Reader Questions on Governance

Q: In your example, the project review process is typically performed once. My experience is that changes in excess of a certain monetary or value threshold require that a project be reevaluated. The review process is both time-consuming and expensive.

A: You bring up an important point: Successful governance mechanisms depend on ensuring that the initial and subsequent project evaluations and decisions are performed quickly. Review processes can be expedited if the executive investment management board: 1. understands how much it can spend and what return the project should generate; 2. is able to convene virtually to make critical decisions quickly; 3. is supported by an independent group of value analysts who ensure quality submissions; and 4. delegates responsibility for decisions that are below certain risk thresholds.

Q: We have taken the first step in implementing governance councils with relative success. However, we struggle with keeping project updates focused on pertinent issues.

A: Great councils rely on good staff work. Good staff—in the value management world—will focus the council on the decisions it needs to make by presenting the relevant information in a succinct format. The value management analysts should be independent of the IT organization—most likely staffed from the finance function.

Q: What is the best way to codify the life cycle of corporate governance?

A: The first step is getting the CEO and COO to make it clear that business executives are accountable for value realization. The second step is showing that value monitoring can be made practical and consistent with the company culture. Partner with the CFO and find a receptive general manager and a project that can be used as a test case. After a few iterations of this process, the company commitment will have solidified, and the requirements for a codifying tool will be understood.

Q: How can we get answers to John Thorp’s questions? For example, how do we benchmark IT change control? We have already checked ITeL [the IEEE Information Technology Library], some consulting companies and our peer organizations.

A: Don’t start from scratch, but do remember to start your education process at the top of your organization. Don’t benchmark with peer organizations; benchmark with companies that are more mature in their IT practices. Look for organizations in industries or segments that have a higher level of information intensity. For example, if you are in retail, visit distribution companies. If you are in brick-and-mortar manufacturing, visit online manufacturers. If you are in health care, visit insurance companies. If you are in insurance, visit banking.