The definition of IT Governance still has many college CIO’s confused leading to dysfunctional IT governance models and poor results. That is based on a recent college CIO discussion on IT governance that revealed many CIO’s are more focused on getting broad input on decisions than they are on the effectiveness of those decisions and the investments they make. This insight may go a long way in explaining why so many presidents, provosts and CFO’s rate the effectiveness of IT investments so poorly.
The understanding of IT governance begins with the recognition IT governance is an extension of corporate governance (re: institutional governance). Therefore, it originates from the Board of Directors. As an extension of corporate governance, IT governance is a top-down model, never bottom-up.
Yet, college’s favor a bottom-up, or an inverted model of IT governance. This is the direct result of a distorted understanding of IT governance stemming from an affinity for stakeholder input and an absence of accountability.
This is a democratized perversion of IT governance masquerading as a “shared governance” model. Strong language I know, but it seems needed given how many institutions are suffering as a result of this dysfunctional IT governance model.
Definition of IT Governance – ISACA
ISACA, the creator of CoBIT defines IT governance as:
“The responsibility of executives and the board of directors; consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives.”
Too often in higher education the technology committee is deemed to be the IT governance committee. But when the technology committee is comprised of too many junior leaders or faculty it is unlikely they can adequately represent the enterprise view or the interests of the Board which is also why accountability cannot be attached to them.
Definition of IT Governance – ITGI
The IT Governance Institute (ITGI) offers a comprehensive definition of IT governance that fits within their IT Governance framework that I find very useful . It says in part:
“IT governance is the board’s ability to direct and control the enterprise’s use of IT resources in line with strategic goals. Leadership, organizational structure and processes are used to leverage IT resources and drive alignment, the delivery of value, management of risk, optimization of resources and performance measurement.”
That should make clear that you really don’t have IT governance if you are not focused on the outcomes and performance of the decisions. The ITGI definition goes on to say:
“The challenge is to address stakeholder expectations when multiple business units “own” and “use” the same set of services and where most applications are “owned” by individual business units that control the budget for design, development, and support. The first step towards better governance is to establish accountability. This requires an examination of the roles and responsibilities within the processes used for decision-making that can impact on the achievement of strategic goals.”
The comprehensive definition of IT governance also makes it clear that IT Governance is not IT management. I would go one step further and insist that IT governance cannot be effectively operationalized as a bottom up governance model.
Definition of IT Governance – Gartner
Gartner defines “IT governance (ITG) as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals.” Gartner makes two distinctions in IT governance:
- “IT demand governance (ITDG — what IT should work on) is the process by which organizations ensure the effective evaluation, selection, prioritization, and funding of competing IT investments; oversee their implementation; and extract (measurable) business benefits. ITDG is a business investment decision-making and oversight process, and it is a business management responsibility.
- IT supply-side governance (ITSG — how IT should do what it does) is concerned with ensuring that the IT organization operates in an effective, efficient and compliant fashion, and it is primarily a CIO responsibility.”
This definition should help clarify that IT governance is both an IT discipline and a business discipline with a delineation between them.
Definition of IT Governance – CISR
MIT Center for Information Systems Research defines IT governance and distinguishes it from IT management as follows:
“…a framework for decision rights and accountability to encourage desirable behavior in the use of IT. This definition distinguishes governance from IT management. IT management is the daily decision making and implementation activities around the firm’s use of IT. Governance identifies who will make key IT decisions and how will they be held accountable.”
As CISR goes on to say
“…good governance is enabling and reduces bureaucracy and dysfunctional politics by formalizing organizational learning and thus avoiding the trap of making the same mistakes over and over again.”
Sadly, IT governance in higher education often is not formalized and only adds to the bureaucracy of IT decision making thereby compounding the dysfunction.
What Many Colleges get Wrong
In case you missed it, what most colleges get wrong in IT governance is:
- They create a process for broad stakeholder input that functions as shared decision and a flawed substitute for IT governance;
- They allow IT governance to be hijacked by decisions on who gets the new iPad, desktop configurations and other supply side issues;
- They fail to implement sound business case models or processes for analyzing unrelated investment options;
- And, they fail to create accountability systems to ensure the expected benefits are realized.