PART B
IMPLEMENTING IT GOVERNANCE
This second half of the book is aimed primarily at CIOs, IT executives, IT managers and all operational IT staff tasked with introducing an IT governance framework and associated decision-making model into your organisation. In this half of the book, you will be led through the development and implementation of an IT governance framework for your organisation. If you have skipped the first half of this book, then I encourage you to take five minutes to go back and read the Part A Introduction and the Review of Part A.
After 30 years of experience in the IT industry, I can safely say that most big IT failures are a result of miscommunication between the board and the IT executive and senior IT managers. Initially, there was a considerable language barrier between the IT people and the people signing off cheques for IT equipment and systems for the IT people. When I started work for a US computer mainframe company in the 1980s, the IT people were naturally isolated from the rest of the business by virtue of the requirement to keep the computer equipment in a highly controlled environment for temperature and humidity. Often the computer equipment sat behind an extra layer of security – swipe card access, or iris recognition (if you believe the movies from that era). Business requirements were very straightforward – we were either crunching large numbers for a statistical or financial transaction application or we were predicting the weather, putting rockets into space or trying to solve complex engineering problems. We put numbers in and took numbers out – it was very easy. Along came the desktop computer, and gradually IT went from being a specialist tool kept in an isolated building to something used ubiquitously across all departments of an organisation, and accessible from every desktop. In most organisations the early desktops were rolled out almost silently, with little training and low expectations.
I am sure that the roots of IT had (and still have) a significant influence on the way IT systems have been and still are propagated across an organisation. I still encounter organisations where the IT team have very little contact with the main business folk, and in some places there is a hint of antagonism between the two teams. In fact an organisation I visited just recently highlighted this point. The CIO appeared to be fighting a constant battle with his users. He was very keen to introduce a fully locked down stable desktop environment, and yet staff kept trying to introduce new and untested applications and generally bypassing the security measures that he had put in place. Everybody was frustrated. The IT team locked themselves away with their servers and communicated via surly emails, and the CIO escalated the issue to his manager, the CFO. The antagonistic staff escalated their concerns to another member of the senior executive. The two executives tried to resolve the problem and came up with a compromise that did not suit either party. The root cause of the problem was a classic case of bad governance that was made worse by the traditional stance of the IT team to distance themselves physically from their difficult users.
So what was wrong? Well, the CIO was rewarded (through his performance objectives) for maintaining a safe, secure, stable and locked down environment. The difficult staff (who turned out to be a group of research engineers) were rewarded for developing innovative solutions, and they had been used to having administrator access to their desktops and downloading applications as and when they wanted. There were a variety of solutions that would have worked and satisfied both parties. However, the solution that seemed to be most appropriate to protect the sustainability of the business appeared to be to modify the KPIs for the CIO so that he was incentivised to meet the needs of the business whilst maintaining the security requirements for the organisation. There were several ways he could have achieved this without putting the organisational data at risk, once his instructions were clear.
I have seen the same problem where the CIO was acting in line with business requirements, and the mindset of the users needed to be adjusted. The job of resetting the mindset of the peers of the CIO or staff senior to the CIO lies with the senior executive. Non-IT senior managers are easy targets for IT vendors. If one of the senior and respected managers is pushing for a particular solution, then it can be difficult and maybe impossible for the CIO to push back, even if the solution would result in an increase in operating costs because it does not fit with the current or planned IT architecture. A similar issue is when there appears to be a constant difference of opinion between the CIO and the users as to how, what, when and why IT services should be delivered. Also, I have seen CIOs struggle to meet the lofty goals of the organisation on their assigned IT budget. This situation can only lead to disappointment through the provision of poor quality services or budget overspend.
Thankfully, though, you are most likely reading this book because your governing body or senior executive team have made the excellent decision to implement an IT governance framework in your organisation. The rest of this book will assist you with carrying out the task of implementation. By the end of the implementation you will have a very clear understanding of the expectations of your organisation for the delivery of IT services and solutions, and your governing body will have a very clear understanding of the budget and resources that you will require to deliver them. Your ongoing monitoring and reporting activities will ensure that there are no surprises for your governing body, as your IT environment evolves and resizes to meet organisational demand. Clear direction from the top of your organisation will provide clarification for all parties. With expectations aligned, there should be far fewer misunderstandings and internal grumblings around what is delivered and how it is delivered. And once you are working in harmony with the rest of the organisation, there will be opportunities to deliver innovative solutions that will give your organisation a market advantage over your competitors.
So, are you ready to develop good IT governance practices for your organisation? If so, then keep reading.