IT governance is often implemented with the establishment of an IT Investment Review Board (IRB) and Enterprise Architecture Board (EAB); but to get these to really be effective you have to win the hearts and minds of the stakeholders.
Here are some critical success factors to making IT governance work:
- Management buy-in and commitment—this is sort of a no-brainer, but it’s got to be said; without senior management standing firmly behind IT governance, it won’t take root and IT projects will continue to fly under the radar.
- Prioritizatuion and resourcing—EA, IT Strategic Planning, and IT governance compete with IT operations for resources, management attention, and prioritization. More often than not, many not so savvy CIOs value putting some new technology in the hands of the end-user over creating strategic IT plans, developing transition architectures, and implementing sound IT governance (they do this at risk to their careers and good names!)
- Policy and procedures—IT governance needs a firm policy to mandate compliance to the user community; further the procedures for users to follow need to be clear and simple. IT governance procedures should integrate and streamline the governance processes for authorizing the project, allocating funding, conducting architectural reviews, following the systems development life cycle, managing the acquisition, and controlling the project. End-users should have a clear path to follow to get from initiating the project all the way through to close-out. If the governance mechanism are developed and implemented in silos, the end users have every reason in the world to find ways to work around the governance processes—they are a burden and impede timely project delivery.
- Accessibility—Information on IT governance services including the process, user guides, templates, and job aids needs to be readily available to project managers and other end users. If they have to search for it or stick the pieces together, then they have another reason to bypass it all together.
- Enforcement—there are two major ways to enforce the governance. On the front end is the CIO or IRB controlling the IT funding for the enterprise and having the authority to review, approve, prioritize, fund, monitor, and close down IT projects. At the back-end, is procurement; no acquisitions should pass without having demonstrated compliance with the IT governance processes. Moreover, language should be included in contracting to enforce EA alignment and compliance.
- Cultural change-Organizations need to value planning and governance functions. If operations always supersede IT planning and governance, then both business and technical stakeholders will feel that they have a green light to ignore those functions and do what they want to do without regard to overall strategy. Further, if the culture is decentralized and governance is managed in silos (one manager for SDLC, another for EA, yet another for requirements management), then the processes will remain stove-piped, redundant, and not useable by the user community.
- Communication plan—the governance process and procedures need to be clearly communicated to the end users, and it must address the what’s in it for me (WIIFM) question. Users need to understand that their projects will be more successful if they follow the IT plan and governance processes. Those are in place to guide the user through important and necessary project requirements. Further, users are competing for resources with other important IT projects, and user will benefit their projects by making the best business and technical case for them and following the guidelines for implementing them.