IT Governance aka Information Management

It’s not hard to be overwhelmed by all the reports, books, blogs and articles related to information technology (IT) Governance, IT project challenges, and overall IT service delivery. In many cases the data continues to show the alarming trend of high tech projects with high overruns in both expenses and time. Moreover, the final solution will often lack many of the features and functionality originally promised.

Whether we call it IT Governance or Information Management, the primary goal is to achieve clarity in our actions and bridge business needs and business value with timely information access and delivery.

Information and communication technology can be very complex for both the products and services as well as their integration. Einstein’s quote is appropriate for we are often in discussions where IT is expressed in over-simplified terms or portrayed with exaggerated complexity. Reality can be elusive.

Whether a large or small business, profit or non-profit, information technology is expensive. This expense is nonlinear as the size of the organization grows. That is to say, wasted IT expenses grow exponentially in larger organizations. A portion of this waste is a result of multiple systems with poor integration, lack of knowledge for the IT strategic road map, and IT projects missing timelines, functionality and general budget overruns.

Bent Flyvbjerg and Alexander Budzier of Oxford’s Said Business School conducted a study and found average project overruns were around 27% although this number masked an alarming trend. They found one in six projects studied were black swans[ref name=”my-unique-id-1″]a term coined by Nassim Nicholas Taleb to describe high-impact events that are rare and unpredictable but in retrospect seem not so improbable[/ref], with cost overrun of 200% on average, and a schedule overrun of almost 70%.

The term IT Governance seems to cause anxiety for those who feel it’s simply a synonym for complexity and analysis paralyses. Others may argue governance can appear incongruent with productivity or performance. Still others feel the term “governance” is applicable only to large corporations. Perhaps they mean large bureaucracies. So what is the definition for IT Governance?

[stextbox id=”123″]The IT Governance Institute states “IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.”

ISO 38500 defines it as “the system by which the current and future use of IT is directed and controlled. It involves evaluating and directing the plans for the use of IT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using IT within an organization.”

vi-strat-ess defines Information Management as the combination of technologies and processes that efficiently meet the needs of the business and customer community with dynamic and sustainable strategy, risk management, clear and consistent multi-directional communication and well formed performance metrics.[/stextbox]

Primary focus is on organizational information. Technology is merely one of the tools used to access and distribute information. Technology for technology sake is meaningless. Technology for information sake should be the reason IT professionals exist.

Again, the opening quote attributed to Einstein is quite appropriate. Let’s add another quote…

There is an inherent excitement in understanding business needs and finding practical and strategic solutions. The healthier the communication the better the results. Unfortunately, I have seen many an IT organization get wrapped around an axle, generate hidden agendas and start understating or overstating status and reasoning. Even with the best intentions, that is a very slippery slope and “intent” is anything but pure.

We often hear the phrase “doing the right things for the right reasons”. While it sounds great, it is also very vague. I would suggest performing well defined actions for well defined reasons. What is right or wrong can be, and often is, very subjective. It also becomes easy to rationalize the right things and right reasons (back to that slippery slope). Performance metrics become better defined when our methodology and reasoning are crisply defined. After all, precise performance metrics is one of the best ways to hold IT accountable.

There is a story where Alfred P. Sloan asked his board of directors if the plan presented had any downside. With no downside presented, Mr. Sloan tabled approval for the following week so to give the board a chance to identify risks and issues.     Leadership, Processes, well defined performance metrics, strong analytics and risk management contribute to a healthy framework for IT Governance or Information Management. The following represents this concept. Note the Deming Wheel[ref name=”my-unique-id-2″]William Edwards Deming was an American Statistician, professor, author, lecturer and consultant. He is most noted for his work in Japan where we was awarded Japan’s Order of the Sacred Treasure – Second Class, the second highest award Japan gives to civilians. It recognized Deming’s contributions to Japan’s rebirth using his quality control techniques[/ref] or Shewhart Cycle[ref name=”my-unique-id-3″]Walter A. Shewhart (shoe-heart) was an American physicist, engineer and statistician and known as the father of statistical quality control and sometimes referred to as the grandfather of Total Quality Management (TQM)[/ref] or kaizen[ref name=”my-unique-id-4″]Kaizen is Japanese for “continuous improvement” or “change for the better”. It is said “kai” means “to change” and “zen” means “good or for the better”. It requires that everyone in the organization be involved in the improvement process to include executives, management, and the line staff[/ref] terms of Plan – Do – Check – Act

As shown below, larger organizations will likely have larger teams that interlink to produce the required structure for IT Governance. Smaller organizations may have the same functionality albeit with single individuals serving multiple roles.

The abbreviated overall concept is to have a keen understanding of the critical success factor’s (CSF) for organizational achievement. We then look at both the financial capability and the various means by which to achieve the direction. We identify the best strategic approach that fits our financial model and then establish key performance indicators (internally and externally) to validate we are on the designated path. Remember, even if you’re on the right track you’re going to get hit by a train if you’re facing the wrong direction or don’t move. KPI’s will also aid us in making the necessary adjustments to reach the intended goals.

There will always be some formality to any approach taken. If for no other reason, you want to keep track of what worked and what didn’t. More importantly, you want to understand why it did or didn’t work. Strong, repeatable processes and the appropriately shaped organizational model also creates the necessary environment for consistent and uniform management and delivery of information.

Nothing substitutes experience. Information management has numerous threads woven together to form the fabric from which the organization can optimally perform and grow. Weaving accomplished by the right mix of talent and structure produce quality products that stand the test of time.

On a final note, balance in the approach taken for effective IT management can be challenging. The black swans had numerous telltale signs of missteps and problems, some even before the work began. A model that’s too weak or too strong will cause major problems. It is important to have appropriate KPIs and a methodology already established for the quick but thorough examination of any suspect progress and results.

“Keep it as simple as possible, but no simpler”