. Many organisations view performance measurement and benefits tracking as something to be done at a more mature level.
Experiences in Implementation
Some of the common obstacles surrounding the implementation of IT governance include:
1. Three Cs: Culture, resistance to Change and lack of Communication
2. Resistance: Resistance to accepting accountability, standards and policies.
3. Internal politics: A shift in decision rights.
4. Involvement: Getting enough of the business involved.
The report also indicated that almost all the participants used one of the major IT governance frameworks. Only a small percentage (less than 5 per cent) of organisations used their own (or consultant-developed) frameworks. The most commonly quoted framework used are control objectives for Information and related technology (COBIT) and IT infrastructure library (ITIL). Other frameworks utilised are CMMI, Prince 2, COSO, ISO17799 and ValIT. Some organisations mentioned COBIT as a very important element and success factor in their IT governance efforts.
Critical success factors
1. Transparency, education and communication: Governance mechanisms should be widely and effectively communicated and should be transparent to all those involved in or affected by it.
2. Simplicity: Effective governance structures should be easy to implement and follow. A complicated and elaborate solution may create more resistance.
3. Handling exceptions: There should be processes for handling exceptions since innovative organisation will always be exploring opportunities or run into scenarios which may not be supported by existing governance mechanisms.
4. All or nothing: Governance mechanisms need to be implemented, managed and monitored so that they function effectively, or should be stopped completely. "In-between" arrangements lead to end-user confusion, frustration and potential wastage.
5. Senior management commitment: While most governance initiatives are driven by top management, it is important that this support is sustained and that IT governance remains part of management's strategic vision.
6. Overall governance model: The IT governance arrangements should fit in with overall corporate governance initiatives of the organisation as well as its culture.
7. Evolution as opposed to revolution: Effective governance arrangements take time to design and implement; and even more time for the organisation to accept and learn its use.
1. Quick wins: Approach the various dimensions of IT governance in parallel, but focus on the quick wins or weakest links to show results and obtain further
2. Business themes: Link IT governance to key business themes such as cost reduction, innovation, agility, simplification, customer satisfaction and compliance. Such alignment will ensue that the business appreciates and provides active support to the initiatives.
3. Be opportunistic: Take advantage of a merger or acquisition, corporate governance or outsourcing contract to introduce IT governance practices.
4. Standardisation: Standardisation is another key element of a successful implementation. Although this is usually an uphill battle against culture and legacy situations, there appear to be significant benefits in harmonising the architecture and standardising technology platforms. For instance, costs are better controlled, new initiatives can be implemented much quicker, and cost and effort for support and maintenance reduced.
Tan Shong Ye is partner and head of security and technology, and Jimmy Sng, manager, of PricewaterhouseCoopers.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.