CIO — What’s beneath all the buzz about governance?
Like so many hot buzzwords, governance has come to mean different things to different people.
What’s the real meaning of the term, and what should IT leaders be doing about governance?
At the corporate level, especially in the shadow of the Sarbanes-Oxley Act, the word has come to mean ethics and truthful financial reporting.
In IT circles, it more commonly means resource management, especially investment (e.g., project) approval processes.
Some think of governance as the mechanisms of accountability to ensure that staff deliver on their promises.
Still others define governance as management controls to make sure that the IT function does what it’s supposed to. This often takes the form of committees that "help" IT leaders make their management decisions, especially popular in two situations.
- When the CIO or the IT organization is unpopular, governance is used by business-unit leaders as an excuse to meddle in the management of IT in ways that arm’s-length customers would never do to their suppliers in the real world.
- Where IT is decentralized, the term is used to justify some form of corporate control over the various business-unit IT groups that were originally established to circumvent corporate controls, generally resulting in political battles, stress, wasted time, damaged relations and little in the way of benefits to anybody.
The Real Meaning of the Term
So what’s the real meaning of the term?
All of the above. Governance means all the processes that coordinate and control an organization’s resources and actions.
Its scope includes ethics, resource-management processes, accountability and management controls.
With this broadly defined challenge, what should CIOs do about governance? Let’s first look at what doesn’t work....
In many cases, governance has been implemented in a narrow and often harmful way—as oversight through steering committees and auditors. The results are generally bureaucratic, imposing convoluted approval processes on already-burdened organizations. Heavy-handed, top-down controls squelch entrepreneurship, bog organizations down and drive administrative costs up.
Admit it, the last thing we need is more bureaucracy! Fortunately, oversight is not the only mechanism of governance.
Oversight prevents people from doing the wrong thing, be that making a bad investment or disregarding ethics and law. But why is oversight needed? Why do people do the wrong things and hence need to be controlled?
Organizations generate signals that guide everybody’s behavior. Most leaders recognize the power of metrics, but signals also come from an organization’s culture, structure, resource-management processes and methods. When these signals are poorly designed, people do the wrong things and oversight is needed to catch them.