Understanding IT Governance – Part One


In this two part series, I will provide an insight into the ten key principles of IT Governance. Part one will cover the first five principles and part two will cover the remaining five.

Let’s get started!

It seems there are many definitions for IT Governance. I would like to start by describing the definition as I understand it from my experience.


A framework for the leadership, organisational structures and business processes, standards and compliance to these standards, which ensure that the organisation’s IT supports and enables the achievement of its strategies and objectives.
So what does that mean? I have produced a concise version of what I believe the above statement represents which is “enable your organisation to operate in unity with people, process and technology to achieve business and IT alignment.”

Key Principles 1-5

1. Create / design the mechanisms for IT Governance.

Most mechanisms are designed as a result of a problem such as not gaining sufficient Return On Investment (ROI) on hardware / software or duplication of activities across your IT organisation – this is a tactical way of doing things and limits IT organisations from focusing on implementing mechanisms in a more strategic manner. Creating mechanisms using a strategic approach will help meet the company’s objectives and goals.

As with the implementation of anything whether it be a process or a new service for example, gaining the support of senior management is imperative for success. In many cases, organisations won’t have specific IT Governance in place however it is possible to leverage existing mechanisms that are used in the business such as project review, base lining and cost recovery models. It is important that mechanisms that are built follow a constant improvement cycle to ensure they remain agile and don’t impede the operation of your IT organisation. It is considered beneficial to have the fewest number of effective mechanisms as possible.

2. Redesigning mechanisms for IT Governance

The redesign process for IT Governance structure in your organisation will often require that staff learn new roles and build new relationships with different parts of the business and IT. As learning takes a long time, the redesign process should only be completed on an infrequent basis. Some companies change governance to encourage a certain behaviour resulting from changes in strategy.

Transformation of the way an IT organisation operates can promote many other issues and can often take months to implement. Having said that, IT Governance can be used in the transformation process as a lever to encourage change within your organisation. An example of this might be changing how IT budgets are defined / managed from a single business unit to a holistic company perspective.

3. Get Senior Management involved

Firstly, it is essential that CIOs must be involved in IT Governance and also other senior managers to ensure its success. Participation in the committees, approval and performance reviews is a must.

The participation of senior managers facilitates improving the synergy across the organisation and also creates the awareness to the business that IT should be viewed in the context of the entire company and not just a support function.

However, senior managers are generally willing to be involved but more often than not, are unaware of what value they can add. In light of this, it’s the responsibility of the CIO / key stakeholders in IT Governance to communicate effectively using a Governance Arrangements Matrix. The Arrangements Matrix is similar to a Roles and Responsibilities matrix in that it describes who is empowered to make decisions about specific aspects of IT Projects.

4. Making Choices

Good governance can be compared with having good strategy – both require choices. As with most process, it is not possible to meet every goal but the process should be able to identify conflicting goals and have a sub process that brings these conflicts to the table for debate.

Ineffective governance that has conflicting goals is more common in organisations that have directives from different places. This results in confusion, complexity and mixed messages which can lead to staff ignoring policies and processes. In some cases this can be attributed to having a number of unmanageable goals resulting from poor strategic business choices and had nothing to do with the IT organisation. Staff that are responsible for delivering these goals can often become frustrated and inefficient.

5. How to handle exceptions

Exceptions to the rule are how most organisations learn. In particular IT architecture and infrastructure can receive requests for exceptions that are thoughtless with regards to meeting the true business needs. An example of an exception procedure is:-

The process is clearly defined and understood by all. Clear criteria and fast escalation encourage only business units with a strong case to pursue an exception.
The process has a few stages that quickly move the issue up to senior management. Thus, the process minimises the chance that architecture standards will delay project implementation.
Successful exceptions are adopted into the enterprise architecture, completing the organisational learning process.

Having a formal exception process provides benefit to the organisation by learning about technology. Exceptions can often relieve pressure build up as managers can become frustrated if they are told they cannot do something to help the business.