MIT’s Peter Weill says that "an effective IT governance structure is the single most important predictor of getting value from IT" (from his paper "Don’t Just Lead, Govern: Implementing Effective IT Governance," coauthored with Richard Woodham). If that’s true, how do we explain the fact that many organizations have not set up governance in a way that promotes value?

That question was recently posed to me by one of my clients. Even though she is responsible for her company’s current governance structure, she sees it for what it really is: nothing more than a well-run project approval process, with ROI calculations, business sponsor testimonials and meetings attended by all the usual suspects. At no time has the governing body revisited an approved project in light of new information (also known as change requests), terminated a project or assessed the company’s track record for value realization. Sound familiar?

Let’s be honest. At many companies, governance should be called "govern-once." Although there is broad agreement about what governance should be—"the decision rights and accountability framework to encourage the desirable behavior in the use of IT," as Weill puts it—in reality what passes for governance is often a one-dimensional, checklist-based and attendance-based effort focused solely on project prioritization and approval.

In The Information Paradox, John Thorp writes about full-cycle governance. CIOs must ask themselves four "ares" to reach this ideal state:

1. Are we doing the right things?

2. Are we doing them the right way?

3. Are we getting them done well?

4. Are we getting the benefits?

If you think about these four questions, you can easily see that many companies focus their efforts on the first but never address the other three concerns.

Since most competent IT executives understand what governance should be, it is safe to assume that they have good reasons for not pushing harder for full-cycle governance. In my view, they don’t believe the effort is justified.

Without question, it’s hard work implementing full-cycle governance. Many organizations have immature investment disciplines typified by a "if we build it, the value will come" approach. They will not devote the effort necessary to establish measurement systems that will sustain a focus on projects for years after they have been theoretically implemented. In addition, since the majority of CEOs believes that CIOs should be held accountable for realizing value from IT investments, it takes a lot of rewiring to get the accountability shifted to where it needs to be: the business leaders who own the three P’s of value realization—people, processes and P&L. Finally, a lot of IT types don’t believe that value targeting and monitoring is practical (for example, proponents of the "ROI is dead" position).