in IT+Strategy, Skills+Tools

#CIO Guide to effective IT Governance – Part 1



CIO and Governance

Despite pressure to perform and provide reliable IT services, a #CIO is accountable for key decisions and expected to govern (#ITGovernance) them effectively. In this series of posts, I intend to examine different types of decisions a #CIO is expected to govern and provide some ideas and point of views on how to effectively govern. In addition, I will provide some typical pitfalls to watch for during and effective IT Governance implementation.

Before we examine the types of decisions, let’s define the term governance. Merriam dictionary defines governance as “the way that a city, company, etc., is controlled by the people who run it”. On the other hand MIT CISR (Center for Information Systems Research) defines IT governance as a framework for decision rights and accountability to encourage desirable behavior in the use of IT. If you look closely, both of them discuss about the control of underlying resources and the corresponding decisions. In this article, we will follow MIT CISR definition, however we would expand the scope of decisions for CIO at the enterprise level and not just IT.

At an enterprise level CIO is not only expected to run and manage IT organization but also partner and contribute to corporate goals and objectives. Within this broader context, the decisions a #CIO is expected to manage fall into Four (4) broad categories as shown in the figure above.

  • Strategic Decisions – These are the decisions that are tightly linked to overall corporate or business strategy. CIO is expected to participate and provide input on how and where IT can provide sustained competitive advantage. Depending on how involved CIO is with the corporate strategy or in other words having a seat at the table, CIO would be part of the governing body that makes those strategic choices. CIO in this regard is expected to ensure IT perspective or implications are considered.
  • IT Investments – Governance as we have seen earlier is about decisions that control the underlying resources. IT on annual basis makes significant investments to improve (perceived) capabilities. Governance related to this categories is about deciding how those investments are spread across different dimensions. As an example, how much IT investments are used to “Run the Business” or “Keeping the lights on” vs. how much IT is spending on new projects or initiatives. Another example, is how much of IT investments are spread across different Business units. For example, how much of IT investments are focused on Marketing Business unit vs. a specific functional Business unit.
  • Organizational – Decisions in this category are related to Processes, Organization structure, Data and People. For example, there might decisions that needs to be made on how Data is used to drive customer engagement or who needs to have what kinds of access to Data. Another example, would be enforcing decisions related to compliance. Another example, would be managing Vendor related
  • Technology – CIO without questions is the ultimate owner of the Technology in the organization, hence this area is where most of the decisions need to be made. Decisions related to Enterprise architecture, application architecture, infrastructure or technology choices fall into category.

From my experience, I see the above four broad categories of decisions that a CIO is expected to manage and govern, directly or indirectly. I will plan to elaborate on each of the above categories in the upcoming posts.

In the mean time, if you have an opinion or thoughts or a different perspective, please leave me a comment or connect with me via the links below.


Write a Comment