Not having a strong IT governance framework for making technology-based decisions can be as precarious as riding a bicycle downhill without any brakes. With the proliferation of cloud computing, the incline has the potential to grow steeper, with the bicycle picking up more speed.
While IT governance is critically important in the running of any IT organisation, cloud computing now gives end users the ability to have applications developed and hosted in the cloud and the IT department may be the last to know. It’s the ease with which anyone can do this that can keep CIOs up at night.
So, how can enterprises deal with this ever changing scenario? The first step is to put an IT governance structure in place that mimics the overall governance structure of the enterprise.
This entails answering such questions as: How does your company make decisions? How are you organised? Are you centralised or decentralised? What kind of internal IT customer relationship model do you have? Do you have account managers (or business analysts) engaged with the right people?
In general, in order to be effective, an IT governance model must perform these functions
- Focus IT initiatives on business priorities
- Drive cost-effective IT spending
- Enable all constituent groups to have a voice in major IT decisions
- Spell out who and how an organisation researches, acquires, installs and operates all hardware, software and communications technology
It’s important to have senior leadership involved to provide alignment with the overall business strategy and business priorities for the enterprise. This also helps provide insight into the ongoing business needs and challenges; whether the IT products, services and capabilities are meeting these needs, where the gaps and pain points are, and what steps can be taken to address them.
The IT department should also develop and strengthen its relationships—truly partnering—with the business to gain visibility into what may be happening without their blessing.
Additionally, they should have ‘independent monitors’ in place within the procurement and legal organisations, which are two arms of the business that can help spot when rogue IT activities are taking place.
Meanwhile, on a macro level, the IT organisation needs to be customer-service oriented and easy to do business with. It helps having the right relationships to facilitate the likelihood that people will come to you when they need something, as opposed to trying to go around you to get something done.
In a cloud environment, everything takes on added importance with the risks and the exposures suddenly multiplied. The speed of the game, in a sense, has been accelerated and the control button is no longer automatic. For those organisations lacking a good governance model, which is more often the case in a decentralised IT organisation, the enterprise can quickly become the Wild, Wild West. And for those CIOs who fail to take notice, things can quickly get out of hand.
by Bob Kress, executive director of Business Operations, Accenture