Next-generation IT governance
- By Kris van Riper, John Taylor
- Nov 16, 2015
The current IT environment's extensive business-led technology spending, multiple decision-makers and iterative planning cycles have stretched traditional IT governance to its limits. Although the core goals of good IT governance remain the same — alignment of investments with mission strategy, control over risk and efficient use of IT resources — the approaches used to ensure them must evolve.
A primary driver is the increasingly dispersed nature of IT spending and decision-making. In a recent TechAmerica survey of federal CIOs and chief information security officers, half of the respondents said the CIO controlled less than 50 percent of their agencies’ IT spending. Additionally, CEB research shows that nearly 75 percent of business partners are willing to take ownership of their own IT projects.
Although business partners have a mission-led mindset when it comes to IT spending, the responsibility for ensuring its added value to the organization and adherence with data and security standards ultimately remains with the IT department.
Historically, IT governance oversight has relied on rigid processes, one-size-fits-all approaches and a single entry point for investment planning. In the new environment, those approaches can lead to over-investment in low-risk initiatives or delayed response to new opportunities, further intensifying public scrutiny of government IT.
Today's IT leaders instead should frame investment decisions in ways that encourage mission partners to adhere to good governance.
CEB research has identified key tactics that enable IT to create an adaptive governance model within an organization and maximize returns from IT spending:
- Allow different entry points. A majority of business partners do not believe IT’s current engagement model aligns with their investment needs, and it does not allow them to exploit new technologies. Instead of mandating a single point of entry for governance processes, IT should allow mission partners to lead the investment process when the capabilities involved are localized and low-risk.
- Present recommendations as trade-offs, not imperatives. IT typically portrays investment governance as a single standard based on technical needs, with little room for dialogue with business partners. A more productive approach frames those choices as a set of trade-offs with justification based on audience-relevant business outcomes. That facilitates better discussions around technology decisions and guides stakeholders to solutions that are best for the enterprise.
- Minimize the burden of risk assessments through consolidation. Instead of repeatedly handing off risk assessments between various risk management functions, those functions should assess mission-led initiatives in parallel to speed the process. Today, a number of leading organizations are using self-service risk assessments that include interactive questions to triage initiatives that require the most attention and oversight, thereby reducing coordination costs for both stakeholders and IT.
- Highlight continuing support requirements. Governance does not end when the investment is approved. IT must consider the complete life cycle and drive projects’ end-of-life conversations with mission partners to avoid legacy burdens. By providing visibility and comparisons of operations and maintenance spending across mission units, business partners will be equipped with an enterprisewide view of demand. That increased transparency makes clear the ongoing costs and trade-offs involved in legacy support.
As IT's central role in meeting organizational objectives continues to increase, the need for adaptive and effective governance is more critical. By presenting mission partners with relevant options and trade-offs and reducing the level of effort required to meet governance standards, IT can ensure the success of investments, regardless of the funding source.
Kris van Riper is a managing director at CEB.
John Taylor is a senior analyst at CEB.