A CIO at a leading financial services company in Sydney recently changed my thinking with regard to IT Governance. Up until then I had formed the impression that a lack of effective governance was the main reason why the IT industry has a track record littered with so many disasters. As such, I had come to the conclusion that if you want to make sure the monies you invest in IT deliver business outcomes then you need to be rigorous in the application of governance structures to the IT function.
However, this CIO argued that IT needs to be much more pragmatic in how it applies governance. In her mind she feels that many in IT are pursuing governance with the same vigour that those on the extreme left and right in politics pursue their ideological agendas. Unfortunately, as with politics, she believed that the zeal of the extremists can often act as a turn off for those who could most benefit from better IT governance.
Her views had been shaped by the attitude of her CEO. She had found that her CEO had a tendency to equate IT governance with more bureaucracy. He wanted an IT department that could enable the organisation to be agile and responsive to market opportunities. Unfortunately, many of the IT governance structures he had encountered in the past were overburdened by too much focus on processes and procedures. He had found that such rigidity often frustrated his organisation from responding to these market opportunities.
Nevertheless, this CIO also realised that there was a lot of merit in having a governance framework. Like many CIOs she faces the constant battle of trying to do more and more with less and less. She understands that in her organisation, like the vast majority of businesses, IT sits in the epicentre. Wherever there is change there is an IT ramification. The task for many CIOs, like this one, is often to determine what not to do. These hard decisions can only really be successfully made within some effective governance mechanism which provides the proper processes to determine demand and project prioritisation.
The trick this CIO felt was a need to determine some form of balance between risk taking and slavishly following the rules. She felt that businesses should take a leaf out of the way that most governments approach economic policy. Since the Industrial Revolution government economic policy tends to alternate between a laissez-faire approach and a more regulated one. Often governments believe that there is a need to encourage entrepreneurs and innovation. As such, they will loosen the reins of government as a way of stimulating new business initiatives. However, as the world found with the Global Financial Crisis, after a time an unregulated market tends to end in spectacular failures. The lack of controls can encourage recklessness where people pursue short term financial goals that can have devastating long term consequences. Therefore, as we are seeing now, governments progressively start to tighten the reins to impose some rigour and accountability on the markets. Unfortunately, over time these regulations become an impost that act as a deterrent to investors. This then results in a decline in economic growth, there is a corresponding rise in unemployment and eventually the government comes under pressure to liberalise the market. When they do the economic cycle starts again. Such manoeuvrings have tended to characterise the economies of most Western governments since the Second World War.
Interestingly, this CIO suggested that this had many parallels with how CIOs needed to approach the task of governance. In particular, she stressed that the priority for CIOs was to view the need for ICT governance in the context of where a business is at currently. A business that is under the pump probably requires a more innovative and risk taking approach to ICT governance. ICT might be a source of new products or a way of eliminating inefficiencies. On the other hand executives in a business that has been growing rapidly over a number of years must realise that eventually they need to use governance as a way of establishing some rigour and stability to ensure the gains they have made are consolidated.
What I liked about this thinking was that it highlights the fact that ICT governance is not an end in itself. Like all governments the structures for governing need to evolve in keeping with what is going on around them. However, in my mind such an approach to ICT governance runs contrary to much of the current conventional thinking on this topic. The modern trend has been to advocate the need for businesses to embrace comprehensive governance frameworks like Val IT from the IT Governance Institute or the ISO/IEC 38000 international standard. These though are so thorough that they can be off-putting for the uninitiated. However, for the converted they run the risk of being interpreted too dogmatically. Such CIOs might see them as a panacea for many of IT’s past ills which they clearly are not.
Instead what I heard this CIO say was that the application of ICT governance needs to be much more pragmatic. She believed it was wrong for IT executives to view governance in black and white terms. In her mind the real challenge all CIOs face is improving business outcomes. Therefore, the goal of ICT governance is to help the business towards these ends. Sometimes a business needs a greater focus on discipline. Sometimes it needs to be prepared to take a risk. The reality that CIOs need to understand is that when applying enhanced governance one size does not fit all. Their governance structures need to adapt to current circumstances. As in politics this is often more art than science. However, CIOs should note that the politicians who master this challenge are the ones who usually keep on governing!
1 comments:
Unfortunately governance is not something you can turn on and off like a tap.
Instead of flipping between extremes, surely the "lightest touch required" governance approach should be pursued.
Post a Comment