Why is IT governance so difficult to implement?

IT governance is bureaucratic and tough, but it's also essential to every organization.

“Governance? Process? Yuck, nasty words!”

Those are the actual opening words I used in an introductory email to O’Reilly Media business leaders whom I was inviting to participate in an important new process. What I was introducing had the potential to become antagonistic bureaucracy and could seriously backfire. So I was treading carefully but knew I had to move forward to enable our desired IT transformation and sustainable on-going effective operations.

But let’s step back and understand the origin of my motivation for this new process.

As an IT leader, do these statements sound familiar? Demand for IT capacity far exceeds the ability for the IT team to deliver. Everyone who makes a request considers theirs to be a priority and wants it done as soon as possible. There’s considerable frustration from requesters that their work is not getting addressed or has been put on-hold to address other priorities. The IT team is highly stressed, lacks direction, and morale is low.

The good news is that IT remains a highly valuable and in-demand business resource. The bad news is that all too often these statements reflect the state of IT operations for many businesses. And while it can continue like this, the costs are all too well known. IT becomes the bottleneck to business growth (yikes!) and effective operations and nobody is happy: not the IT team and not the business.

If you want to transform IT and fix these all-too-common issues, a new approach must be adopted. The trouble is that by introducing the methods to fix these problems, in the short-term it can be tough to win buy-in. In effect, you have to introduce a modicum of bureaucracy which will often arouse aversion by business leaders. Getting past those first few months and demonstrating success will help you turn the corner and transform the way IT is delivered. It’s not easy.

So what is this process?

What I’m describing here is IT governance. In simple terms, IT governance is a process that ensures that IT capacity is working on the right things at the right time to enable business goals. It’s a set of controls that focuses on organizational success while managing associated risks. Sounds simple, right? The devil is in the details! While nobody could argue that any process that aligns IT to business goals is the right strategy, it’s the change required and the compromises on the part of business leaders that can derail this most worthy of efforts.

Why is IT governance so difficult to implement?

Business leaders want to do the right thing. They want the business to succeed and they will work hard to make that happen. But all too often, they are motivated and rewarded by having their small part of the organization succeed. IT governance requires that the scarce resource of technology capacity be diligently distributed across the organization for overall business success. In other words, it requires that IT cannot be allocated on the basis of individual team needs but rather on collective, organizational goals. (Of course, we recognize that a small percentage of IT budget should be set aside for specific team needs and in many organizations each team gets a dedicated amount of cash for that very reason).

How does IT governance work?

IT governance works like this: all technology investment requests are brought to a central authority (at O’Reilly Media we call it our governance review board) and the merit of every request is debated and a decision is arrived upon. Membership of the board is made up of senior members of the organization that represent every function.

What is the core value that ensures IT governance will work? The ability to compromise.

If participants are focused on the success of the entire business, compromise becomes easier. Those not used to this type of approach will initially be frustrated, and that’s why the first few months are essential. You have to demonstrate that this is a better way to manage your scarce IT resources. If it works well, it solves most of the issues described earlier in my post. Seriously!

I’m passionate about IT governance because I see the enormous value it has for every type of business. But more specifically, to me, this is the central activity that will ensure the success of O’Reilly Media’s IT transformation. I’ve said it many times to my team and the business, if IT governance doesn’t succeed, it will radically hinder our abilities to do the important things we want to achieve. That’s no over-statement.

How is IT governance at O’Reilly Media working?

So far, so good. We now have a clear roadmap of IT projects that have been agreed and approved to move forward on. Business leaders are happier because they know what is being worked on and when solutions will be delivered. Some leaders have reservations, but they are remaining open-minded. The IT team knows what to work on and understands the role of the solution relative to other systems and goals. It is a win-win. But there is still important work to do and demonstrating the long-term value is still ahead of us.

Is IT governance optional?

There are many ways to implement IT governance, but the principles remain the same. While we can debate the method of implementation, I’ll go to bat to suggest that we cannot debate the essential value of IT governance. Regardless of the size of your business, some form of IT governance must be part of your organizational processes.

Bureaucratic? Sure. Essential? Definitely.


tags: , ,
  • Kerry NZ

    So how fixed is this roadmap? How often can it change and what is the process for that? That is, if a new opportunity/problem comes along that would be higher priority than existing work on the roadmap then how easy and quick is it to (a) recognise this, and (b) reallocate resources to it?

    The other issue that I’ve seen cause problems with governance is the split of effort between keeping things running and doing new things/changing things. Having a single pool of staff doing both means that issues in the keeping things running space can impact on the resources available and hence timeframes for the transformation efforts. But ringfencing staff for keeping things running causes its own issues as the peak number needed is usually more than that allocated.

    Any thoughts on these issues?

  • mjaniec

    It’s hard to govern IT projects when business impact is often not defined.

    Many IT projects start without solid business case, since there is a lack of common language to define problem.

    However, you may try to understand nearly any IT solution from business perspective.

    For example take this niche and specialized software:


    You can see what business benefits are connected with it, what business areas you can use it in, what business processes are affected, and what KPI can be used to measure results.

  • It’s interesting to see this problem documented from such a high level.

    I have encountered it throughout my career in various forms, it is often addressed by a new CEO or VP promising to tackle the problem by adopting some form of ‘IT governance’ before slumping back into the old ways.

    The main issues which arise are:
    – Short term Business targets/deliveries (at team and company level) begin pushing such projects down the priority list.
    – Resistance to change only has to be on one level for it to be hugely disruptive. If a team like it’s current way it can present a adaptable face while slowing things down on the shop floor.
    – Company wide agreement is very difficult, even for parties willing to change

    Affective ways to tackle these issues include flattening the company hierachy (as far a IT governance is goes), also introducing a ‘just do it’ initiative to middle management when it come to lower level decisions.

  • Alex Measure

    As a non-IT employee at a large organization, one of my biggest frustrations has been IT governance, so I was very excited to see your post, especially since you have such a prominent role at what I can only assume is one of the most forward thinking IT institutions.

    In my experience at least, the problem is very clear: the separation of IT staff from “regular” staff has created a huge misalignment of objectives.

    “Regular” staff know what the business needs to do and have plenty of things they want to throw IT resources at, but they know very little about how to use IT effectively. IT staff on the other hand often know very little about what the business needs, and by attempting to steer projects away from what appear to them to be unnecessary features, often provide solutions that don’t meet the organization’s needs.

    Your solution (to a related but different problem) is to route everything through a central board, but while reading your description I couldn’t help but think of the centralized planning boards of Soviet Russia, and wonder if your board might share the same failings. The problem I fear is that by moving the decision making to a central board, you are moving the decision making further away from the people who know what the problems are. For example, does the board representative from print publishing really know anything about the tech needs of the conference organizing division? Why then should they be assessing the worthiness of each others’ tech initiatives?

    My personal experience suggests a different direction. Although the office I work in has lots of fancy and very expensive IT investments, our most useful system is a scrappy little application built in Excel with VBA macros. It was put together by a “regular” employee who happened to be a hobbyist programmer and saw a business problem and a way to solve it.

    It makes me wonder, why do businesses feel this need to separate IT resources from their other business functions? I imagine the fear is that valuable IT skills will go idle if left in one spot for too long. What this approach fails to realize however, is that the most valuable IT skills are the ones that are paired with a deep understanding of the problems the business faces. That kind of understanding is something that IT staff can only gain by becoming intimately familiar with the “regular” work itself.

  • Kerry NZ:

    Thanks for taking the time to make your great points and your questions.

    Issue 1: A roadmap should be as fluid as your organizations strategy. A roadmap illustrates the sequence in which IT solutions are made available. If strategy changes, so should the roadmap (even if that means stopping and/or shutting down projects).

    Issue 2: We’re trying to achieve a 40/60 ratio between maintenance work and investment activities respectively. You organizational needs will dictate your spread, but you do need to figure out what works so that you can manage capacity effectively.

  • Alex Measure:

    Thanks for your comments and questions.

    The members of the board represent all parts of the business. Anyone in the organization can pitch a new proposal and then the board debates and determines what to do with it. There are mechanisms for communication that enable interested parties to have input and this helps to avoid any gap that might be present between those voting and “regular” staff.

    It’s important that someone from one division does not promote their self interest, but rather that they think of the best interests of the organization. In this way, you avoid the issues you describe.

  • PeterM

    Hear, hear!

    IT spend is a result of many factors, but at the core, it starts with joint decision-making about priorities for investments. This discipline requires:
    – IT having people “on the ground” that really know what is going on in the business
    – Having a well-defined business strategy to guide decisions
    – Getting everyone to the table
    – Keeping the business & IT engaged over time
    Certainly a challenge, but one that is worth the ongoing effort.

    The priority/spend decisions then tie into budgeting, capacity & resource planning, IT technical/product roadmaps, regulatory imperatives….before you know it, behold – a strategy.

    The observation about profitability is an interesting one. It seems that, by extension, businesses that have developed the ability to make effective decisions regarding IT investment might also be equipped to make intelligent decisions in other business areas. Stands to reason that these businesses would be more profitable…

  • I agree very much with Alex Measure. Good IT is a matter of “divide and conquer”, where you split your IT people and embed them within each business team, not having IT as a monolithic separate entity, and moreover: not managing them centrally. The approach you described in the article looks like trying to herd cats in the least effective way.

    Less centralization gives way to less company-wide standardization. But that’s good because IT for each business unit is what that unit needs. IT people would work with business people, directly into the problem domain, instead of with other IT people who are all as ignorant about business requirements.

    Standardization and central planning is for communist countries and inefficient companies. Flexible vertical business units with all they need at reach is the way to go.