cfo.com

Print this article | Return to Article | Return to CFO.com

Five Best Practices for IT Governance

In order to know where the money goes, and to improve IT ROI, CFOs need more than committees and meetings. They need to get those committees to execute. Here's how.
Martha Heller, CFO.com | US
August 27, 2012

When human-resources leaders ask my firm to help them replace their current chief information officer with a new one, it's sometimes because the erstwhile incumbent is moving on to a new job.  But more often, we get the call because the current CIO . . . is just not working out.  The most common reason? 

"We never know where the money goes," frustrated CFOs frequently tell me during our kick-off meetings.  "IT is a black hole."  When I ask these CFOs if they have an IT governance body, the answer is usually the same:  "We have one, but it's not effective."

IT is a huge part of most companies' budgets. CIOs write massive checks to vendors that are forever gobbling each other up and gaining the leverage to increase their fees.  IT governance — the process that allows a company's senior management to direct and measure their IT investments — is one sure way to get the biggest bang from those big checks.  But most governance functions do not work that well. Typically, all those committees, meetings, reports, and rules of engagement do more to encumber IT decision-making than facilitate it.  

As a CFO, it's in your best interest to develop a little expertise in IT governance.   After all, you want that IT return on investment. Here are some basic best practices for IT governance:

  1. Get your business priorities straight. The role of governance is to ensure alignment between the IT investment strategy and the strategic priorities of the business.  If your company has not yet settled on a cohesive business strategy, IT governance will fail.  The meetings will be long and meandering because everyone is trying to pound nails into a moving target.  Get your corporate strategy straight before you set up an IT steering committee.
  2. Use the rear-view mirror. CFOs tend to cut the tail off projects. They cut the budget on training and support, send the consultants home too early, and move on to the next IT investment before learning enough about the current one.  Jeanne Ross, author of IT Governance: How Top Performers Manage IT Decision Rights for Superior Results and director of the Massachusetts Institute of Technology's Center for Information Systems Research, believes governance should make everybody smarter about IT. "When setting up governance, most companies start with IT investments when they should start with implementation reviews," she says. "Companies with the best governance are constantly assessing whether projects are realizing their business case."  When you all agreed to fund that last major IT program, you had a business case to justify the investment. Take a look at it now.  Did you spend what you said you would spend? Did you cut the heads you thought you'd cut?  You're missing the point of IT governance if you bypass the postmortem.
  3. Keep it small and elite. Remember those parties you threw in high school that started out with just a few close friends and before you knew it, the entire football team was in your living room? Don't let that happen with IT governance.  Your impulse will be to invite everyone and their brother to the table (after all, IT affects everyone), but that's a mistake.  The executive committee and the major business leaders need to be present, engaged, and clear on their responsibilities. If you add too many executives and committees and meetings, you'll lose focus and, even more important, accountability.
  4. Don't mistake good governance for project success. CFOs always seem flabbergasted when a major IT project goes south. Didn't they log countless hours in IT steering-committee meetings?  The error is in confusing governance with project management.  A governance committee can agree upon an IT investment, but that agreement is not enough to make the project a success. In fact, some non-IT business executives will hide behind all those committees and meetings and wind up doing very little on the project. Because their name is on a committee, they believe they've done enough. Project success, however, depends upon shared accountability among IT and business leaders.  During those meetings, be sure there are some honest conversations about who is responsible and accountable for what.
  5. Right-size your approach and stick with it. If yours is a large global company with a complex, federated structure of regions, functions, and business units, your governance structure will need to support that complexity.  You will probably need more structure, more players, more communication, and (unfortunately but inevitably) more meetings.   If yours is a centralized regional company with a straightforward structure, your governance approach can be simpler.  Either way, once you've found the structure that fits your culture, stick with it, because every senior manager in your company should know your approach to IT governance like the back of his or her hand.  Change your approach too often and you will create confusion and, in the end, impair the value of your IT investments. "Without an awareness of IT governance, there is no chance that it will be followed," writes IT governance expert Ross. "The higher the percentage of managers who can describe your governance, the higher the governance performance."

Everyone needs good IT, but no one wants to talk about it.  Most CFOs would rather spend time with their in-laws than in an IT steering-committee meeting.  But companies with good governance consistently outperform companies with bad. Which group do you want to be in?


Martha Heller is president of Heller Search Associates, a CIO and senior IT executive recruiting firm, and a contributing editor to CIO magazine. Her new book, The CIO Paradox, will be published this fall.  Follow Martha on twitter: @marthaheller.




CFO Publishing Corporation 2009. All rights reserved.