An IT Governance Approach For Accelerating Modernization

When IT leaders find themselves in the hot seat, it’s usually because they’re confronted with one or more of the following questions:

• Why isn’t a particular piece of technology performing as expected?
• Why aren’t tech investments helping the business achieve its strategic goals?
• How did a data breach occur?

Having strong IT governance in place is the way to answer those questions and potentially avoid being asked in the first place.

What is IT governance?

Much like broader approaches that influence the way entire companies are run, IT governance is the set of policies and processes that guide everything from how your tech stack is built to how it is managed and used across the organization.

IT governance is also a good way to make modernizing the platforms and tools you’re using more straightforward. Instead of getting stuck in due diligence limbo—where there are umpteen questions and objections to address before you can purchase or deploy anything—IT governance gives you a framework that covers risk and focuses on delivering value.

People tend to nod their heads when IT governance comes up, but that doesn’t mean they’re necessarily doing anything about it.

IT governance challenges and barriers

According to data from Stamford, Conn.-based market research firm Gartner Inc., 89% of CEO and senior business executives say effective data, analytics, and AI governance is essential for enabling business and technology innovation. When Gartner dug a bit deeper, though, analysts found less than half (46%) report having strategic value-oriented KPIs associated with governance policy and procedures.

The most recent CIO Sentiment Survey from Cambridge, Mass.-based IDC shed light on some other IT governance challenges. Lack of support from line-of-business leaders was cited by 32%, followed by nearly 31% who said the C-Suite and board of directors were also proving resistant. Nearly as many said the same thing about trying to engage rank-and-file employees with IT governance issues.

You can understand why getting people excited about governance would be an uphill battle. First, it becomes a big undertaking just to put it in place. There are established frameworks like the IT Infrastructure Library (ITIL) and COBIT (a.k.a Control Objectives for Information and Related Technologies) but they’re very granular and can require significant training to use.

Then, there’s human nature, which can balk at the feeling of being controlled or working within a rigid set of rules and policies. Research from EY shows 77% of employers believe employees feel trusted and empowered by leaders, vs. only 57% of employees. IT governance could be seen as another example of an overly top-down, hierarchical approach to running an organization.

These barriers help explain why many organizations have been rethinking IT governance and how it’s applied.

Agile vs. adaptive governance

Agile governance follows the same line of thinking that inspired Agile software development practices. Instead of working on a monolithic application for months or even years, Agile dev teams work in sprints, constantly changing and improving the final application as they move along.

Similarly, agile governance goes beyond creating a laundry list of pre-defined controls everyone has to obey. It prioritizes collaboration with the people who will be affected by those processes and policies, creates interdisciplinary teams, and focuses on delivering results more quickly.

Over time, experts focused on this area have recognized that governance, IT or otherwise, can’t evolve within a bubble. Though the internal policies and rules you set up govern how IT is selected and used, external factors always have to be taken into account. These could include macroeconomic fluctuations, new competitors, or emerging industry regulations.

Adaptive governance essentially tries to blend traditional and agile governance so you can have the best of both worlds: established processes and policies developed by multiple business functions, regular feedback, and the ability to address changing conditions.

How to turn IT governance from a chore to a competitive advantage

The reality is that well-governed enterprise IT is based on being both agile and adaptive. That can only happen when you position it as less like a necessary evil and more like a way to accelerate growth.

When IT governance works well, it should be easier to work with buying committees and tick off all the boxes that make everyone feel comfortable with your chosen technology. That way, you can complete your due diligence and move forward with a project rather than have it perpetually on the back burner.

Here are some principles to keep in mind, whether you’re adopting one of the industry-standard IT governance frameworks or developing something more unique to your organization and its needs:

1. Create alignment around your organization’s risk appetite

A government organization might need to be extremely careful about who gets authorized to access IT platforms and tools and how data is collected and managed through them. A business in another sector might place a higher priority on moving faster than its rivals. Some enterprises need to be mindful of regulatory compliance, but others don’t.

Have this conversation early on with your senior leadership team to make sure they understand not only where technology touches critical operations but also how real the risks are. They need to balance what they want to achieve with avoiding the worst-case scenarios. This will help clarify whether you should be looking at platforms that build in DDoS protection and other security mechanisms.

2. Determine what should be centralized (and what shouldn’t)

IT governance has traditionally been centralized, where a select group of stakeholders set the rules and policies that affect the rest of the enterprise. This can slow down decision-making and make it difficult to adapt to the forces we touched on earlier. On the other hand, decentralized governance can create inconsistent processes among departments that manage IT in their own way.

Your best bet is to focus on what you want employees to achieve and what you want to lock down from a technology perspective. For example, Capgemini is a large firm, but it recognized that the many people involved in creating content needed a decentralized approach to publishing. Choosing WordPress VIP has made the Capgemini team more productive while removing administrative bottlenecks.

That said, there can be good reasons to lock down the ability to change a website’s design elements. That’s the thinking behind the WordPress VIP Block Governance Plugin, which restricts which blocks can be inserted into the block editor based on whatever design rules make sense.

3. Combine short-term delivery with long-term foresight

Those in various business functions probably want IT governance processes that let them get access to technology to address an immediate need, like growing traffic to the organization’s website or e-commerce revenue. If the policies and processes you’ve agreed upon are clear, getting the green light for a site migration or adding an analytics platform should be relatively straightforward.

In the future, however, the organization might need to deliver an enhanced digital experience or fend off a new kind of cybersecurity threat. This is why some experts are now talking about the idea of “Triple A governance”—in other words, governance that is agile and adaptive but also anticipatory.

This doesn’t mean you have to become a fortune teller. It means having a governance structure that makes it easy for voices from across the company (and beyond it, like customers and partners) to be heard and inform the way it changes.

Be your organization’s IT governance champion

You don’t have to wait until disaster strikes to discuss IT governance with your leadership and team.

In a way, you’re probably already talking about it. Most companies are constantly looking at how they can better deliver value, get business functions working together more cohesively, and mitigate risks. Those are all areas where IT governance can play an integral role and where you can become the person helping move your organization forward.