Tip

Modernizing the IT governance framework for fun and profit

An overhaul of your IT governance framework can be fun and profitable. This may sound a little far-fetched, but bear with me.

IT leaders, including chief information officers (CIOs), must ensure proper governance over all aspects of the IT estate. IT governance focuses on five core principles, according to the

Requires Free Membership to View

ISACA's COBIT 5 framework:

  1. Meeting stakeholders' needs
  2. Covering the enterprise end-to-end
  3. Applying a single integrated framework
  4. Enabling a holistic approach
  5. Separating IT governance from management

The problem with the IT governance model is that the first principle is often a victim of the requisite processes and policies for the other four. This focus on how to implement the governance framework to control and reduce risk has a problem -- it makes IT unwieldy and unable to meet the needs of stakeholders.

The governance of IT investments is a mess, and IT governance is killing enterprise innovation, according to a Harvard Business Review report. That's a bit heavy-handed, but the core premise of the article is correct: Far too many IT investments are tactical and not driven by value creation for the business.

Where IT is -- and should be -- investing funds

IT projects that could create new channels for revenue, that could dramatically change the underlying cost drivers, or drive market entry opportunities are often underfunded. Instead, uninspiring, incremental changes divert capital, dramatically reducing the IT team's ability to add value for the enterprise.

Let's get a bit more tactical. Key levers for governance reside in the management of IT operations and in information security practices. IT refers to them as "guardrails" -- they help the business operate without driving into a ditch. Business users, however, call them barriers to innovation.

The IT culture has an image as the "No" team: "No, you can't use that device"; "No, you can't access that website"; "No, you can't implement that Software as a Service tool that works 10 times better than the crap we built for you six years ago and have failed to maintain"; "No, you can't use the cloud because it's not secure or can't be managed the same way we manage everything else."

All of these "No you can't" decisions are well-intentioned -- or at least aren't meant to be capricious -- but the perspective is wrong. When IT teams seek to control and govern IT use, they fear the unknown: "If I don't understand it, how can I let you use it?"

The way things were in the enterprise data center

Many enterprises' IT department's current methods were implemented over strenuous objections, barriers and processes that only delayed the inevitable. The existing IT governance model said, "No," but as the new technology or approach became the norm, IT relented and allowed it.

Examples abound: Traders implemented SQL databases in Wall Street trading rooms to get real-time position and risk information -- over the objections of IT; Salesforce.com got into businesses through the sales door and was forced on IT after implementation; Modern application architectures are copied from consumer Web examples, often years after they have been proven at a scale that IT never has to face. In one personal example, I saw a team that was delayed from implementing a single workload on a public cloud because of an 800-person IT operations group that threw up barrier after barrier via their IT governance framework.

It's this controlling orientation of IT governance models that keeps IT off the innovation bandwagon. And it's also fear -- fear of losing control or relevance.

Rather than ask, "How can IT control this stuff," the right question for CIOs and IT leadership is: "How can I change our IT governance process to truly meet the needs of stakeholders and obliterate barriers?"

Cloud computing is changing the way data center teams should think about IT governance. In the second part of this column, John Treadway discusses how following a new IT governance model works when embracing cloud computing.

About the author:

John Treadway is a senior vice president at Cloud Technology Partners and is based in Boston.

john.treadway@cloudtp.com
Twitter: @johntreadway
 

This was first published in December 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.