Governance is not enough

In the world of IT, “governance” has become a hot topic – a movement, even. It seems, on the surface, an altogether praiseworthy development. It would be hard to argue that companies shouldn’t try to set up clear rules, and assign clear responsibilities, for making decisions about IT spending and management. But I have to admit that I’ve always felt some nagging doubts about the whole governance phenomenon. With its emphasis on multi-step processes, forms and frameworks, and endless flip-charted meetings, it seems as much about burying problems in a pile of bureaucracy as actually solving them. Frankly, the governance movement seems like the type of thing that would be thought up by a group of consultants looking to maximize their billable hours.

So imagine my surprise to find an article by two consultants that concretely describes what I had only vaguely felt. In What IT Leaders Do, Eric Monnoyer and Paul Willmott, of McKinsey & Company, write that while governance systems sometimes “help IT and business managers work together to make smarter IT investments,” they haven’t solved the persistent problem of IT-business “misalignment” that “results in failed IT initiatives and high costs.” Indeed, they argue, governance initiatives often end up making a bad situation worse:

The problem is that IT governance systems have become a substitute for real leadership. Companies are relying on tightly scripted meetings, analyses, and decision frameworks to unite CIOs and business executives around a common vision for IT. But committee meetings and processes are poor stand-ins for executives who can forge a clear agreement among their peers about IT investment choices and drive the senior-level conversations needed to make tough trade-offs.

…Meetings and rules can’t make executives trust each other—trust is built at a personal level. Processes can’t command the attention executives give to trusted peers. In some companies, for instance, business leaders send delegates to technology committee meetings; they would never shrug off a meeting with a respected colleague, however. Systems alone don’t forge common visions or inspire action; without a leader, governance systems are like a vehicle without an engine.

If you’re a CIO looking to gain credibility with business managers, in other words, creating a governance bureaucracy is exactly the wrong place to start. It will probably just end up widening the existing buffer zone between IT and the business. Effective IT governance grows from business credibility; it doesn’t create it.

One thought on “Governance is not enough

  1. Alan Calder

    I agree.

    I’ve written two books on IT governance – IT Governance: Guidelines for Directors and IT Governance Today: a Practitioner’s Handbook (which are available through http://www.itgovernance.co.uk) an underlying theme of which is that it is the board – not the CIO and not the IT department – that is responsible for IT. IT governance can’t be seen as a ‘silver bullet’ to be implemented by the CIO, because that’s never going to work and we’ll still be in that insane world of worrying about how to align IT and the business. You’d never worry about aligning IT and the finance department, or IT and the marketing team, would you? If they were away doing something interesting to them but which didn’t actually have a whole lot to do with the business, you’d just fire the functional head and get a new one who’d ensure the function delivered what the business needed, wouldn’t you? And that’s the only sensible approach to take with anyone who thinks that IT is a seperate organization that might – or might not – become aligned with the business of which it is a part. What most businesses could do with is a CIO who speaks business not geek, and who understands the business and its needs and makes sure that those systems deliver (to time, to budget, to specification would also be useful). Achieving this means that the board and the CEO have to take a rather more informed and proactive view of IT and its role in the enterprise than they traditionally have. I think that’s what IT governance is really all about – board and executive leadership that encompasses the IT function and ensures that the IT people understand their role and that they deliver. IT should matter, I guess.

Comments are closed.