Governance of IT from a behavioural perspective
Christian Feldbech Nissen (CFN People, Denmark) and I had the pleasure of being part of an itSMF Sweden workshop in September 2015, in which we explored the elusive term ‘governance’. We came to the conclusion that while formal structures and processes are valuable resources that can be used to fulfil governance, factors such as money, politics, beliefs, maturity and pragmatism are the ones that really determine behaviour and therefore the success of the formal approach. The title ‘power eats COBIT® for lunch’ is a quote by Michael Ørnø (photo), director at Statens It (Danish agency for governmental IT services), who spoke at the workshop. While COBIT explicitly recognizes culture, ethics and behaviour as one of the groups of enablers for governance, many attempts to apply COBIT focus on the more technocratic enablers, and fail.
What is Governance?
We recognized two main interpretations of governance. The first interpretation is the role of a non-executive board of governors, appointed by shareholders, to direct, evaluate and monitor how their executive directors manage the organization. In this definition, non-executives govern, and everything else is management. The second interpretation of governance is ‘management of management’ and this occurs at all management levels below the top-level executive directors. This second definition applies to project governance, process governance, information governance etc. It is an extra assurance that things are being done well and is appropriate when the topic concerns a valuable asset. If it’s not valuable, it’s not worth the extra effort.
In the interactive part of the workshop, the participants split themselves into three discussion groups: governors, business managers and IT managers. In order to provide some coherent context, they were given a case in which they were all part of a large shoe manufacturer with outlets around the world. Their workshop task was to consider their concerns and their relationships with the other two parties in this governance triangle, and to decide what kind of behaviour they would like to seen from each party.
The business group was concerned with (1) expanding the business quickly and getting IT to support this growth, (2) their lack of control over IT, and (3) being misunderstood and undervalued by the governors, which resulted in allocation of fewer resources. They wanted IT (1) to speed up the deployment of standard solutions such as those need to equip new stores, and (2) to embrace the company’s innovative spirit and collaborate better and quicker on pilots such as ‘print your own shoes’. Regarding their relationship with the governors, they wanted them (1) to measure the business not with detailed (and in their opinion misleading) KPI’s, but more along the lines of the direction in which they were proceeding, and (2) to use more holistic KPI’s that represented how they were performing as part of the whole enterprise.
The IT group’s major concerns were (1) scaling up and down to respond to changeable business demands (finance was not a problem – the business divisions had sufficient budgets), (2) the gap between corporate strategy and the strategies of the semi-autonomous business divisions, and (3) not being involved in IT decisions in the business. The behaviour that they desired from their business partners was (1) to provide better requirements as to what they want to achieve, (2) to provide clearer communication channels to prevent IT being bombarded from multiple directions with unclear authority, and (3) to prioritize between the various business divisions which investments have the highest priority (to this goal an IT board within was proposed, in which the IT’s CIO would participate).
The final group, the governors, were of the opinion that in the straightforward shoe business, IT was just an administrative resource and as such, the IT department was subordinate to the business profit centres. They wanted the business to take more responsibility for achieving their goals, and they wanted IT to listen to do what the business needed.
Of the various resources available to ‘implement’ governance, the groups thought mainly in terms of strategy and goals, controls, roles and responsibilities, organisational structures, and maturity. The main takeaways were that:
- Realisation that relationships and behaviour are often neglected, when analysing and improving governance
- ‘Management of management’ as a moving window that can be applied to all levels of management, is a pragmatic definition of governance
- Business people may need to talk to IT people more than the other way around
- IT people feel somewhat vulnerable when engaging with the business
- Comparing the IT department to a cartoon character was an interesting way of making a point: “Nobody wants to be Goofy”
- The triangle governors-business-IT can be seen as a family where governors are the parents and business and IT siblings who either solve their differences themselves or plead that their parents intervene