Governance

Pascal van Eck (www.cs.utwente.nl/~patveck) and Roel Wieringa (www.cs.utwente.nl/~roelw)

The GRAAL project (is.cs.utwente.nl/GRAAL)

University of Twente, the Netherlands

15 November 2004

 

This text in pdf format

 

IT governance is the activity of controlling IT. It consists of making decisions about acquisition, change and disposal of IT, as well as monitoring IT performance data in order to be able to control IT more effectively and efficiently. IT governance is part of corporate governance. Recent developments such as the Sarbanes-Oxley act in the United States have brought corporate governance, and in its wake IT governance, to the center of attention of management of large corporations.

 

We view IT governance as a coordination problem. The following diagram shows some of the relationships to be coordinated in IT governance. Each line represents one coordination relation.

 

 

In different companies, different organizational entities are involved, but usually there are executive management, CIOs, business units, and IT architects involved. Whatever the configuration of managers, committees and other stakeholders, we can make one simple generalization from our cases studies: Architecture design is a top-down process that conflicts with the local interests. This tension occurred in all organizations studied by us as a tension between the architects of the business system layer and project managers that implement one particular business system.

 

  • Proposition. Architecture design of the business system layer uses global optimization criteria. Architects of individual systems within the business system layer use optimization criteria that are global for their project, but local for the business system layer.

 

The architecture of a business system layer is designed with global cost-reduction in mind. This always requires reuse of components in different systems, or the imposition of standards that globally make sense but locally may seem awkward to follow. When an individual system is designed, the project manager or business unit manager responsible for the project will always find good reasons why this globally optimal design is not optimal for his or her system, and will try to get around the global architecture. The only way around this tension is to make the project manager directly accountable to someone responsible for maintaining the global architecture, such as the chief CIO in our diagram.. In practice, the project manager often comes from a business unit and is accountable to a BU manager. This then leads to the conflict between local and global optimization. In the United States, this is identified as a major concern. The Clinger-Cohen Act of 1996, which aims to establish better IT governance in government agencies, tries to improve the situation somewhat by giving explicit responsibility for a coherent project portfolio to the CIO.

 

IT governance is currently for a large part addressed from the perspective of management science. This means that solutions for IT governance are sought solely in the business domain, e.g. by organizational change (as required by the Clinger-Cohen Act, for

example), by control frameworks such as COBIT, but also by improving personal skills of CIOs and architects. It is doubtful whether this is sufficient. In addition to the management science approach, research is needed to develop an engineering approach that seeks to develop IT architectures with attention for governance at all stages of the system life cycle and for all layers, from IT infrastructure to the business layer.