17 August 2014

Governance revisited

As part of my preparation for a panel discussion entitled The Strategic Roles of Governance in Delivering Enterprise Capabilities for the Open Group Summit in Kuala Lumpur on 18th August 2014, I revisited the topic of governance. The term is often abused in an attempt to make something sound more interesting, with such ridiculous examples as "SharePoint Governance". Governance is something that governors do, not managers. It's the stuff that board members do: they direct, monitor and evaluate how their managers are running the business. Some highlights from various sources follow.

Robert Tricker wrote first book to use the title Corporate Governance in 1984 and defined the difference between governance and management as:  “Management runs the business; the [governance] board ensures that it is being run well and run in the right direction”.

Peter Weill defines governance as “Specifying the decision rights and accountability framework to encourage desirable behaviour in the use of IT” and identifies 5 critical IT domains:
  • principles
  • architecture
  • infrastructure
  • business application needs
  • investment and prioritisation


ISO 38500, the international standard for Governance of IT defines governance as “The system by which the current and future use of IT is directed and controlled.” and stipulates “Corporate governance of IT involves evaluating and directing the use of IT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using IT within an organization.”
ISO 38500 refers to six dimensions that need to be addressed:
  • Responsibility
  • Strategy
  • Acquisition
  • Performance
  • Conformance
  • Human Behaviour

Weill’s ‘desirable behaviour’ and ISO 38500’s ‘human behaviour’ are key. It’s about directing, monitoring and evaluating what people actually do. Effective governance recognizes the inherent weaknesses of the human condition and takes appropriate measures.

It has been observed that the most important word in the title of ISO 38500, ‘Governance of IT’, is ‘of’. IT is governed by another body, not by itself. IT departments manage IT, and are governed by directors at a higher level of authority.

While ISO 38500’s scope is limited to IT, COBIT addresses a broader scope, explicitly referring to information and related technology as two separate entities that deserve to be managed in their own right. COBIT’s definition exhibits similarities with ISO38500 because it also speaks about ‘direct and control’: “A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes”.


11 August 2014

What’s your focus: cars or drivers?

At the LEADit conference in Melbourne on August 13th 2014 I’ll be talking about the pressures that are driving change in IT Departments, and offering three scenarios for career development if you happen to work for an IT Department.

The pressures are twofold and come from opposite directions. First we've got an increasing number of external service providers who offer standard products and services faster, cheaper and often better than IT Departments. This is a natural result of standardization and commoditization of technology, and the specialization of suppliers. The other pressure comes from the IT Department’s customers: the business. Increasingly IT-savvy business people are putting IT Departments under pressure to perform better, faster and cheaper, and are bypassing IT Departments and creating their own IT ecosystem when the IT Department doesn't respond. The IT Department is in the squeeze between both demand and supply.

Given this situation, a plausible future for the IT Department is to become a broker. As Charles Araujo describes it in his book The Quantum Age of IT, there’s a transformation from IT Retail to IT Manufacturing. This entails a significant shift in competences and is not for the weak of heart. But the alternative is extinction. A hundred years ago, many organizations had their own electricity departments with their own generators and technicians. But as electricity became a commodity, they got replaced by external service providers. You get the point.

Another trend is the realization that while the IT systems and services have to be fit for purpose and fit for use, no value is actually realized until the users use the systems effectively and efficiently. Research in the area of productivity loss due to IT issues indicates that by better training and in particular monitoring how users actually use systems can produce productivity gains that are the equivalent of a 20% cost reduction of IT costs. But who ensures that the users are using the systems effectively and efficiently? To use a transport analogy, if the IT Department is in the business of building cars, who’s helping the drivers to get to the right destination? Think about your own organization. Yes, maybe you have super users but odds on that they’re pretty reactive. I’m thinking more about ‘super duper users’ who are tasked with proactive support and guidance. The domain where the super duper users reside, is not in the IT Department. It’s part of the business. Part of the IT ecosystem that I referred to earlier, where the business is developing capabilities to ensure that Demand and Use is just as strong as Supply.

Demand and Use is one of the three options that you could consider as a career move if you currently work for an IT Department. But you’ll have to ‘jump the fence’ and work for the business. The other is to stay put in the IT Department and transform into a broker. The final option, which I believe is best option if you want to stick to the IT Manufacturing part of ITSM, is to work for an external service provider.