The best IT governance models are those that are closely linked to corporate business objectives, according to Peter Weill, director of the Center for Information Systems Research at MIT.
Speaking at CXO Media Inc.’s Enterprise Value Retreat in Palm Desert, California, Weill cited a recent study of 256 companies in 23 countries that found that effective IT governance was generally correlated with good financial performance. Most companies studied, he said, still had room to improve how they govern IT decisions.
Weill told the crowd that leadership from the CIO is needed to establish a vision for IT within a company, and he argued that an effective governance model ensures that people throughout a company have a way to vet and execute their ideas. Both leadership and governance are necessary to generate business value, he said. Governance is a framework for defining who in a company has the authority to make IT decisions
“Look at financial and corporate governance,” Weill said. “The CFO doesn’t sign every check. He monitors what’s in the portfolio and the cash flow, and he manages the risk. CIOs can apply the same ideas to IT governance.”
Weill outlined several different IT governance models that have proven effective. The models are based on the set of decisions that CIOs typically make and the venue in which they occur–within the IT organization, by a team of top executives or some combination of executives and business unit leaders.
In general, he said, the companies in the study that did the worst job at IT governance shared responsibility for almost every decision–whether about the role of IT in the company, or IT infrastructure or investment decisions–between top executives and at least one other business group, without involving IT executives. The most successful involved both IT and business executives in determining the role of IT and making investment decisions, leaving purely technical decisions about architecture and infrastructure to the IT organization.
Weill reported that factors common to the top performers included:
– familiarity and involvement of senior executives with the company’s governance process;
– clear business objectives for IT investment
– a formal process for managing “exceptions”–decisions that, for whatever reason, had to be made outside the regular governance process; and
– consistent procedures for making IT decisions from year to year.
For Weill, the best governance process is not personality driven, and is not dependent on the CIO to actively manage it. The MIT director believes that a CIO should be able to “take a two month leave to do due diligence” on a merger or acquisition, and have the IT governance process sustain itself.