IT Governance Principles

Actively design governance

Many enterprises have created disparate IT governance mechanisms. These uncoordinated mechanism "silos" result from governance by default—introducing mechanisms one at a time to address a particular need (for example, architecture problems or overspending or duplication). Patching up problems as they arise is a defensive tactic that limits opportunities for strategic impact from IT. Instead, management should actively design IT governance around the enterprise's objectives and performance goals.

Know when to redesign

Rethinking the whole governance structure requires that individuals learn new roles and relationships. Learning takes time. Thus, governance redesign should be infrequent. Our recommendation is that a change in governance is required with a change in desirable behavior. For example, State Street Corporation, JPMorgan Chase, Carlson Companies, and UNICEF all changed their governance to encourage desirable behaviors resulting from significant changes in strategy. All four enterprises designed governance to achieve their desired balance of business unit autonomy and commonality. State Street, JPMorgan Chase, and Carlson were all attempting to generate more synergies. UNICEF used IT to transform its operations and improve global sharing, information management, transparency, and communication. These transformations involve many other issues besides IT and take many months to implement.

Make choices

Good governance, like good strategy, requires choices. It's not possible for IT governance to meet every goal, but governance can and should highlight conflicting goals for debate. As the number of tradeoffs increases, governance becomes more complex. Top-performing enterprises handle goal conflicts with a few clear business principles. The resulting IT principles reflect these business principles. Old Mutual South Africa's (OMSA) six IT principles, or "non negotiable," as they are called, provide a useful framework or how to use IT. The first principle, which all OMSA business units must observe, states: "The interest and needs of the Group/OMSA come first when exploiting technology or when contracting with suppliers."3 Appropriate stakeholders must be involved in the approval process prior to contracts being signed.

Provide the right incentives

There has been so much written about incentive and reward systems in enterprises that we feel the topic is well covered and understood. Nevertheless, a common problem we encountered in studying IT governance was a misalignment of incentive and reward systems with the behaviors the IT governance arrangements were designed to encourage. The typical concern: "How can we expect the governance to work when the incentive and reward systems are driving different behavior?" This mismatch is bigger than an IT governance issue. Nonetheless, IT governance is less effective when incentive and reward systems are not aligned with organizational goals.

Provide transparency and education

It's virtually impossible to have too much transparency or education about IT governance. Transparency and education often go together—the more education, the more transparency, and vice versa. The more transparency of the governance processes, the more confidence in the governance. Many firms like State Street Corporation use portals or intranets to communicate IT governance. State Street's portal includes under the section "IT Boards, Committees, and Councils" a description of the Architecture Committee and all the other governance bodies. The portal includes tools and resources, such as a glossary of IT terms and acronyms and the "Computer Contract Checklist." Often portals include lists of approved or recommended products. Templates for proposing IT investments complete with spreadsheets to calculate the IT business value are often available.