IT Governance: How Top Performers Manage IT Decision Rights for Superior Results

Peter Weill and Jeanne W. Ross

2004 Harvard Business School Press

IT Governance Themes
1. Governance Definition 2. Effective Governance & Governance Decisions and Archetypes 3. Governance and Management 4. Governance Mechanisms 5. Importance of Good Governance 6. Characteristics of Top Governance Performers 7. Additional Information

Governance
Providing the structure for determining organizational objectives and monitoring performance to ensure that objectives are attained. (OECD 1999)

IT Governance
Specifying the decision rights and accountability framework to encourage desirable behavior in using IT. IT governance is not about making specific IT decisionsmanagement does thatbut rather determines who systematically makes and contributes to those decisions,
(Weill & Ross 2004, p. 2).

Governance Components
Strategy: Set of choices Desirable behaviors: Beliefs and culture of organization defined and enacted by strategy, mission statements, etc. Assets Human, financial, physical, intellectual property, information & IT, relationships Governance of assets: Through organizational mechanisms such as committees & procedures
(Beyer and Sproull 1981)

Behavioral Side of Governance

Definition
the relationships and ensuing patterns of behavior between different agents in a limited liability corporation; the way managers and shareholders but also employees, creditors, key customers, and communities interact with each other to form the strategy of the company. (Nestor 2000)

In IT Governance
Formal and informal relationships Assign decision rights to specific individuals or groups of individuals

Normative Side of Governance

Definition:
Refers to the set of rules that frame these relationships and private behaviors, thus shaping corporation strategy formation. These can by the company law, securities regulation, listing requirements. But they may also be private, selfregulation. (Nestor 2000)

In IT governance
Defines mechanisms for formalizing relationships Rules and operating procedures to ensure objectives are met

IT Governance Themes
1. Governance Definition 2. Effective Governance & Governance Decisions and Archetypes 3. Governance and Management 4. Governance Mechanisms 5. Importance of Good Governance 6. Characteristics of Top Governance Performers 7. Additional Information

Effective Governance
Actively designedset of IT governance mechanisms (committees, budgeting processes, approvals, and so on) that encourage behavior consistent with the organizations mission, strategy, values, norms, and culture, (Weill & Ross 2004, p. 2-3).
Can overcome limitations of organizational structure

Increase organization agility, ability to recognize and respond to changes

Effective IT governance must address three questions

1. What decisions must be made to ensure effective management and use of IT? 2. Who should make these decisions? 3. How will these decisions be made and monitored?

 IT principles

What decisions must be made be made?

Clarifying business role of IT
Defining integration and standardization

IT architecture

IT infrastructure

Business application needs

Determining shared and enabling services

Specifying business need for purchased or internally developed IT applications Choosing which initiatives to fund and how much to spend

IT Investment and prioritization

Who should make these decisions?

Governance Archetypes
Business monarchy: top managers IT monarchy: IT specialists Feudal: each unit makes independent decisions Federal: combination of corporate center and business units with or without IT people involved IT duopoly: IT group and one other group (ex: top management or business unit leaders) Anarchy: isolated individual or small group decision making

Governance as a system
Decision IT principles IT architecture IT Application infrastructure needs strategies IT investment

Archetype

Domain monarchy
IT monarchy Federal Duopoly

Feudal
Anarchy

Weill & Ross, 2004

Starting Principles for Governance Arrangements

Federal model for input into IT decisions Duopoly arrangements for IT principles and investment decisions
Avoid federal arrangements for decision-making if possible
If used, must be mature enough to balance needs of center and business units

Business-oriented IT decisions (investments, principles, business application needs)

Joint decision-making with business and IT representatives

IT Governance Themes
1. Governance Definition 2. Effective Governance & Governance Decisions and Archetypes 3. Governance and Management 4. Governance Mechanisms 5. Importance of Good Governance 6. Characteristics of Top Governance Performers 7. Additional Information

Governance & Management

Governance
Determines who makes decisions Defines decision-making procedures

Management
Process of making and implementing decisions

Four Key Management Principles

1. Make tough choices 2. Develop metrics to formalize strategic choices 3. Determine where organizational structure limits desirable behaviors and design governance mechanisms to overcome limitations 4. Allow governance to evolve as management learns role of IT and how to accept accountability for maximizing IT value

IT Governance Themes
1. Governance Definition 2. Effective Governance & Governance Decisions and Archetypes 3. Governance and Management 4. Governance Mechanisms 5. Importance of Good Governance 6. Characteristics of Top Governance Performers 7. Additional Information

Effective Governance Deploys Three Different Types of Mechanisms

1. Decision-making structures
Organizational units and roles responsible for making IT decisions Committees, executive teams, and business/IT relationship managers Formal processes for ensuring that daily behaviors are consistent with IT policies and provide input back to decisions. IT investment proposal and evaluation processes, architecture exception processes, service-level agreements, chargeback, and metrics

2. Alignment processes

Effective Governance Deploys Three Different Types of Mechanisms contd

3. Communication approaches
Announcements, advocates, channels, and education efforts that disseminate IT governance principles and policies and outcomes of IT decision-making processes

Three Characteristics of Effective Governance Mechanisms

1. Simple
Mechanisms should unambiguously define the responsibility or objective for a specific person or group (Weill and Ross 2004, p. 114) Those affected by, or those who want to challenge governance process, should know how mechanisms work Individuals engaged in best way to make given decisions

2. Transparent

3. Suitable

Five Principles for Designing Effective Mechanisms

1. Choose mechanisms from all three types 2. Limit decision-making structures 3. Provide for overlapping membership in decision-making structures 4. Implement mechanisms at multiple levels in the enterprise 5. Clarify accountability

IT Governance Themes
1. Governance Definition 2. Effective Governance & Governance Decisions and Archetypes 3. Governance and Management 4. Governance Mechanisms 5. Importance of Good Governance 6. Characteristics of Top Governance Performers 7. Additional Information

Importance of Good Governance

Good IT governance pays off
Good governance = superior profits

IT is expensive
Focus IT spending on strategic priorities

IT is pervasive
Well-defined IT governance arrangements distribute IT decision-making to those responsible for outcomes, (Weill and Ross 2004, p. 15)

Importance of Good Governance

contd

New technologies create opportunities and threats

Foresight to establish right infrastructure at right time creates new business opportunities

IT governance critical to organizational learning about IT value

Effective governance creates mechanisms to debate potential value and formalize learning

Importance of Good Governance

contd

IT value depends on more than good technology

Right people involved in IT decision making process

Senior management has limited bandwidth

Decisions throughout enterprise must be consistent with management direction

IT Governance Themes
1. Governance Definition 2. Effective Governance & Governance Decisions and Archetypes 3. Governance and Management 4. Governance Mechanisms 5. Importance of Good Governance 6. Characteristics of Top Governance Performers 7. Additional Information

Top Governance Performers

Link governance structures to performance measure on which they excel
Ex: growth or return on assets

Harmonize business objectives, governance approach, governance mechanisms, performance goals and metrics Balance multiple performance goals Governance models blend centralized and decentralized decision-making Tension around IT decisions, such as standardization and innovation, are made transparent

Characteristics of Top Governance Performers

1. More managers in leadership positions can describe IT governance 2. Senior management engaged in governance and communicates to rest of organization 3. More direct involvement of senior leaders in IT governance 4. Clear business objectives for IT investment 5. Differentiated business strategies 6. Fewer renegade and more formally approved exceptions 7. Fewer changes in governance from year to year

Top 10 Leadership Principles of Effective IT Governance

1. Actively design governance 2. Know when to redesign 3. Involve senior managers 4. Make choices 5. Clarify the exception-handling process 6. Provide the right incentives 7. Assign ownership and accountability for IT governance 8. Design governance at multiple organizational levels 9. Provide transparency and education 10. Implement common mechanisms across the six key assets

IT Governance Themes
1. Governance Definition 2. Effective Governance & Governance Decisions and Archetypes 3. Governance and Management 4. Governance Mechanisms 5. Importance of Good Governance 6. Characteristics of Top Governance Performers 7. Additional Information

Additional Information
Chapter 2: Five Key IT Decisions: Making IT a strategic asset Chapter 3: IT Governance Archetypes for Allocating Decision Rights Chapter 7: Government and Not-For-Profit organizations Chapter 8: Leadership Principles for IT Governance References

Chapter 2

FIVE KEY IT DECISIONS: MAKING IT A STRATEGIC ASSET

IT Principles
What is the enterprises operating model? What is the role of IT in the business? What are ID-desirable behaviors? How will IT be funded?

IT Architecture
What are the core business processes of the enterprise? How are they related? What information drives these core processes? How must the data be integrated? What technical capabilities should be standardized enterprise-wide to support IT efficiencies and facilitate process standardization and integration? What activities must be standardized enterprisewide to support data integration? What technology choices will guide the enterprises approach to IT initiatives?

IT Infrastructure
What infrastructure services are most critical to achieving the enterprises strategic objectives? For each capability cluster, what infrastructure services should be implemented enterprise-wide and what are the service-level requirements of those services? How should infrastructure services be priced? What is the plan for keeping underlying technologies up to date? What infrastructure services should be outsourced?

Business Application Needs

What are the market and business process opportunities for new business applications? How are experiments designed to assess whether they are successful? How can business needs be addressed within architectural standards? When does a business need justify an exception to a standard? Who will own the outcomes of each project and institute organizational changes to ensure the value?

It Investment and Prioritization

What process changes or enhancements are strategically most important to the enterprise? What are the distributions in the current and proposed IT portfolios? Are these portfolios consistent with the enterprises strategic objectives? What is the relative important of enterprisewide versus business unit investments? Do actual investment practices reflect their relative importance?

Chapter 3

IT GOVERNANCE ARCHETYPES FOR ALLOCATING DECISION RIGHTS

Monarchy: Business & IT

Business Monarchy
Business executives or individual executives
Committees of senior business executives Excludes IT executives acting independently

Business decisions affect enterprise as a whole Input from many sources

IT Monarchy
Individuals or groups of IT executives make decisions about IT architecture

Feudal
Business unit, key process owners or their delegates, region, or function Does not facilitate business-wide decisionmaking

Federal
Equivalent to central and state governments working together
C-level executives and business units or processes
IT executives as additional participants

Most difficult decision-making model

Business leaders have different interests than business unit leaders Biggest, most powerful business units get most attention and have greatest influence Management teams and executive committees resolve inherent conflicts

IT Duopoly
Bilateral agreement between IT executives and one other group Advantages
Two decision-making parties can achieve federal model objectives with simpler management structure Central IT can view enterprise as a whole and look for opportunities Manage adherence to IT architecture

Disadvantage
Expensive and ineffective for organization-wide issues

Anarchy
Each individual user makes local decisions based on own needs Expensive to support and secure Very few enterprises have formally sanctioned anarchy governance models

Starting Principles for Governance Arrangements

Federal model for input into IT decisions Duopoly arrangements for IT principles and investment decisions
Avoid federal arrangements for decision-making if possible
If used, must be mature enough to balance needs of center and business units

Business-oriented IT decisions (investments, principles, business application needs)

Joint decision-making with business and IT representatives

Chapter 7

GOVERNMENT AND NOT-FOR-PROFIT ORGANIZATIONS

Not-for-Profits
IT governance in not-for-profits similar to for-profits Different approaches come from broader definition of public value and ability to develop external capabilities and coproduction Cultural norms focus on consensus, transparency, equity
Affect governance design

Governance Challenges in Not-for-Profits

Measuring performance and value Culture of formal committees Limited budgets Endless opportunities to create value Performance measures not as clear as in for-profit firm

Value Framework in Not-For-Profits

(Moore 1995)

Authorizing environment
Potential clients or customers, funding sources, political influences Not for profit authorized to fulfill charter by clients, funding, political influences

Capabilities
Resources in the form of money and authority to create capabilities Legislation, regulation, influence can require other organizations to add capabilities that help not-forprofit meet goals

Value Framework in Not-For-Profits

contd

Public Value

Generated in addition to private value

Public goods & equity Extends beyond the organization, like concentric circles Public value created by not-for-profit goes back to authorizing environment in the form of transfers and provision of services
Authorizing environment grants permission back to the creators of public value in the form of market signals (increased demand) and political acceptance
Represented by goods and services

Value Framework in Not-For-Profits

contd

All three components (authorizing framework, capabilities & public value) must be aligned Goal for managers to create public value to maximum extent possible given authorizing environment expectations and available internal and external capabilities

Successful Governance in Not-for-Profits

Partnerships and joint decisions between IT and business leaders Heavy use of formal mechanisms, like committees Broader definition of value recognized by inclusion of representatives from outside the organization in IT governance mechanisms Mechanisms change with less frequency because communication and implementation of new procedures takes longer

Governance Mechanisms: Not-for-Profit Top Performers

Executive committees focused on all key assets including IT IT council comprising business and IT executives IT leadership committee comprising IT executives Architecture committee Tracking of IT projects and resources consumed Business/IT relationship managers

Chapter 8

LEADERSHIP PRINCIPLES FOR IT GOVERNANCE

 Senior management senses low value from IT investments IT often seen as barrier to implementing new strategies Mechanisms to make IT decisions are slow or contradictory Senior management cannot explain IT governance IT projects often run late or are over budget Senior management sees outsourcing as a quick fix to IT problems Governance changes frequently

Symptoms of Ineffective Governance

IT Governance Mechanisms Audit

How many mechanisms are in use? Do they overlap across more than one key IT decision? Are they used to govern other key assets (like human relationships)? Are they effective independently and together?

References
See Beyer, J., and Sproull, L., Ed. Nystrom, P.C., and Starbuck, W.H., 1981, Handbook of Organization Design, Volume 2, New York, Oxford University Press Moore, M., 1995, Creating Public Value: Strategic Management in Government, Harvard University Press, Harvard, MA Nestor, S., 2000, International Efforts to Improve Corporate Governance: Why and How, Organization for Economic Cooperation and Development Organization for Economic Cooperation and Development, Directorate for Financial, Fiscal and Enterprise Affairs, OECD Principles of Corporate Weill, P., and Ross., J.W., 2004, IT Governance: How Top Performers Manage IT Decisions Rights for Superior Results, Harvard Business School Press, Boston, MA