IT Governance is a vector of quality, for both the maturity of process and outcome.
Governance has been one of those concepts that has received a lot of "lip service," the speed of business is accelerated, opportunities and risks coexist, governance needs to be a complementary part of strategy management. But how to get it right - to steer IT, not stifle IT innovation and agility?
IT Governance is a vector of quality, for both the maturity of process and outcome. Eventually, as the company grows, so will the need for standard policies and procedures. Not just to cover the “Risk” management, but to create an environment where duties are segregated and often duplicated. In the startup, with few developers, one can say there’s little need for the burden of source control. Add a couple of more developers working on competing projects and all of a sudden source control and a regimented procedure for deploying solutions become necessary. Governance, risk, and compliance are not a single process, but a collection of processes with other governance mechanisms, such as roles and technologies.
Another area to practice IT governance might be the conception, development, and deployment of solutions. It’s a natural evolution as most initiative involves IT, therefore, IT will possess the companies widest breadth of view. As organization mature, the SME roles have to be pushed out to the user community, which means the end users need to become more responsible for the construction, testing, and deployment of their tools. This segregation of unit and system testing are first finished by IT; then user acceptance testing and implementation are done by the user community. Some view it as the battle between creatives and controllers/managers. Without focused business context, the deliverables from/by creatives may not be what the business needs, or may have been produced in a less efficient manner.
Effective IT Governance has innovation built in to harness innovation. Those organizations that feel stifled by governance may not have matured beyond operational risk and control. Controls feel stifling not because they are trying to be innovative, rather that they are undisciplined. IT departments that have their own house in order and have absorbed compliance and operational risk management can move on to greater, more strategic business needs. This is where innovation is needed, and a robust IT governance program can be the medium through which innovation is fostered. Proper IT Governance will have incorporated a process for change and innovation. This should allow for IT innovation to excel within the constraints of the hierarchy of the organization.
Governance discipline enforces agile decision-making. Optimal agile decision-making mechanisms ensure decisions occur as fast as they possibly can - with the speed being in perfect balance with cost and risk for the given decision situation. The problem is, governance is almost always associated with compliance and control. Given many organizations don't view governance as "decision-making optimization," their governance efforts usually devolve into time-consuming, costly, bureaucratic constructs. IT governance enforcement starts with understanding business for the dynamic complex and adaptive system that they are, is the starting point. Quite apart from anything else and without getting into a deep discussion about complexity, risk, epistemic uncertainty, consider that: unpredictability, uncertainty and the probability of surprising emergent properties increase with the complexity of the systems. Complexity is a measure that depends on the number of system components interdependencies] and their interactions, thus, the necessary governance disciplines enable the business to navigate toward the right direction.
The aspects of Agile operation can immediately be seen to have consequences for practitioners of IT governance: If the system of management lacks the understanding and requisite variety of the system being managed, how effective can it be?
- The high level of user involvement in development-related decisions underpins an empowerment to project teams to change and re-prioritize delivery plans, which can cause repercussions across a number of areas within IT governance.
- A dynamic development path brings about variability relating to cost and budget models.
- As development teams strive for the earliest possible delivery of working features that add value, governance practices need to be sufficiently informed and able to keep pace with what is going on.
- The joint needs of Agile projects and a commitment to governance will increase the extent to which a number of IT management practices have to participate in projects, with a consequent cost.
- Governance improves resilience. Resilience is indicative of a state of interdependence that has desirable characteristics such as self-organizing and self-regulating.
The best approach for IT governance has been the one which has aligned the framework approach with the principles and best practices, to improve the maturity of IT function and the expectations business leaders have from IT, to set immediate and long term priorities of organization right, to optimize decision-making approach in the organization, and to ultimately transform IT from a cost center to a value creator.