A balance of powers, clear accountability, a framework for decision-making: these are some of the fundamental building blocks of good governance. They apply just as much to the boardroom as they do to the halls of Congress, and thanks to Sarbanes-Oxley, companies have spent plenty of time addressing corporate governance.

Less visible but no less urgent is the related issue of IT governance. Although its roots lie in such long-established practices as the formation of IT steering committees, the broader arena of IT governance — which spans everything from strategy formation to purchasing decisions to staffing levels to project management—is now a hot topic of conversation among CFOs, CIOs, and other senior executives.

According to a report from PricewaterhouseCoopers for the IT Governance Institute (ITGI), 83 percent of the 276 organizations surveyed worldwide have implemented or are considering deploying some form of IT governance. Vendors, naturally, are taking advantage of companies’ desire to create a basic decision-making and accountability framework for technology management and use by offering a range of software products that purport to do some or all of that. But analysts and customers caution that these tools play, at best, a supporting role. The primary challenges are organizational and managerial.

Driving the trend is a pervading sense that despite tighter fiscal controls, companies still lack a clear view of IT spending. When asked what problems their organizations had experienced in IT in the past 12 months, 41 percent of respondents cited an “inadequate view on how well IT is performing” and 40 percent cited “operational failures of IT.”

There is evidence that IT governance can solve such problems. A 2003 study of 250 large enterprises conducted by Gartner and the Massachusetts Institute of Technology showed that companies with well-designed governance programs have at least 20 percent higher profits than those with poor governance, given the same strategic objectives.

Key components of IT governance include resource, asset, and project-portfolio management; risk management; accountability; improved alignment between IT and business goals; and measurement of the value created by technology initiatives. Laudable goals, to be sure, but is “IT governance” just a fancy label applied to the long-standing mission of those aforementioned steering committees? Marios Damianides, international president of the ITGI, a Rolling Meadows, Illinois, organization that helps enterprises plan governance programs, says no. “Given today’s environment in terms of regulations and the business demands placed on IT, things are very different than in the days when the IT committee was the sole governance element,” he says. When many of those committees were formed, IT was expected to be an autonomous cost center that quietly did its job keeping systems running. “Today, it’s more value-driven,” says Damianides. “The focus is now on the value that IT can add to the corporation and assessing its quantifiable results.”

Even as companies demand more, they are spending less. An annual survey by Gartner showed that IT spending declined in 2002 and 2003, and was flat last year. “In that environment, you need to make hard decisions on where to spend,” says Mark McDonald, group vice president and head of research at Gartner Executive Programs.

Industry analysts say the governance model of choice emerging at many organizations splits decision-making among IT, finance, and lines of business. “The focus now is on having much more of an open, shared decision-making environment” that usually includes the CIO, CFO, and business-line executives, says Brian Burke, vice president (international) of enterprise planning and architecture strategies at Meta Group. It’s a structured, collaborative approach in which an executive council evaluates and prioritizes IT projects and spending based on the changing needs of the organization. In many cases, experts say, governance councils will strive for balanced portfolios of low-risk and high-risk IT investments, evaluating investments periodically to determine whether they’re still warranted.

Another goal is to move away from silo spending, in which various business units exercise autonomy with little regard for standardization or integration. But many of those approaches grew out of the difficulty of establishing a master plan that meets every department’s needs. The pendulum of IT strategy has long swung between centralization and decentralization. Current governance efforts, in fact, may benefit from the relatively long history of quasi failures, as most companies have had plenty of opportunity to learn things the hard way.

Employment-services provider Manpower Inc. of Milwaukee has developed an IT-governance program (dubbed the “Manpower Way”) to control technology spending and ensure that IT projects align with business needs and are deployed in a consistent way around the world. Manpower’s governance is based on a “global/local” model, which keeps technology decision-making at a high level but allows for some autonomy at facilities around the world, so that Manpower offices in different countries can gear applications to home markets, says CIO Rick Davidson. This allows Manpower to get economies of scale through enterprisewide IT purchases and lets branches modify applications as needed.

In September 2003, Manpower formed an executive team to set priorities for IT investments and ensure that technology is being purchased and used in the most efficient way. The group of 11 senior business and finance executives includes Davidson, CFO Mike Van Handel, leaders from corporate affairs and human resources, regional executive vice presidents, and others. Previously, Davidson says, technology decisions were made within regions and business units, and there was a lack of discipline. Manpower has already been able to save 5 percent to 10 percent of its IT budget by doing a better job of eliminating redundant investments and leveraging economies of scale, he says. For example, the team discovered that the company was using 70 different financial systems worldwide. It opted to standardize on a single PeopleSoft system, which made far greater economic sense. Training became an issue, and the company had to determine whether to have a common chart of accounts for all countries or map existing country accounts into a common general-ledger program at headquarters.

Finance executives at Manpower are pleased with the governance efforts. “IT has always been a big black box where money went,” says Dan Greer, director of global IT finance, who reports to both Davidson and the corporate controller. “Now we’re saying, ‘Let’s try to build a cohesive vision for where we want to be over the next four or five years and invest in IT accordingly.” Greer says all major technology projects must have a project “owner” and a solid return-on-investment plan. “If it doesn’t have those things, it doesn’t get approved,” he says.

To support its IT governance efforts, last year Manpower began to use a Web-based software product called Clarity from Niku Corp. The software, which has prebuilt templates for modeling various types of IT assets (hardware, applications, network infrastructure, and so on), allows Manpower to track and manage IT resources and projects around the world. Managers use the software to plan projects and select technology investments that seem most in line with national, regional, and corporate objectives.

The software gives Manpower a better way to control resources, see how deployments are progressing, and identify problems, says Davidson. Manpower can use the help: not only does it continue to have a large number of redundant applications around the world, but the company’s CEO has charged Davidson with reducing back-office IT spending by 10 percent by 2007.

Analysts caution against an overreliance on governance software. “The tools are certainly helpful, but they’re not a replacement for the leadership that’s required for IT governance,” says Meta Group’s Burke. “A lot of organizations make the mistake of thinking that if they buy a governance tool, they’ll have governance. That’s simply not true.” Surveys have found that buyers of such products do believe they reap benefits, particularly when it comes to project management — keeping large efforts on track and assessing whether projects will meet their strategic objectives, for example.

But the importance of strong leadership can’t be overstated. That is certainly the case at media company E.W. Scripps Co. in Cincinnati. Scripps uses several governance software products, including a Web-based application from PlanView Inc. that helps the company manage its IT portfolio and technology projects. The software automatically ranks IT initiatives based on seven data points, each with a weighted score factoring in the company’s goals. Scripps also uses the product to track the progress of IT projects and to estimate their ROI. The company uses four internally developed software tools as well, and while Oscar de Jongh, managing director of the company’s program management office, says the software is effective, he maintains that 90 percent of IT governance comes down to processes, not products.

The emphasis on measured returns forces managers to be more discerning about which projects to push for. “If people know they will be measured on how successful the project was based on ROI projections, versus simply meeting time and budget projections, it puts a whole different spin on what projects are requested,” says de Jongh.

The company expects its efforts to show significant results through more-efficient IT spending. “Once we have achieved a mature IT governance process across the enterprise, it would not surprise me to see us achieve a 40 percent gain in results for the same money [spent],” says de Jongh.

There’s now much less chance for runaway IT spending. “We do not have a problem shutting down a large project if it’s not going well,” says de Jongh. “We’ve done it, and there’s been no reluctance to do it.” The best indication that good governance is taking hold, of course, will be that there is no need to do it.

Bob Violino is a freelance writer in Massapequa Park, New York.

Constitutional Conventions

At a growing number of companies, IT governance includes the use of IT process frameworks. Several of these models have emerged as popular choices, with essentially a collection of best practices and recommendations that can typically be modified as needed to suit the needs of individual companies. One, IT Infrastructure Library (ITIL), is a set of best-practices standards for IT service management. ITIL offers a customizable framework of practices to provide high-quality service to internal users, covering such functions as service support and delivery, software support, computer operations, and security.

Another well-known framework, Control Objectives for Information and related Technology (CobiT), is a standard for IT security and data and systems control practices. It is attracting more interest these days because it can provide a road map for assessing and documenting internal controls, a key aspect of Sarbanes-Oxley and other regulatory compliance efforts.

A third framework, Capability Maturity Model Integration, or CMMI, is a model used for evaluating and improving internal software development, systems engineering, and research and development.

“The [frameworks] are the practical tools that bridge the concept of governance and its implementation,” says Marios Damianides, international president of the IT Governance Institute, a Rolling Meadows, Illinois, organization that helps enterprises deploy IT governance.

Employment-services firm Manpower Inc. incorporates best practices from both ITIL and CobiT as part of its governance efforts. ITIL provides the framework for its delivery of back-office services to employees, says CIO Rick Davidson, and CobiT is an integral part of Manpower’s Sarbanes-Oxley compliance efforts. —B.V.