IS GOVERNANCE
CRAFTING INFORMATION
TECHNOLOGY
GOVERNANCE
Ryan Peterson
IS GOVERNANCE
how much we were spending on the business.” Larsen and the IT function at some point in time. As
wanted to cut IT costs dramatically, but he also want- business models and IT become virtually insep-
ed oversight reform. Johnson & Johnson required a arable, managing their integration and coevolu-
complete “IT governance overhaul.” tion involves putting the right people in the
That morning Heisen left the office with a new
right place to understand and take direct re-
job — as CIO — and a mission: standardize systems,
sponsibility for making sure the organization
E xecutives
cut IT costs, increase IT value, and align IT with the
business, this within the global and decentralized
culture of Johnson & Johnson.
meets its strategic goals, and that all efforts, in-
cluding IT, are directed toward that end. Exec-
recognize that utives recognize that “getting IT right” this time
“getting IT will not be about technology, but about
(shared) IT governance.
right” this Much like an elephant, or any other large Nevertheless, how to govern IT for
time will not living organism, IT governance is a complex sustained value remains an enduring and chal-
be about system, involving different business and IT lenging question. How can the IT function best
stakeholders with specific perceptions, views, support a complex organization, such as
technology, but goals, and motivations. Similar to the blind Johnson & Johnson, composed of diverse oper-
about (shared) men, these stakeholders have specific interests ating business units? What and how much
IT governance. and stakes in IT, and although each constituen- should be standardized, while still being able to
cy may be correct in pursuing its own strategic respond to the specific needs of the different
objectives, their “single blinded” focus impedes lines of business and strategic divisions? How
effective governance of IT. Rather than being do we design a simultaneously transparent, ef-
just transparent, one of the key challenges in ficient, and flexible model for IT governance?
contemporary organizations is including cer- And more important, how do we make it func-
tain “degrees of flexibility” within the design of tion effectively? At the heart of Johnson &
IT governance. Johnson’s quest, as in many other organiza-
This article presents a holistic view of IT tions, has been a need to find answers to tough,
governance, and discusses the requisite inte- almost timeless, questions of governance: how
gration capabilities for effective IT governance to organize for diversity and differentiation
architectures.1 A single case (Johnson & while preserving integration and unity of direc-
Johnson) will be used to illustrate the challenges, tion? How to promote local innovation, yet
problems, and processes associated with IT gov- reap the benefits of scale and scope? And how
ernance design in complex contemporary orga- to control and empower?
nizations.
Beyond Centralization versus
Decentralization
THE IT GOVERNANCE PHENOMENON Similar to corporate governance, IT gover-
It is a truism that chief executives have experi- nance is a topic that has recently been redis-
enced many failures and disappointments with covered. The rich vocabulary emerging from
IT-enabled business transformations. Expecting the literature is like a terminological jungle in
strategic value from innovation, they have in- which any newcomer plants a seed. In line
stead experienced project cancellations, busi- with our understanding of corporate gover-
ness disruptions, rising customer churn, nance and previous studies (Luftman and Brier,
decreasing shareholder value, and many other 1999; Sambamurthy and Zmud, 2000; Weill,
disappointments, including losing their jobs. 2004), IT governance is defined as:
Corporate responsibility, business sustainabili-
the distribution of IT decision-making
ty, and governance reform are currently high
rights and responsibilities among enter-
on the strategic agenda in many companies.
prise stakeholders, and the procedures
The growing scrutiny over shareholder inter-
and mechanisms for making and moni-
ests, lingering economic growth, and corpo-
toring strategic decisions regarding IT.
rate performance have also prompted renewed
soul-searching and interest into the “transpar- IT governance is thus the enterprise man-
ent” and effective governance of IT. agement system through which an organiza-
Boards and business executives have come tion’s portfolio of IT systems is directed and
to recognize that whereas traditionally they controlled. The foregoing interpretation al-
could delegate, avoid, or ignore IT decisions, ludes to several IT governance “myths” that
today they cannot conduct production, exist — and still persist — which need to be
marketing, or R&D without depending on IT dispelled if we are to move forward. One way
8 W W W . I S M - J O U R N A L . C O M
F A L L 2 0 0 4
ISMFall2004Book Page 9 Tuesday, August 17, 2004 9:37 AM
IS GOVERNANCE
IS GOVERNANCE
Business
and IT Investments
C F F D
IT Propositions
Applications
Shared
Services/ C F F D
Architecture
Technology
Components/ F C C D
Platform
C od
IT ede
B ede
D od
en e
us r
ec e
-C r
C: Centralized
M
M
en al
en l
tr l
in al
D: Decentralized
al
es M
tr Mo
tr
iz
ic d
al
s- od
F: Federal
ed
iz
C el
ed
en
tr
el
ic
classical “centralization versus decentralization” strategic business units (SBU), the structure is
debate.2 Yet, IT governance is not (only) about described as a completely decentralized IT gov-
centralization or decentralization. ernance model.
In general, and all other factors being equal,
centralization leads to greater specialization,
IT Governance Models and Value Drivers
economies of scale, consistency, and standard-
The terms centralization and decentralization
ized controls, whereas decentralization en-
provide a dichotomy that is meaningless when
ables business control, a sense of business
applied as a generality to IT and IT governance.
ownership, and provides greater responsive-
Instead, as other researchers have pointed out,
ness and flexibility to business needs (see Table
centralization and decentralization can be ap-
1). However, excessive flexibility under decen-
plied to each of the main elements in the port-
tralization may lead to variable standards,
folio of IT (i.e., IT investments, IT applications, which may ultimately result in lower flexibility.
IT services, IT components), yielding distinct On the other hand, specialization under cen-
patterns in the governance of IT (see Figure 2). tralization incurs specific strategic risks due to
In a centralized IT governance model, cor- bounded rationality and information overload.
porate and senior-level executives have deci- A political view of IT governance suggests,
sion-making authority for IT investments, however, that the debate concerning central-
which include: ization versus decentralization is used primari-
❚ Business applications: IT applications prior- ly to further the goals of specific stakeholders,
itization and planning, budgeting, and the in ways that might not help to meet enterprise
delivery/maintenance of business-specific goals (Simon and Barnard, 1961; Cyert and
application services March, 1963). Recall the six blind men and the
❚ Shared services/Architecture: knowledge of elephant: there are important differences
business processes and functions with IT among stakeholders within the enterprise,
infrastructure capabilities along the com- leading to the presence of conflict and dis-
plete IT systems development life cycle, and agreement over goals and the allocation of stra-
IT architecture standards for data, applica- tegic resource (including IT).
tions, and technology These stakeholders represent different
❚ Technology components/Platform: hardware/ groups or individuals that influence, and are af-
software platforms, networks, and the stan- fected by, decisions regarding IT. Power strug-
gles, political turbulence, and cultural clashes
dards for procurement and deployment of IT
are endemic to the governance of IT, and the
resources
question is more often “whose way is it going
When all IT decision-making authority is al- to be,” rather than “which way is the best.” Al-
located to different lines of business (LoB), sep- though not always explicitly recognized, docu-
arate (global) business divisions (GBD), or mented, and/or understood, conflict resolution
10 W W W . I S M - J O U R N A L . C O M
F A L L 2 0 0 4
ISMFall2004Book Page 11 Tuesday, August 17, 2004 9:37 AM
IS GOVERNANCE
and coalition building are key processes for the tion on the other. Business and IT executives
effective functioning of any type of IT gover- have come to recognize that they need to meet
nance model (Peterson, 2001). the demands of customized, high-quality IT
In addition to politics, the potential risk in products and services, and they need to stan-
contemporary business environments is that ei- dardize and achieve cost- and time-compres-
ther centralization or decentralization “fixes” sion in order to meet enterprisewide needs in
(and fixates) the organization into a rigid pos- an efficient, reliable, and effective manner (see
ture.The challenge thus is to balance the bene- Table 2).
fits (and costs and risks) of centralized and The degree to which organizations can
decentralized IT governance. Over the past de- achieve these competing demands is a measure
cade many, if not most, organizations have set of an organization’s strategic flexibility, that is,
out to achieve the “the best of both worlds” by developing differentiated capabilities to proac-
adopting a federal IT governance model (Peter- tively respond in an integrated manner to unan-
son, 2001; Sambamurthy and Zmud, 1999; ticipated changes (Hitt et al., 1998). Rather
Weill, 2004). than being just efficient and transparent, one of
Under federal IT governance, IT infra- the key challenges in contemporary organiza-
structure — technology supply — decisions tions is the inclusion of certain “degrees of flex-
are centralized, and IT application — technolo- ibility” within IT governance. Strategic flexibility
gy usage — decisions are decentralized (Brown for IT governance involves addressing multiple
and Magill, 1998). The federal model, however, value drivers (Agarwal and Sambamurthy, 2003;
is not a monolithic structure. Different patterns Peterson et al., 2000), including:
of differentiation exist within the federal IT
❚ The provisioning and servicing of cost-effec-
governance model: IT-centric federal models
tive, scalable IT infrastructures and IT opera-
and business-centric federal models (as shown
tions that enable cycle time improvement
in Figure 2). In an IT-centric federal model, the
and streamlined, enterprisewide business
corporate IT executive is responsible for IT net-
processes
works and IT infrastructure development deci-
❚ The development and delivery of integrated
sions, and (divisional) IT management (e.g.,
IT solutions that facilitate business respon-
Division Information Officer) is responsible for
siveness to customer demands in a rapid and
business application service decisions. In a
efficient manner
business-centric pattern, divisional business
❚ The realization of enterprise value in terms
executives play a leading role in business appli-
of operational, product, and customer excel-
cation decisions. The key to understanding the
lence, and sustainable financial growth
difference between the IT-centric and business-
centric federal models is the level of involve- Value-added IT governance focuses on ex-
ment and participation of business executives celling in a specific value dimension, yet main-
in IT decision making. tains threshold standards on other dimensions
Although traditionally focused on either ef- (Peterson, 2001). Contemporary IT gover-
ficiency or flexibility, often in a sequential man- nance cannot afford to focus on service infra-
ner (sometimes leading to a continuous structure at the expense of solution
“pendulum swing” between centralization and integration, or vice versa. Furthermore, strate-
decentralization), today IT governance faces gic innovation is difficult, if not impossible, to
the dual demands for flexibility and speed on achieve without some baseline performance in
the one hand, and efficiency and standardiza- service infrastructure and solution integration.
I N F O R M A T I O N S Y S T E M S
F A L L 2 0 0 4
M A N A G E M E N T
11
ISMFall2004Book Page 12 Tuesday, August 17, 2004 9:37 AM
IS GOVERNANCE
Description Providing reliable IT operations and Offering business leading-edge IT Targeting business value drivers, and
services, delivered with maximum products and services that tailoring offerings that supersede
reliability and availability. consistently enhance and integrate the demands of the business and
the business’ use of products and its clients.
services.
Focus and Provisioning of IT utilities Strategic analysis of business needs Focus on ways IT leverages business
indicators Provide reliable, cost effective, and for innovative IT solutions, deciding competencies and relationships
secure IT services on new applications, and Ensure IT has a business value focus
Manage synergies across the integrating IT with business on operational, product, and/or
corporation processes, products, and /or customer excellence (e.g.,
Manage IT infrastructure standards services business process integration,
Implementation of enterprise IT Focus on ensuring timely and cost- reduced transaction costs,
architecture standards effective delivery of IT applications improved time-to-market, improved
IT infrastructure availability and IT business support and IT customer satisfaction and
reliability responsiveness retention, revenue growth,
Develop IT infrastructure flexibility improved ROA, profitability)
and scalability
Consider, for example, the case of Johnson policy.“I would get ‘190 land mines’ in any given day.
& Johnson: the competing drivers toward im- Some business units would try to convince me they
proving cost efficiencies and IT standardiza- could not adopt some corporate technology stan-
tion, yet also business responsiveness and IT dards, or share the costs of upgrading the infrastruc-
ture.” Originally, Johnson & Johnson hoped to
innovation, led Johnson & Johnson to adopt a
create a single centralized strategy, but soon they re-
federal IT governance model. The complexity
alized that only a federal arrangement would work.
of this global business would dictate a decen- Johnson & Johnson has a clear and present IT
tralized model, which was the traditional IT governance challenge. The 100-year-old company
governance approach. Yet, the need to cut consists of multiple distinctive business units. Each
costs, standardize IT, and improve IT perfor- unit is led by a president or managing director,
mance led Johnson & Johnson to centralize IT which gives each of these leaders operational auton-
infrastructure decisions (as described in more omy.Yet at the same time, Johnson & Johnson needs
detail in the following case). to ensure that each of the units maintains the com-
pany’s high standards and reputation. For IT and the
CIO, this means “walking the tightrope” and precar-
iously balancing and managing corporate control
versus business autonomy.
Johnson & Johnson Case:
Evolving to Federal IT Governance 2
Although the implementation of the federal IT gov-
ernance model has paid off for Johnson & Johnson The case of Johnson & Johnson illustrates
(e.g., cheaper maintenance costs, eliminated dupli- how IT governance is subject to the pulls and
cate IT developments, enhanced pharmaceutical pressures of multiple, rather than singular, stra-
R&D, improved time-to-market for new products, tegic forces (Brown and Magill, 1998; Samba-
and profit growth), and they have been able to de- murthy and Zmud, 1999), and why conflict
velop unprecedented levels of cooperation among resolution, negotiation, and coalition building
traditionally independent business units, it was a are essential to IT governance (Peterson,
perilous and painstaking transformation. With over 2001).
200 operating units in 57 countries, and 109,000 As this case illustrates, the federal IT gov-
employees providing services to more than 175 ernance model challenges managers in local
countries, the challenges for restructuring IT gover-
business units to surrender control over certain
nance at Johnson & Johnson have been formidable.
Earlier attempts to (re-)centralize IT failed due to
business-specific IT domains for the well being
cultural barriers and business’ resistance to change of the enterprise, and to develop business-to-
and relinquish IT control. According to the CIO, af- corporate and business-to-IT partnerships
ter designing the new federal IT governance struc- (Brown, 1999). The challenge is to control IT
ture, it was hard getting all of the business units to decision making, yet empower different stake-
go along with some of even the simplest changes in holders to take responsibility for IT decisions.
12 W W W . I S M - J O U R N A L . C O M
F A L L 2 0 0 4
ISMFall2004Book Page 13 Tuesday, August 17, 2004 9:37 AM
IS GOVERNANCE
IS GOVERNANCE
al., 2000). With the profusion of electronically trust and a willingness to work together be-
enabled, globally operating organizations, char- tween business and IT stakeholders (Hender-
acterized by a multiplicity of value drivers in son, 1990). The above three capabilities are
dynamic business networks, the best CIOs summarized in Table 4 and are described in
and/or SLAs will not suffice in designing effec- some detail below.
tive IT governance architectures.
Instead, IT governance needs to focus on
1. Structural IT Governance Capability
Horizontal Integration Capabilities (HICs),
This capability includes structural (formal) de-
which describe the ability to coordinate and in-
vices and mechanisms for connecting and en-
tegrate formal and informal IT decision-making
abling horizontal, or liaison, contacts between
authority across business and IT communities
business and IT management (decision-mak-
(Brown, 1999; Peterson et al., 2000). IT gover-
ing) functions (Brown, 1999; Peterson et al.,
nance capabilities refer to the (cross-function-
2000). In general, structural capability takes
al) managerial ability to direct and coordinate
the shape of formal positions and (integrator)
the multifaceted activities associated with the
roles, and/or formal groups and (management)
planning, organization, and control of IT.
Although traditionally described as simply a team arrangements (see Table 4). Formal posi-
form of mutual adjustment, today HICs repre- tions and liaison roles refer to individuals who
sent the most significant new development in are formally appointed to manage the coordina-
IT governance practices (Hitt et al., 1998; Gal- tion within and between organizational func-
braith, 1994). HICs can be classified according tions. CIOs and DIOs are examples of formal
to three distinct IT governance capabilities:3 positions that manage the IT function and its
coordination with the business at both corpo-
❚ Structural capability (connection) rate and divisional levels.With increasing levels
❚ Process capability (coordination) of IT outsourcing, many external IT manag-
❚ Relational capability (collaboration) ers/vendors are now also playing a key role in
Structural, process, and relational IT gover- the coordination between business and IT.
nance capabilities describe a layered system of Liaison roles focus explicitly on managing
successively higher levels of horizontal integra- the integration of decision-making processes
tion capability (Peterson et al., 2000). HICs across business and IT units. Numerous roles
consist of a composite of connection, coordi- fulfill this function, including IT relationship
nation, and collaboration mechanisms. Con- managers (from a business perspective), IT ac-
nection and coordination describe the formal count managers (from an IT perspective), IT
structures and processes used for information client managers (from an IT perspective), and
exchange and communication, whereas collab- IT vendor managers (from an external IT per-
oration describes a participative and collabora- spective).The use of liaison roles helps IT man-
tive element of integration, corresponding to agers to develop an improved understanding of
14 W W W . I S M - J O U R N A L . C O M
F A L L 2 0 0 4
ISMFall2004Book Page 15 Tuesday, August 17, 2004 9:37 AM
IS GOVERNANCE
business needs, and enables proactive behavior malized decision-making methodologies and
by business managers (Peterson et al., 2000; management frameworks, such as balanced
Ross et al., 1996). scorecard tools, cost-benefit analysis, charge-
Formal groups and managerial team ar- backs, and service level agreements. An essen-
rangements describe horizontal integration tial activity within process capabilities is the
structures for coordinating IT decision making monitoring and tracking of IT performance in
A lthough
across business and IT management functions.
Committees and/or executive teams can take
terms of service delivery and business benefits
realization. These “ex-post” activities comple-
structural and the form of temporary tasks or can alternatively ment and complete the IT investment manage-
process be institutionalized as an overlay structure in ment process.
the organization in the form of executive IT Process capabilities focus on the integra-
capabilities councils. Committees vary in the degree to tion of business and IT decisions, or the align-
are necessary, which they have an advisory function or have ment of strategic IT investments with the
they are formal decision-making authority. Steering strategic goals and objectives of the firm. In
committees are often referred to as advisory, re- terms of IT decision-making process integra-
insufficient for view, or guidance committees, and may in- tion, organizations differ in the degree to
designing clude external stakeholders, such as IT which business and IT decisions are integrated.
effective IT consultants and/or IT vendors. Contrary to spe- In general, four levels of IT decision-making
cialized task forces, executive IT councils and
governance process integration are distinguished (Teo and
advisory boards bring together different stake-
architectures King, 1999):
holders on a relatively permanent basis.
in complex The use of competence and expertise cen- ❚ Administrative integration, in which bud-
ters, such as centers of excellence, are an es- gets and schedules are pooled between busi-
and dynamic
sential element of structural capability. ness and IT
environments. Competence and expertise centers pool ❚ Sequential integration, in which business
knowledge from different functional areas, and decisions provide directions for IT decision
focus on developing organizationally valued making
skill sets (business and IT), including project ❚ Reciprocal integration, in which business
management, system development, and E-com- and IT decisions are mutually influential
merce innovation. Expertise centers are also ❚ Full integration, in which business and IT
used for career-developing purposes, and re- decisions are concurrently made in the same
flect the structural need to develop competen- process
cies and economies of scope in areas pertinent
Structural and process IT governance capa-
to the governance of IT (Peterson, 2001).
bilities tend to be mandatory, tangible, and of-
ten implemented in a top-down manner.
2. Process IT Governance Capability However, research indicates that although
This capability is the formalization and institu- structural and process capabilities are neces-
tionalization of strategic IT decision making or sary, they are insufficient for designing effec-
IT monitoring procedures (Peterson et al., tive IT governance architectures in complex
2002). Process capabilities vary with levels of and dynamic environments (Peterson et al.,
comprehensiveness, that is, the degree to 2000). In contrast, relational capabilities are
which IT decision-making/-monitoring activi- “voluntary” actions that cannot be “pro-
ties are systematically and exhaustively ad- grammed”; they are often intangible and tacit.
dressed.This involves (a) the identification and
formulation of the business case and/or busi-
ness rationale for IT decisions; (b) the prioriti- 3. Relational IT Governance Capability
zation, justification, and authorization of IT This capability is the active participation of,
investment decisions; and (c) the monitoring and collaborative relationships among, corpo-
and evaluation of IT decision implementation rate executives, IT management, and business
and IT performance (Henderson and Lentz, management (Peterson et al., 2000).The key to
1996; Luftman and Brier, 1999; Weill and Broad- relational capability is the voluntary and collab-
bend, 1998). orative behavior of different stakeholders to
Process capabilities describe the degree to clarify differences and solve problems, in order
which IT decision-making/-monitoring fol- to find integrative solutions. Relational capabil-
lows specified rules and standard procedures. ity allows an organization to find broader solu-
These procedures are often embedded in for- tions, and unleashes the creativity involved in
I N F O R M A T I O N S Y S T E M S
F A L L 2 0 0 4
M A N A G E M E N T
15
ISMFall2004Book Page 16 Tuesday, August 17, 2004 9:37 AM
IS GOVERNANCE
W hat was
relational integration include direct (informal)
contacts, lobbying, (informal) negotiation,
both the differentiation and integration of IT
decision making across business and IT stake-
once a joint performance incentives and rewards, holder communities, and underscores the need
fragmented colocation of business and IT managers, and to address both the allocation of formal IT deci-
the creation of “virtual meeting points” for sion-making authority and the coordination of IT
system of business and IT managers. decision-making expertise and influence. The
completely Relational capabilities also describe the case following summarizes how these IT capabil-
independent IT strategic dialogues and shared learning be- ities have evolved at Johnson & Johnson.
tween principal business and IT stakeholders.
businesses has
Strategic dialogue involves exploring and de-
now — after bating ideas and issues before, or outside of,
many hard formal IT decision making. A strategic IT dia- Johnson & Johnson Case:
logue incorporates a wide range of initially un- IT Governance Capabilities
lessons — been
structured business perspectives and IT views, Six years into its IT governance reform, Johnson &
turned into a and involves rich conversation and communi- Johnson has made a significant turnaround in IT gov-
loose but cation to resolve diverging perspectives and ernance policies and practices. What was once a
stakeholder conflicts. fragmented system of completely independent IT
coupled IT
The essence of relational capability is the businesses has now — after many hard lessons —
governance integration of domain-specific expertise and been turned into a loose but coupled IT governance
system. system.
tacit knowledge. Shared learning develops
Johnson & Johnson still adheres to its philoso-
when people in close collaboration enact a phy of respecting diversity, but it is learning to ac-
“single memory,” with differentiated compe- knowledge the benefits of sharing. Combining the
tencies and responsibilities (Weick and Rob- maxims of differentiation and integration, Johnson
erts, 1993). Identifying acceptable solutions to & Johnson has improved its strategic flexibility for
ambiguous problems in complex and dynamic competing in a highly dynamic, knowledge-inten-
environments requires the collaboration of dif- sive, and globally competitive environment.
ferent stakeholders, working with different ref- In the current IT governance model, IT infra-
structure, network, and architecture decisions have
erence models (mental models) and offering
been centralized. The corporate IT headquarters
different insights. Shared learning is inherently now makes strategic IT decisions with regard to, for
dynamic, and results in coordinated decision example, enterprise IT services and standards, secu-
making and collaborative relationships, which rity, servers, and enterprise operating systems. Data
are particularly relevant and beneficial when the standardization occurs per line of business or busi-
need for reliability is high and decision making is ness group, in which a strategy council oversees
nonroutine (Weick and Roberts, 1993). business process applications and services. Consis-
Research indicates that when business and tent with its multi-level structure of executive and
IT managers understand each other’s perspec- group operating committees, Johnson & Johnson
has mirrored this structure in its (business-centric)
tives in IT decision making, they can accurately
federal IT governance model (see Figure 4).
interpret and anticipate actions, and coordi- The executive committee is the principal man-
nate adaptively (Peterson, 2001). Within the agement group responsible for the operations and al-
context of IT governance, shared learning de- location of strategic resources. Members of the
scribes the mutual understanding of business executive committee serve as chairmen of group op-
and IT objectives and plans by business and IT erating committees (i.e., Consumer, Pharmaceutical,
executives (Reich and Benbasat, 1996). Mecha- and Medical Devices & Diagnostics businesses),
nisms that support shared learning include stra- which are comprised of managers who represent
tegic dialogues between business and IT key operations within the groups, as well as manage-
ment expertise in other specialized functions.These
executives, active conflict resolution, strategic
committees oversee and coordinate the activities of
coalition building, cross-functional business–IT domestic and international units. Each unit is head-
training, and cross-functional business–IT job ed by an executive who reports directly to a group’s
rotation or job transfers (Brown, 1999; Peter- operating committee, thus creating a “linking-pin”
son et al., 2000). structure (see Table 5).
16 W W W . I S M - J O U R N A L . C O M
F A L L 2 0 0 4
ISMFall2004Book Page 17 Tuesday, August 17, 2004 9:37 AM
IS GOVERNANCE
Before After
Line of Line of
Business Business
IT Integrated IT Integrated
Solution Solution
Teams Teams
Integrated Integrated
Solution Solution
Line of Teams Line of Teams
Business Business
IT IT
CIO with business acumen Identification and Identify key (business) stakeholders and
IT task forces and (advisory) formulation business and involve in IT decision-making
committees IT imperatives ‘Management by wandering around’
Strategy groups Procedures to handle Active involvement by key stakeholders
‘Virtual’ middle-management exceptions Actively manage cultural resistance
layer based on knowledge IT investment management Negotiation and active conflict resolution:
and expertise IT performance tackle problems head-on.
IT solution teams management and Incentives and rewards for collaboration
IT relationship managers benchmarking Shared understanding of business/IT
Centers of competence and IT benefits management objectives
excellence SWOT analysis of groups Informal and formal business–IT
IT professionals as business and units relationships
partners Discuss different scenarios Replace corporate staff where necessary
Share expertise and create Shared IT performance Appoint executive mentoring for IT staff
economies of scope database Job promotion and rotation
Performance system
Business/IT ‘virtual connection’
Cross-functional business/IT leadership
development
IS GOVERNANCE
IS GOVERNANCE
IT Value Drivers
Service
Infrastructure
Solution Strategic
Integration Innovation
IT Governance
Assessment
IT Value
IT
Delivery
IT Business
Innovation Impact
are involved in IT decision making, the need value drivers and the organization’s IT value
for relational capabilities becomes a sine qua realization (i.e., to what extent these value
non for IT governance effectiveness, as shown drivers have been realized or the extent to
in the case of Johnson & Johnson. In other which IT is contributing to business/finan-
words, relational capabilities are of utmost im- cial performance).
portance and relevance in federal models of IT ❚ Horizontally (right-to-left), the ITGAP
governance (Peterson, 2001). model depicts the IT governance architec-
ture consisting of:
– IT governance complexity and the differ-
IT GOVERNANCE ASSESSMENT
entiation of IT decision making; that is,
PROCESS (ITGAP) MODEL who has what authority and responsibility
The foregoing process of IT governance assess- to make decisions regarding the portfolio
ment describes a stepwise approach to diag- of key IT activities.
nosing IT governance effectiveness in terms of – IT governance capabilities and the inte-
IT governance value drivers, IT governance gration of IT decision making; that is,
complexity, and IT governance capabilities. what structural, process, and relational
The IT Governance Assessment Process Model integration mechanisms are used to coor-
(ITGAP model; Peterson, 2001) describes a ho- dinate IT governance.
listic, high-level assessment model of IT gover-
Answering the first question (complexity
nance architecture and effectiveness.4 The
and differentiation) provides a specific profile
ITGAP model is organized according to two ax-
of the IT governance model in terms of the dis-
es, as shown in Figure 6.
tribution and allocation of IT decision-making
❚ Vertically (top-down), the ITGAP model dis- authority and responsibility. Answering the sec-
tinguishes between the organization’s IT ond question (integration capabilities) provides
I N F O R M A T I O N S Y S T E M S
F A L L 2 0 0 4
M A N A G E M E N T
19
ISMFall2004Book Page 20 Tuesday, August 17, 2004 9:37 AM
IS GOVERNANCE
a description of the horizontal integration of two or three levels of oarsmen on both sides
mechanisms, and an assessment of the current of the ship. Oversight was in the hands and
level of horizontal integration capability eyes of the helmsman. However, the coordinat-
(HICs). ed actions, determination, physical strength,
The roadmap for assessing IT governance and commitment of the oarsmen provided the
effectiveness follows a four-stage procedure power, speed, and flexibility that were re-
(see Table 7). Following this roadmap for both quired to survive in a hostile and turbulent en-
the present and the future (desired state), pro- vironment.
vides a strategic assessment and audit of the Today’s companies also need to craft their
suitability of the existing IT governance archi- rigid IT governance arrangements into flexible
tecture, and identifies the strategic discrepan- IT governance architectures. IT governance is
cies, or gaps, with the future, desired position. less about who is vertically positioned to be in
Moreover, the results of the assessment pro- control, and more about the complementary —
vide a list of potential measures to redesign and business and IT — competencies an organiza-
improve the IT governance architecture (in tion possesses, and how it can integrate these
terms of IT governance complexity and IT gov- to develop the strategic flexibility required for
ernance capabilities). realizing and sustaining business value from IT
The assessment is important not just for the in a complex and dynamic environment (see
individual measures and/or solutions, but the Figure 7).Without integration, IT governance is
process through which the stakeholders (busi- sure to drift.
ness and IT) discuss and develop a shared view The organizing logic in the emerging IT
of the current and future IT governance archi- governance paradigm is characterized by a col-
tecture. Through this process, the early stages laborative network structure.
of a relational capability are developed, which
❚ Communication is more likely to be lateral.
will enable the development of future structur-
❚ Task definitions are more fluid and flexible
al and process integration capabilities.
and related to competencies and skills,
rather than being a function of organizational
CRAFTING IT GOVERNANCE FOR position.
TODAY’S TURBULENT ENVIRONMENT ❚ Business IT decision making is likely to be
Approximately 3000 years ago, the Greeks re- influenced by expertise rather than an indi-
designed their cargo and trading ships into flex- vidual’s (or group’s) position in the hierar-
ible and fast biremes and triremes, consisting chy.
20 W W W . I S M - J O U R N A L . C O M
F A L L 2 0 0 4
ISMFall2004Book Page 21 Tuesday, August 17, 2004 9:37 AM
IS GOVERNANCE
References
FIGURE 7. Emerging IT Governance Paradigm Agarwal, R. and V. Sambamurthy (2003). Principles
and models for organizing the IT function, MIS
Quarterly Executive, 1(1): 1–16.
Alter, A. (2001). Thinking out loud: Interview with
Control Collaboration JoAnn Heisen, CIO Insight, December.
Capabilities
Argyris, C. and D. Schon (1978). Organizational
Structures
IS GOVERNANCE
22 W W W . I S M - J O U R N A L . C O M
F A L L 2 0 0 4