You have an IT department, but you are not big enough to have a Chief Information Officer (CIO) or a Chief Technology Officer (CTO) and the company owner isn’t a technology master. Can you outsource this position part time?

There are a lot of companies that bring in people to cook the books on a weekly or monthly basis, but few consider bringing in someone to make the IT decisions. In fact, all too often the important IT decisions are passed off to the IT department ( or IT person) hoping they will make the right decisions.

Leave IT Governance To An Expert

In business today this is a horrible decision. Consider finding an IT professional, who can manage your IT department, not on a day to day basis, but to make the decision on where your company should be going. Someone that can work with you to outline your business goals and budget, and then tell you the technologies that are best suited for your company.

Often people hire a consultant to come in one time to do an audit, and then that person vanishes forever. Or until the company suddenly finds themselves about 5 years out of date. What you are looking for someone with knowledge of your business, a wide understanding of technology, an understanding where both your business and the technologies that are best suited for your business, and someone who knows where IT is going.

If you have such a company and are in France, you can hire me. If you are willing to work with someone remotely, I may still be your man. But, this post is not about getting me a job.

The person you need must have a willingness to collaborate with your business units, and be able to explain in terms that you will understand where the technology is going and how both the technology and your business can grow together.

IT Governance is a complex field and should not be taken lightly.

Technology touches all parts of a company, so it is important that the different business unit leaders are involved in this process, and they have to understand that the person, even though part time, has the decision making responsibility. Too many people think they know enough about technology to make decisions themselves, but a sales person is usually not the best person to make these type decisions. Bringing in a part time person is to improve their performance, to another person to do battle with over fiefdoms of a company.

If you don’t have a person to run your IT department, outsource IT decision making.

I belong to a forum on IT Governance, and recently the discussion turned to the narrower and broader definitions of IT Governance. Each person posted an opinion and here is a collection of the definitions that I thought did the job.

Every IT organization is different, so in defining your IT Governance Policy you can select the best from each of these.
Weill and Ross focus on Specifying the decision rights and accountability framework to encourage desirable behaviour in the use of IT.

In contrast, the IT Governance Institute expands the definition to include underpinning mechanisms: “IT Governance is the responsibility of the Board of Directors and Executive Management. It is an integral part of the Enterprise Governance and consists of the leadership and organizational structures and processes that ensures the organization’s IT sustains and extends the organization’s strategies and objectives.”

While AS8015, the Australian Standard for Corporate Governance of ICT, defines Corporate Governance of ICT as “The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organisation and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organisation.”

“Good IT governance ensures that IT investments are optimized, are aligned with business strategy, and deliver required value within acceptable risk boundaries – taking into account culture, organizational structure, maturity, and strategy.”

“The Organisational capacity to control the formulation and implementation of IT strategy and guide to proper direction for the purpose of achieving competitive advantages for the corporation”, it was given by UK Ministry of International Trade and Industry in 1999. It is simple and it suggests the important difference among IT Strategy and IT Governance, the first is related to what the IT Department has to delivery, the second is related to the capabilities the IT Department has to achieve in order to succefully identify and execute the IT Strategy. An other interesting definition is: “IT Governance is the responsibility of the Board of Directors and executive management, it is an integral part of enterprise governance and consist of the leadership and organizational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategy and objectives”

IT governance in hospitals:

• IT governance is the organizational capacity exercised by the board, executive management and IT management to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT (Van Grembergen, 2002).
• IT governance is the responsibility of executives and the board of directors, and consists of leadership, organizational structures, and processes that ensure the enterprise’s IT sustains and extends the organization’s strategies and objectives (ITGI, 2003)
• IT governance is specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT (Weill & Ross, 2004).
• IT governance is the strategic alignment of IT with the business such that maximum business value is achieved though the development and maintenance of effective IT control and accountability, performance management, and risk management (Webb, Pollard & Ridley, 2006).

Most authors agree on IT governance as a top-management concern of controlling the strategic impact of IT and its value delivery to the business (De Haes & Van Grembergen, 2005; Maizlish & Handler, 2005; Weill & Ross, 2004; ITGI, 2003; Ribbers, Peterson & Parker, 2002). But it is not agreed upon whether the core of IT governance is a set of structures, processes and relational mechanisms (De Haes & Van Grembergen, 2005), bundled performance metrics to aid IT process monitoring (ITGI, 2003), or cascaded balanced scorecards (Van Grembergen, Saull & De Haes, 2004; Kaplan & Norton, 1996). Simonsson and Johnson (2005) provide an IT governance definition based on a consolidation of literature. Their definition, based on an analysis of sixty different articles on IT governance, is:

• IT governance is about IT decision-making: The preparation for, making of and implementation of decisions regarding goals, processes, people and technology on a tactical and strategic level (Simonsson & Johnson, 2005).

“Institutionalizing the use of transparency, accountability and common sense in the management of IT.” “IT Governance is the function responsible for (defining, establishing and measuring) the enterprise IT (vision, strategy, policies, structures and capabilities) required to support business value generation and corporate governance requirements.”

Because (IT) Governance is very illusive, a wide range of definitions can be found. The table below presents some of these definitions.

In 2005 we launched the IT Governance Association, in the Netherlands. A Consortium of a dozen companies studied on all available material and tried to get a clear practical picture of what IT governance was. Of course we ran into the enormous number of definitions, most of which were very unstructured and redundant with other definitions. We soon adopted the idea of a rigid separation of governance and management and worked our way through the material from that perspective. We also largely adopted the work done in the AS8015. Being the Program Manager of the ITGA I was responsible for bringing this project to a good end, but sadly I haven’t succeeded in that (you win some – you loose some), but I won’t bother you with the reasons for that. Nevertheless we created a lot of valuable content, which has never been published. From that draft material I qoute the following – for what it’s worth (anno 2006):

On the definition of IT Governance

Governance seems to be an illusive concept. “What is it and what is its purpose” seem questions hard to answer. Wikipedia defines Governance as: “Governance comprises the processes and systems by which an organization or a society operates”. Luckily Wikipedia provides some extra clarification as well: “One should distinguish the concept of governance from its associated concept, politics. Politics involves processes by which a group of people with initially divergent opinions or interests reach collective decisions generally regarded as binding on the group, and enforced as common policy. Governance, on the other hand, conveys the administrative and process-oriented elements of governing rather than its antagonistic ones.” Surely this helps a lot. Accordingly we can conclude that Governance is not involved in the actual decision making, but merely in organizing proper decision making.

Important element of the governance definition is the ‘organization or society’-part. This is crucial in concluding that governance (and therefore decision making as well) takes place on different levels in our society. Governance and decision making on one level is always part of governance and decision-making on a higher level, but it also encompasses governance and decision making on a lower level.

Two important conclusions are drawn here:

• 1. Governing and decision making are different thing but inseparable
• 2. Management is always governed on a higher level, but not necessarily in the same organization.

Because IT is supporting business processes, the governance of business processes (i.e. Corporate Governance) is determining the contents of IT Governance and therefore the contents of IT decision-making. And IT Governance is determining the contents of Governance on lower levels in IT (i.e. IT Projects Governance and IT Operations Governance, see chapter 4).

Because (IT) Governance is very illusive, a wide range of definitions can be found. The table below presents some of these definitions.

Some of the most contributing models and theories for this book and the general perception of IT Governance are:

1. Strategic Alignment model of (J. Henderson & N. Venkatraman
2. IT Governance Contingencies (P.M.A. Ribbers, R.R. Peterson & M.M. Parker)
3. IT Governance structures, processes and relational Mechanisms (W. van Grembergen)
4. Generic Framework for Information Management (Rik Maes)
5. The CIMA Enterprise Governance Framework
6. Governance versus Management (Sohal & Fitzpatrick)
7. Cobit (focus areas)

But neither of these theories and models were sufficient enough to come up with the management perspective on IT Governance. So the Consortium used best of all these theories and models and contributed hands-on experience to it in order to establish the management perspective on IT Governance. The models and theories are described in more detail below.

Within ITGA we use the following definition for IT Governance:

“The total of assigning of accountability and responsibility and the design of the IT organisation, aimed at an efficient and effective use of IT within the business processes and by conforming to internal and external rules.”

Several aspects of this definition need clarification:

Accountability: the principle that individuals, organisations and the community are responsible for their actions and may be required to explain them to others.
Responsibility: To be entrusted with or assigned a duty or charge.
Organizational design: the application of principles discovered by theories of organization structure to planning the relations between departments, the grouping of tasks, and the flow of work in organizations. Modern theories that reflect the variety of managerial choice also imply a wide range of different designs.
Business Processes: business processes refer to the workflows within a company and, on the other hand, to the processes involved in inter-company transactions
Rules:a principle guiding action.