IT Governance Model

Your IT governance model is one of the most critical processes to the success of your IT department and your organization. IT governance in many organization’s occurs through a technology committee but uses an informal process, or function, resulting in IT governance operating at a low maturity level. Informal IT governance often leads to reactive IT services and bad IT investment decisions.

A mature IT governance model accounts has three distinct elements:

  • Decision Making Rights and Responsibilities
  • Demand Side Governance
  • Supply Side Governance

To help explain these elements I will turn to the IT Governance Model I have used many times before. This model is based on the ‘Four Ares’ as described by John Thorp in his book The Information Paradox, written jointly with Fujitsu, first published in 1998 and revised in 2003. The biggest reason to use this model is that it relies on answering the four central questions of IT governance using a simple visual:

  1. IT Governance ModelAre we doing the right things? This question is about the alignment of the IT priorities with the priorities of the business.
  2. Are we doing them the right way? This question is about the processes and standards used in the delivery of IT services relative to generally accepted industry standards.
  3. Are we getting them done well? This question is about the efficiency and effectiveness which includes the capability and maturity of the methods being used.
  4. Are we getting the expected benefits? This is the accountability question focused on the business benefits including return on investment for operational and strategic expenditures.

Decision Making Rights and Responsibilities

The core of IT governance is not simply defining who can make what decisions. The core of effective IT governance is actually the accountability system which defines the responsibilities for results that must be delivered as a result of the decisions.

For those of you in higher education or organizations with similar cultures, your IT governance model likely struggles because of the cultural aversion to implementing accountability systems.

This element occurs in the top half of the IT Governance Model diagram where the focus is on deciding what the IT priorities will be and what accountability system is required to demonstrate the intended benefits have been achieved.

Demand Side Governance

Demand side governance focuses on IT investment decisions and project prioritization to maximize strategic value by minimizing operations and maintenance (O&M) demands. Demand side governance is focused on what IT will work on and occurs almost entirely in the upper left quadrant of the IT Governance Model.

Demand side governance ‘owns’ the criteria for evaluating IT investments, the financial analysis model and the thresholds for ROI, IRR, and NPV which are also used in the accountability system.

A technology committee usually fulfills the role of demand management in most organizations but may delegate some of it through a formal IT governance policy. But we all know most technology committees are mostly focused on the project related demands and are not actively managing the demand for operations and maintenance (O&M) support despite O&M demand usually consuming the majority of IT capacity.

Gaining control of the O&M demand is essential to freeing up capacity for strategic projects. That is why technology committees should insist on tracking all IT demand so they have visibility into the O&M demand as part of regular IT performance reporting. This is very easily done using a simple IT Project Portfolio Planning Toolkit.

Specific goals should also be set for managing O&M demand down which the technology committee uses in the accountability system.

It must be noted that even when a technology committee is the ‘owner’ of demand side governance, the work of demand side management is expected to be performed by the IT management team.

Restated, it is customarily the IT management team that does all the work required of demand side management so that the technology committee simply has to evaluate the information and recommendations presented and make the decisions.

One mistake IT managers make is in not facilitating the development of an effective technology committee including the training of its members.

Supply Side Governance

Supply side governance focuses on allocating resources, IT staff and technology, to the approved portfolio of work, organizational priorities, and achieving the expected value of the IT investments. Supply side governance occurs in the bottom half of the IT Governance Model and is the responsibility of IT management.

Supply side governance includes the workload management processes and managing the technology portfolio in a sustainable manner such that operations and maintenance demands can be minimized.

IT management is also responsible for optimizing the resources, human and technical, for maximum capacity and flexibility while also optimizing the processes and IT services for effectiveness and efficiency. This is where the idea of the IT Stress Test is used to determine the elasticity of IT capacity to scale up and out or contract based on changes in the business.

Supply side governance for many organizations is reactive with no formal system for managing workload. In these organizations there often seems to be an odd sense of pride in being able to react quickly to dynamic and shifting priorities without regard to the impact is has on job satisfaction and productivity.

Now that sounds good when you say it like that but it doesn’t change the fact that it is still chaotic fire fighting. In a mature IT governance model the accountability system would punish fire fighting and reward controlled and orderly execution of the portfolio.

What I like about this IT Governance Model is its simplicity and that it directly supports the discussion of the demand side and supply side governance functions. That means, it is easy to illustrate the issues of ownership and accountability which can be extremely useful in organizations where the non-IT folks want to get involved in deciding how IT should do things instead of focusing on what IT should be doing. But that cuts both ways in that it also tells IT they don’t get to carve out exceptions on what and that they must be accountable for results.

This entry was posted in IT Governance and tagged , , , , . Bookmark the permalink.

10 Responses to IT Governance Model

  1. Pingback: IT Governance Model | Hi-Tech Professional Development in Higher Education |

  2. Nicholas Yong says:

    You’re absolutely correct when you say that it’s a ‘…cultural aversion to implementing accountability systems.”

    In many organizations that don’t see their CIO/CTO as a strategic position and only as the ‘head-geek’ — read their peers — CEO/CFO/COO – every single technology related issue (which for some strange reason always includes non-information technology tools, say the staff lunch room microwave) affects the IT department. (That’s the clause that states, “Other duties as required.”)

    This is exacerbated when IT leadership, the CIO/CTO is fighting an uphill battle with their fellow C executives to understand that competitive advantage can only be enhanced when IT is considered as part of the company and not as an unfortunate necessary evil.

    You are also correct when you say, “… tells IT they don’t get to carve out exceptions on what and that they must be accountable for results.”

    IT governance and everything related to the current break/fix model of IT services requires the willingness of the CEO/COO/CFO and the CIO/CTO to change the perception from “IT is just another process we have to deal with” to “if we choose the right technology tools to aid our business” we will retain competitive advantage. Then and only then will IT gain the value position it so desperately wants.

  3. The Higher Ed CIO says:

    Nicholas – great points here on several elements. I do find that solid, mature IT governance, can be a huge help in making CIO/CTO more strategic. And when that isn’t needed/wanted it still offers the pathway for success.

  4. Nicholas Yong says:

    Mature and solid IT governance is indeed required for making the CIO/CTO role more strategic. Typically however we’re struggling to work with the cards we’re dealt – when the deck those cards are in are rigged. Transformation and perception of the IT department can only occur when IT departments follow business rules and speak to business leaders in business terms, NOT technical terms.

  5. The Higher Ed CIO says:

    Very true.

  6. John Thorp says:

    I do have to say that that the IT Governance Model presented here is indeed both a simple and powerful model. I have to say this because I developed the model, known as The Four “Ares”, while working with DMR Consulting (which later became part of Fujitsu Consulting) in the early 90s. It was first published in 1998 in The Information Paradox, and was incorporated, with permission and attribution, in ISACA’s Val IT Framework, which was first released in 2006, with a second version in 2010. I have no desire to constrain the use of The Four “Ares” – it works, and it is probably the most “re-used” piece of work I have ever been involved with. I do, however, appreciate it being attributed when used, along the lines of: “Based on the ‘Four Ares’ as described by John Thorp in his book The Information Paradox, written jointly with Fujitsu, first published in 1998 and revised in 2003”.

  7. The Higher Ed CIO says:

    I am so glad you shared the background as I can’t recall where I first came across your model but I have used it in one variant or another for several years now. It could have been Val IT or a derived work but that is besides the point. I will be happy to incorporate the attribution while I consider a different approach.

  8. John Thorp says:

    No need to change your approach unless you were planning to do so – we need more people who are aware of, understand and intelligently apply the model if enterprises are to address the ongoing challenge of creating and sustaining value from their increasingly large and complex investments in IT-enabled change.

  9. Pingback: IT Governance Model | IT Management |

  10. Pingback: Cos’è l’IT Governance? | Insoftware blog

Comments are closed.