Beneath the Buzz: Governance - Beneath the Buzz - Leadership

IT Strategy. Tech Linkletter ... In a market-based economy, entrepreneurs naturally please customers and .... Author of six books, numerous monographs, columns and articles, he brings innovative .... Download an IDC white paper on IT-business alignment. Go! Are you ... HOME CURRENT ISSUE ARCHIVE. About CIO ...
Télécharger le PDF
241KB taille 1 téléchargements 280 vues
commentaire
Report
Beneath the Buzz: Governance - Beneath the Buzz - Leadership RC - CIO

1 sur 5

Leadership Budgeting

Enterprise CIO Executive

KM/Storage IT Value

http://www.cio.com/leadership/buzz/column.html?ID=2687

Security

Industries

Sourcing

Technology

Career

Leadership & Mgmt

Home > Leadership > Beneath the Buzz

CIO.com About Search Awards Programs Subscribe

BENEATH THE BUZZ

Beneath the Buzz: Governance

Magazine Current Previous

Does governance mean ethics? control? resource allocation? something else? It could be all of the above—it can all be handled by a systemic approach.

Print Links Newsletters CIO Store CIO Conferences CIO Executive Council Blogs News Alerts CEO Reading IT Strategy Tech Linkletter Tech Policy Viewpoints Experts Alarmed Analyst Corner Beneath the Buzz Consultant Briefing Higher Learning

Feb 28, 2005 — What’s beneath all the buzz about governance? Like so many hot buzzwords, governance has come to mean different things to different people. What’s the real meaning of the term, and what should IT leaders be doing about governance? Popular Definitions At the corporate level, especially in the shadow of the Sarbanes-Oxley Act, the word has come to mean ethics and truthful financial reporting. In IT circles, it more commonly means resource management, especially investment (e.g., project) approval processes.

Some think of governance as the mechanisms of accountability to ensure that staff deliver on their promises. Still others define governance as management controls to make sure that the IT function does what it’s supposed to. This often takes the form of committees that "help" IT leaders make their management decisions, especially popular in two situations.

1. When the CIO or the IT organization is unpopular, governance is used by business-unit leaders

In the Know Leading Questions Weigh-In Discussion Forums

Advertisers

2.

as an excuse to meddle in the management of IT in ways that arm’s-length customers would never do to their suppliers in the real world. Where IT is decentralized, the term is used to justify some form of corporate control over the various business-unit IT groups that were originally established to circumvent corporate controls, generally resulting in political battles, stress, wasted time, damaged relations and little in the way of benefits to anybody.

Career CIO Wanted Counselor IT Events Calendar Movers & Shakers Research & Polls CIO Research Rpts Quick Poll Tech Poll Reports & Guides CIO Bookmark Reading Room Special Reports Compliance

The Real Meaning of the Term So what’s the real meaning of the term? All of the above. Governance means all the processes that coordinate and control an organization’s resources and actions. Its scope includes ethics, resource-management processes, accountability and management controls. Implementing Governance With this broadly defined challenge, what should CIOs do about governance? Let’s first look at what doesn’t work.... In many cases, governance has been implemented in a narrow and often harmful way—as oversight through steering committees and auditors. The results are generally bureaucratic, imposing convoluted approval processes on already-burdened organizations. Heavy-handed, top-down controls squelch entrepreneurship, bog organizations down and drive administrative costs up. Admit it, the last thing we need is more bureaucracy! Fortunately, oversight is not the only mechanism of governance. Oversight prevents people from doing the wrong thing, be that making a bad investment or disregarding

25/04/2005 09:49

Beneath the Buzz: Governance - Beneath the Buzz - Leadership RC - CIO

2 sur 5

Leadership Agenda RITLAB State of the CIO Partner Domains Webcasts White Papers

http://www.cio.com/leadership/buzz/column.html?ID=2687

ethics and law. But why is oversight needed? Why do people do the wrong things and hence need to be controlled? Organizations generate signals that guide everybody’s behavior. Most leaders recognize the power of metrics, but signals also come from an organization’s culture, structure, resource-management processes and methods. When these signals are poorly designed, people do the wrong things and oversight is needed to catch them. As an alternative to oversight, leaders can adjust the signals within an organization so that people automatically do the right things in the first place. This systemic approach creates an environment where staff are empowered and entrepreneurial, yet behaviors and resources are controlled and well coordinated.

Product Finder About Us Advertise at CIO Conference Info Editorial Calendar

Look at the way the real world works. In a market-based economy, entrepreneurs naturally please customers and manage suppliers because that’s what it takes to succeed. The need for auditors and police is minimal, and certainly does not extend to daily management decisions. Systemic governance is less costly, more comprehensive, empowering, flexible, and highly responsive since everybody is continually adjusting their behaviors to the needs of the situation. Oversight should only be used as a last resort, when systemic governance just can’t ensure sufficient control.

Editorial Staff List Services News Bureau Reprints Sales

In practical terms, how can CIOs implement governance systemically? Ethics and Integrity Ethics and integrity can be treated through culture. Contrary to popular beliefs, culture is one of the easiest things for a CIO to change. The key is focusing on behaviors rather than values. To change culture quickly, leaders document all the desired behaviors (practices), then roll them out with education, modeling and metrics.

Related Sites CSO

When the right behaviors are well defined and widely practiced, then even when one person slips, others around him or her are there to catch the organization before it falls into dangerous practices.

CMO Darwin IDG Network Feedback to CIO © CXO Media Inc.

Resource Governance The IT organization is a business within a business, serving customers throughout the company (its market) with a range of products and services. In this context, the resource-governance processes within organizations can be considered an “internal economy.” Most of us believe in market economics outside the office. The same principles can be applied within organizations. Instead of bureaucratic hurdles, market economics provide the most effective approach to resource governance. See Beneath the Buzz: Portfolio Management for one model for this. IT budgets can be treated as accounts that belong to clients, put on deposit at the beginning of each year in order to buy IT’s products and services all year long. When clients manage these, their expectations are more likely to match available resources. Meanwhile, IT is empowered (like any entrepreneur) to manage its business without clients’ meddling. It can decide its cost structure, including setting aside time and money for sustenance activities like training and product research, as long as its prices remain competitive. And it can invest in its infrastructure (with funding approved by its chain of command, not by clients) to provide reliable services now and in the future. Accountability Accountability depends on a healthy structure. Good organizational structure defines jobs based on the lines of business within the IT organization (not old-fashioned roles, responsibilities and tasks). It defines what groups “sell,” not what they do. Structuring around lines of business establishes individual accountability for results—the products and services delivered to customers both in the business units and within IT itself. As with ethics, personal accountability can be reinforced through culture. An organization’s culture can define the behaviors of empowerment that manage people by results rather than by telling them what to do. Controls Controls go beyond resource governance and individual accountability. Particularly where an IT function is decentralized, corporations are concerned about compliance with product standards to gain bulk-purchasing discounts, and with architectural standards and policies to ease systems integration. Again, the best form of governance is systemic. The only reason decentralized IT staff would deviate from corporate directives is if it’s in their parochial best interests to do so. The answer is not to demand altruism (self-sacrifice for the greater good) and then attempt to enforce it (a losing battle). Instead, business units should benefit from corporate coordination. For example, if corporate staff offer products at a price that’s lower than what business units could buy independently, then business-unit staff will naturally buy through corporate IT. When corporate IT staff view business units as clients and approach them in a customer-focused manner, they build voluntary consortia to get bulk-purchasing discounts. And they don’t antagonize clients who choose to pay more for products that are non-standard but better fit local needs. As to standards, it’s reasonable for corporate executives to demand that business units submit data (such as financials) in a standard format. With this as a management requirement, standardizing IT protocols becomes the most cost-efficient way to get the job done. The Result The result of systemic governance is an IT department that empowers clients to choose what they’ll buy and then delivers on its promises. It is customer focused, and produces good value while investing in its own capabilities to ensure its future viability. And systemic governance empowers staff without any loss of control. This kind of organization doesn’t need committees to oversee it, complex approval processes to make sure clients aren’t asking for things they don’t really need, or inflammatory attempts to disempower corporate or decentralized IT staff. With a systemic approach to governance, people naturally do the right things because the “rules of the

25/04/2005 09:49

Beneath the Buzz: Governance - Beneath the Buzz - Leadership RC - CIO

3 sur 5

http://www.cio.com/leadership/buzz/column.html?ID=2687

game” are set up that way. Dean Meyer helps IT leadership teams design high-performance organizations. Author of six books, numerous monographs, columns and articles, he brings innovative systematic approaches to what others consider the “soft” side of leadership. Contact him at [email protected] or visit his website for information that can help you implement these ideas, or with suggestions for other buzzwords to analyze in future columns.

Readers Viewpoint Missing the Point: Markets Require Some Governance Posted: APR 04, 2005 03:21:33 PM

A recent CFO.com article concerning SOA governance points out the need for governance; "without some governance, "You end up with what I call meta-spaghetti," says consultant John Hagel — an incoherent mess of services that are difficult to reuse and generate escalating maintenance and support expenses. That’s because while individual services may possess remarkable plug-and-play and reuse capabilities, companies are best served by developing them with some sort of big-picture view in mind versus endless ad hoc development. If three different business units build or buy a service that wraps some level of security around a given process, for example, that’s potentially far less efficient than the company agreeing at a high level how security will be addressed." How would business units solve this problem without governance? IT Security - Healthcare Posted: MAR 09, 2005 12:14:00 PM

Would like to see a good analysis of the status of security in Healthcare with focus onwireless and VPN technology Governance of IT Security Posted: MAR 05, 2005 08:19:26 AM

I suggest publishing an article on the governance of the nation’s IT security following the criteria Dean set forth. Focus on enterprise executives, government executives, and Congressional staff oversight. Let’s see where the gaps are. Don O’Neill Executive Vice President Center for National Software Studies Don O''Neill Executive Vice President Center for National Software Studies

Regulation Posted: MAR 02, 2005 04:53:41 PM

Interesting approach, but can you say whether "this kind of organization" will need regulation to include externalities in its governance structure? And if not, how long does it take for externalities to become internalized in governance? Davi Ottenheimer Director of Information Security West Marine

Voice your opinion. Hello Jeff David. If you are not Jeff David click here. Subject: Comments:

First Name: Jeff Title:

Last Name: David Organization:

25/04/2005 09:49

Beneath the Buzz: Governance - Beneath the Buzz - Leadership RC - CIO

4 sur 5

Email: [email protected]

http://www.cio.com/leadership/buzz/column.html?ID=2687

j Yes n k l m i No j k l m Anonymous post? n Anonymous posts will not display any personal information, but you must include your full real name and e-mail to post; unsigned submissions are deleted.

Submit Comment

All fields are required. CIO.com Comment Policy

Sponsor Content

CIO Partner Domain

Webcasts

The Information Edge Make Enterprise Data Mobility a Reality — Today Increasingly, business is happening at the edge. So why is your vital data stuck in the back office? Join Sybase, Intel and Cingular to learn how you can mobilize your data and create an information edge.

White Papers

IPLocks: The Enemy Is Among Us. Securing Data from the #1 Threat

Mobile and Wireless Application Options

Lucent: VoIP: Know the Risks So You Can Reap the Rewards

The Truth About IT Governance

HP White Paper VoIP—Know the Risks; Reap the Rewards

Make Enterprise Data Mobility a Reality — Today

VoIP—Know the Risks; Reap the Rewards

Oracle: Grid computing is a vehicle to extend the life of existing assets

Data Warehouse Technologies: an Architectural Comparison

Broadvision: Self-Service Portal: Convergence of Productivity & Profitability

Adobe Electronic Document Security Partner Domain

All CIO White Papers

Are Blade Servers too Hot to Handle? Strategies for Optimal Network-critical Physical Infrastructure

How Secure is Your Data? Control Information from Creation to Distribution. Visit the Electronic Document Security Partner Domain. See the latest solutions, presentations, whitepaper and much more

All CIO Webcasts

IDG ENTERPRISE NETWORK

• NetApp launches expanded NAS line Infoworld Staff

• IBM, BEA lay out new Java specs -

• Please persecute us, cry Wi-Fi

• NYSE merger won't lead to IT

• Cooling the data centre

• Shark Tank: Now you know how users

suppliers

Infoworld Staff

makeover

»More

feel about work-arounds

»More

»More

SPONSORED LINKS: Data warehouse technologies: an architectural comparison. Learn more! Self Service Portal: Convergence of Productivity & Profitability Top 10 Trends in Business Intelligence and Data Warehousing for 2005 Download an IDC white paper on IT-business alignment. Go! Are you ready for a global explosion in teleworkers? Avaya is. Align IT with business goals. Introducing PlanView Enterprise. Preventing Client/Vendor Mismatch: click here to learn more Dated: February 28, 2005 http://www.cio.com/leadership/buzz/column.html?ID=2687 About CIO.com | Welcome | Privacy Policy | Terms of Service | Linking to us CIO.COM complies with the ASME Guidelines with IDG extensions for new media.

© 1994 - 2005 CXO Media Inc. An International Data Group (IDG) Company

25/04/2005 09:49

Beneath the Buzz: Governance - Beneath the Buzz - Leadership RC - CIO

5 sur 5

HOME CURRENT ISSUE ARCHIVE

http://www.cio.com/leadership/buzz/column.html?ID=2687

About CIO :: Advertise :: Subscribe :: Conferences

Reprints, IDG Network, Privacy Policy

THE IDG NETWORK CSO :: CMO :: Darwin :: Computerworld :: Network World :: Infoworld :: PC World :: Bio-IT World IT Careers:: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp

Problems/complaints/compliments about this site can be sent to [email protected].

25/04/2005 09:49