1. IT Governance as Resource Mobilization

1. Intro to IT Governance1IT has become crucial in the support, the sustainability and the growth of the businessThe pervasive use of technology has created a critical dependency on ITThis calls for a specific focus on IT governanceConsists of the leadership and organizational structures and processes that ensure that the organizations IT sustains and extends the organizations strategy and objectives (Grembergen et al., 2004)2What is IT Governance?IT governance can be defined as specifying decision rights and accountability framework to encourage desirable behavior in the use of IT (Weill & Ross, 2004)

3Other definitionsIT governance is the structures and processes that ensure that IT supports the organizations missionThe purpose is to align IT with the enterprise, maximize the benefits of IT, use IT resources responsibly and manage IT risks42) A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprises goals by adding value while balancing risk vs. return over IT and its processes53) IT governance is the responsibility of the board of directors and executive management (integral part of enterprise governance) and consists of the leadership and organizational structures and processes that ensure that the organizations IT sustains and extends the organizations strategies and objectives

64) IT governance is the system by which an organizations IT portfolio is directed and controlledDescribesA distribution of decision-making rights & responsibilities among different stakeholders, andThe rules and procedures for making and monitoring decisions on strategic IT concerns (Peterson, 2004)7Extensive Definition (ITGI)IT governance is a board or senior management responsibility in relation to IT to ensure that:IT is aligned with the business strategyIT and new technologies enable the organization to do new things that were never possible beforeIT-related services and functionality are delivered at the maximum economical value or in the most efficient wayAll risks related to IT are known and managed and IT resources are secured.8Distinction between IT Management & IT Government IT management is focused on the internal effective supply of IT services and products, and management of present IT operationsIT governance is much broader, and concentrates on performing and transforming IT to meet present and future demands of the business (internal focus) and the business customers (external focus)9Fig-1-Distinction between IT management and IT governance

10The domain of IT management focuses on the efficient and effective supply of IT services and products, and the management of IT operationsIT governance faces the dual demand ofContributing to present business operations and performance, andTransforming and positioning IT for meeting future business challengesITG is both internally and externally oriented11ITG encourages desirable behavior in the use of ITA desirable behavior is one that is consistent with the organizations mission, strategy, values, norms, and culture such as behavior promoting entrepreneurship, sharing, and reuse or relentless cost reductionITG is not about what specific decisions are made (that is management)Rather ITG is about systematically determining who makes each type of decision (a decision right), who has input to a decision (an input right), and how these people (or groups) are held accountable for their role12Good ITG draws on corporate governance principles to manage and use IT to achieve corporate performance goalsEffective ITG encourages and leverages the ingenuity of all enterprise personnel in using IT, while ensuring compliance with the enterprises overall vision and principlesSo, good ITG can achieve a management paradox: simultaneously empowering and controlling (Weill, 2004)13All enterprises have ITGThe difference is that enterprises with effective governance have actively designed a set of ITG mechanisms (committees, budgeting processes, approvals, IT organizational structure etc) that encourage behaviors consistent with the organizations mission, strategy, values, norms, and cultureWhen the desirable behaviors change, ITG also changes!14ITG cannot be considered in isolation because it links to the governance of other enterprise assets (such as financial, human, intellectual property, etc)Governance of the key assets, in turn, links to corporate governance and desirable behaviorsIn the models of corporate governance, one can organize the variables and concepts used to describe the complexity of corporate governance mechanisms into two main categories: capital-related and labor-related15The capital-related aspects contain variables like ownership structure, corporate voting, the identity of the owners, and the role of institutional owners.The labor-related aspects refer mainly to the stakeholding position of labor in corporate governance (employee involvement schemes, participatory management, co-determination etc.16Corporate GovernanceBecame a dominant business topic in the wake of the corporate scandals of midyear 2002 Enron, Worldcom, and TycoInterest in corporate governance is not new, but the severity of the financial impacts undermined the confidence of institutional and individual investors, and heightened concerns about the ability and resolve of private enterprises to protect their stakeholders17Contributed to the downward pressure on stock prices worldwideNew US Govt. legislation required CEOs to personally attest to the accuracy of their firms accounts and report results more quickly.Corporate America increased the level of self-regulationProfessional investors are prepared to pay large premiums for investments in firms with high governance standardsFirms best on corporate governance could expect an increase of 12% in market value18Corporate governance is defined as providing the structure for determining organizational objectives and monitoring performance to ensure that objectives are attained [Organization for Economic Cooperation and Development (OECD), 1999]There is no single model of good corporate governance, but in many countries corporate governance is vested in a supervisory board that is responsible for protecting the rights of shareholders and other stakeholdersThe board in turn, works with a senior management team to implement governance principles that ensure the effectiveness of organizational processes19Framework for linking corporate and IT governance (Fig-2)

20The top of the framework depicts the boards relationships.The senior executive team, as the boards agent, articulates strategies and desirable behaviors to fulfill board mandatesStrategy is seen as a set of choices (targeted customers, product & service offerings, unique position targeted, core processes etc.)Desirable behaviors embody the beliefs and culture of the organization as defined and enacted thro not only strategy but also corporate value statements, mission statements, business principles, rituals, and structures21Desirable behaviors are different in enterprises. Behaviors and not strategies create valueFor instance, J&J relied on autonomous business units (individual J&J operating companies) to create shareholder value for nearly 100 years. Later, J&J evolved to specify desirable behaviors like lowering costs, creating mechanisms for better understanding the unique needs of individual customers.Transferring employees across J&J companies to help them identify with the corporation.22The lower half of the fig 2 identifies the 6 key assets thro which enterprises accomplish their strategies and generate business valueSenior executive teams create mechanisms to govern the management and use of each of these assets both independently and together23Key assets include the followingHuman assets: people, skills, career paths, training, reporting, mentoring, competenciesFinancial assets: cash, investments, liabilities, cash flow, receivablesPhysical assets: buildings, plant, equipment, maintenance, security, utilizationIP assets: IP including products, services, and process know-how formally patented, copyrighted or embedded in the enterprises people and systems24Information and IT assets: digitized data, information, and knowledge about customers, processes performance, finances, Info systemsRelationship assets: relationships within the enterprise as well as relationships, brand, and reputation with customers, suppliers, business units, regulators, competitors, channel partners25Governance of the key assets occurs via organizational mechanisms (structures, processes, committee, procedures, and audits)Some mechanisms are unique to an asset (IT architecture committee)Others cross and integrate multiple asset types (the capital approval process) ensuring synergies between key assetsMaturity across the governance of the assets variesTypically, financial and physical assets are the best governed, and information assets are among the worst 26At the bottom of fig 2 are the mechanisms used to govern each of the 6 key assets.Enterprises with common mechanisms across multiple assets perform betterIf the same executive committee governs both financial and IT assets, a firm can achieve better integration and create more valueSome mechanisms will always be unique to each asset (audit committee for financial asset and the IT architecture committee for IT)But, some common mechanisms lead to better coordination of the six assets27Creating common governance mechanisms across assets will not only increase integration, but the resulting smaller number of mechanisms will be simpler to communicate and implement.Education of the senior management team about how governance mechanisms combine to work for the enterprise, is an essential and ongoing task for effective governanceMany tangible benefits await better IT governance (Weill & Ross)28Back to IT governance InsightsIn governing IT we can learn from good financial and corporate governance - CFO doesnt sign every chequeInstead, she sets up financial governance (who can make what decisions and how)She then oversees the enterprises portfolio of investments and manages the required cash flow and risk exposureTracks a series of financial metrics to manage the enterprises financial assets, intervening only if there are problems or unforeseen opportunitiesExactly the same approach should be applied to ITG29Desirable behavior and governanceIT governance: Specifying the decision rights and accountability framework to encourage desirable behavior in the use of ITAims to capture the simplicity of ITG and also its complexityThe senior management team designs the IT decision rights and accountabilities to encourage the enterprises desirable behaviors30If desirable behavior involves independent and entrepreneurial business units, IT investment decisions will be primarily with the business unit heads.In contrast, if desirable behavior involves an enterprise-wide view of the customer with a single point of customer contact, a more centralized IT investment governance model works better. More centralized models for HR (and other key assets) would also assist in achieving a single point of customer contact.31Problems occur when there is a mismatch between desirable behavior and governance.Example a particular business unit wanted to lead its financial services industry segment with a new IT-enables service providing alerts to important clients via their handheld devicesThe business unit had to pay the entire cost of the wireless infrastructure plus the application development cost for the business processBut, other business units and product offerings would probably use the same infrastructureThus the innovator was asked to bear all the risk and other business units could then utilize the infrastructure, if successful (irrational?)32Rational Solution was to introduce a dividend system consistent with the firms cultureFor a potential multi-business unit application for the infrastructure, the CEO would fund some of the cost (20%) from corporate fundsThe innovating business unit would make the remaining infrastructure investmentIf other business units later utilized the infrastructure, the innovating business unit received a dividend of one-third its cost from each business unit

33This approach encouraged early adopters and created infrastructure to foster future innovation across the enterprise.The new funding mechanism, implemented via the executive management, capital investment, and IT architecture committees, carefully balanced risk and reward, encouraging rather than discouraging desirable behavior34The example highlights two complementary sides of governance articulated by OECDBehavioral side the way managers, shareholders, employees, creditors, key customers, and communities interact with each other to form the strategy of the companyNormative side the set of rules that frame these relationships and private behaviors, thus shaping corporate strategy formation. These can be the company law, securities regulation. But, they may also be private, self-regulation35The behavioral side defines the formal and informal relationships and assigns decision rights to specific individuals or groupsThe normative side defines mechanisms formalizing the relationships and providing rules and operating procedures to ensure that objectives are metEnterprises often implement a dozen of or more mechanisms to make IT decisions36Effective IT governance must address three questions:

What decisions must be made to ensure effective management and use of IT?

Who should make these decisions?

How will these decisions be made and monitored?

There are numerous frameworks and insights that can help management teams address these questions37