Despite the increasing number of CIOs without an IT background, it's still fair to say that most were once techies. Historically, their expertise was in requirements analysis or SQL, service reporting or C++. They gradually moved up the ranks, either with a natural aptitude for management or picking-up management skills en route.
When they reach the role of CIO their focus needs to shift to leadership, strategy, inspiring the troops, organisation and skills, and governance ... all of which might seem somewhat mysterious at first.
Let's try to demystify IT governance ...
Perhaps the single best source of information on IT governance is ISACA’s “COBIT” framework (see isaca.org). I’m an ISACA member, and I've pored over the latest version of this framework. Boiling-down all the content, it explains that IT governance is ‘just’ the business of determining:
- What decisions must be made?
- Who should make them?
- How should they be made?
- How should all of the above be monitored and measured?
The ultimate aim of course is to ensure that business benefit is actually realised, with controlled investment and with acceptable risk.
A simple enough idea then. With a bit of luck, and a following wind, some CIOs might design an IT governance model in an afternoon.
More often it will take weeks, often with outside advice. In a large, mature IT estate there's usually an extensive array of stakeholders, a lengthy catalogue of services, entrenched ways of working, and trade-offs to make. There are information gaps too: both in how IT should align to the business strategy, and in how IT is really performing today.
And before you start, you need to be clear what your aim is. There's no point designing the world's most sophisticated governance model when the risks presented by IT are well-understood, minimal and manageable. That would be an unnecessary overhead and would frustrate progress. You need to understand what level of maturity is appropriate in each area of governance … and why.
As a first step we usually advise a brief exercise to model how IT relates to your business, an assessment of current governance against industry standards, the design of a future governance model, and some light transition planning to make sure the deployment of improvements if effective.
Another example then of a discipline where the concept is very simple, but the detail is very difficult to get right. If your IT service is straightforward you may have the time and expertise to design the required IT governance by yourself. Otherwise please feel free to get in touch for information or advice.