Make Your IT Governance Adaptable

People don’t understand the value of governance, seeing it as a hindrance to productivity and efficiency.
Governance is delegated to people and practices that don’t have the ability or authority to make these decisions.
Decisions are made within committees that don’t meet frequently enough to support business velocity.
It is difficult to allocate time and resources to build or execute governance effectively.

Our Advice

Critical Insight

IT governance applies not just to the IT department but to all uses of information and technology.
IT governance works against you if it no longer aligns with or supports your organizational direction, goals, and work practices.
Governance doesn’t have to be bureaucratic or control based.
Your governance model should be able to adapt to changes in the organization’s strategy and goals, your industry, and your ways of working.
Governance can be embedded and automated into your practices.

Impact and Result

You will produce more value from IT by developing a governance framework optimized for your current needs and context, with the ability to adapt as your needs shift.
You will create the foundation and ability to delegate and empower governance to enable agile delivery.
You will identify areas where governance does not require manual oversight and can be embedded into the way you work.

Make Your IT Governance Adaptable Research & Tools

1. Make Your IT Governance Adaptable Deck – A document that walks you through how to design and implement governance that fits the context of your organization and can adapt to change.

Our dynamic, flexible, and embedded approach to governance will help drive organizational success. The three-phase methodology will help you identify your governance needs, select and refine your governance model, and embed and automate governance decisions.

2. Adaptive and Controlled Governance Model Templates and Workbook – Documents that gather context information about your organization to identify the best approach for governance.

Use these templates and workbook to identify the criteria and design factors for your organization and the design triggers to maintain fit. Upon completion this will be your new governance framework model.

3. Implementation Plan and Workbook – Tools that help you build and finalize your approach to implement your new or revised governance model.

Upon completion you will have a finalized implementation plan and a visual roadmap.

4. Governance Committee Charter Templates – Base charters that can be adapted for communication.

Customize these templates to create the committee charters or terms of reference for the committees developed in your governance model.

5. Governance Automation Criteria Checklist and Worksheet – Tools that help you determine which governance decisions can be automated and work through the required logic and rules.

The checklist is a starting point for confirming which activities and decisions should be considered for automation or embedding. Use the worksheet to develop decision logic by defining the steps and information inputs involved in making decisions.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.7/10

Overall Impact

$11,400

Average $ Saved

Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Testimonial

Blue Cross of Idaho Health Service, Inc.

Workshop

9/10

N/A

Difficult to ascertain value, we most definitely saved elapsed time (this would have taken us months to get through one hour at a time - my time sa... Read More

SEYMOUR WHYTE CONSTRUCTIONS PTY LTD

Guided Implementation

10/10

$9,100

University Of North Dakota

Guided Implementation

10/10

$13,700

Sydney is great, knows his stuff!

Make Your IT Governance Adaptable

Governance isn't optional, so keep it simple and make it flexible.

4 Analyst Perspective

5 Executive Summary

13 Governance Stages

14 Info-Tech’s IT Governance Thought Model

19 Info-Tech’s Approach

23 Insight Summary

30 Phase 1: Identify Your Governance Needs

54 Phase 2: Select and Refine Your Governance Model

76 Phase 3: Embed and Automate

94 Summary of Accomplishment

95 Additional Support

97 Contributors

98 Bibliography

Make Your IT Governance Adaptable

Governance isn't optional, so keep it simple and make it flexible.

EXECUTIVE BRIEF

Analyst Perspective

Governance will always be part of the fabric of your organization. Make it adaptable so it doesn’t constrain your success.

Photo of Valence Howden, Principal Research Director, Info-Tech Research Group

Far too often, the purpose of information and technology (I&T) governance is misunderstood. Instead of being seen as a way to align the organization’s vision to its investment in information and technology, it has become so synonymous with compliance and control that even mentioning the word “governance” elicits a negative reaction.

Success in modern digital organizations depends on their ability to adjust for velocity and uncertainty, requiring a dynamic and responsive approach to governance – one that is embedded and automated in your organization to enable new ways of working, innovation, and change.

Evolutionary theory describes adaptability as the way an organism adjusts to fit a new environment, or changes to its existing environment, to survive. Applied to organizations, adaptable governance is critical to the ability to survive and succeed.

If your governance doesn’t adjust to enable your changing business environment and customer needs, it will quickly become misaligned with your goals and drive you to failure.

It is critical that people build an approach to governance that is effective and relevant today while building in adaptability to keep it relevant tomorrow.

Valence Howden
Principal Research Director, Info-Tech Research Group

Executive Summary

Your Challenge

People don’t understand the value of governance, seeing it as a hindrance to productivity and efficiency.
Governance is delegated to people and practices that don’t have the ability or authority to make decisions.
Decisions are made within committees that don’t meet frequently enough to support business velocity.
It is difficult to allocate time and resources to build or execute governance effectively

Common Obstacles

You are unable to clearly communicate how governance adds value to your organization.
Your IT governance approach no longer aligns with or supports your organizational direction, goals, and work practices.
Governance is seen and performed as a bureaucratic control-based exercise.
Governance activities are not transparent.
The governance committee gets too deeply involved with project deep dives and daily management, derailing its effectiveness and ability to produce value.

Info-Tech’s Approach

Use Info-Tech’s IT governance models to identify a base model similar to the way you are organized. Confirm your current and future placement in governance execution.
Adjust the model based on industry needs, your principles, regulatory requirements, and your future direction.
Identify where to embed or automate decision making and compliance and what is required to do so effectively.
Implement your governance model for success.

Info-Tech Insight

IT governance must be embedded and automated, where possible, to effectively meet the needs and velocity of digital organizations and modern practices and to drive success and value.

What is governance?

IT governance is a critical and embedded practice that ensures that information and technology investments, risks, and resources are aligned in the best interests of the organization and produce business value.

Effective governance ensures that the right technology investments are made at the right time to support and enable your organization’s mission, vision, and goals.

5 KEY OUTCOMES OF GOOD GOVERNANCE
STRATEGIC ALIGNMENT Technology investments and portfolios are aligned with the organization's strategic objectives.	RISK OPTIMIZATION Organizational risks are understood and addressed to minimize impact and optimize opportunities.	VALUE DELIVERY IT investments and initiatives deliver their expected benefits.	RESOURCE OPTIMIZATION Resources (people, finances, time) are appropriately allocated across the organization to optimal organizational benefit.	PERFORMANCE MEASUREMENT The performance of technology investments is monitored and used to determine future courses of action and to confirm achievement of success.
‹–EVALUATE–DIRECT–MONITOR–›

Why is this necessary?

Governance is not simply a committee or an activity that you perform at a specific point in time; it is a critical and continuously active practice that drives the success of your organization. It is part of your organization’s DNA and is just as unique, with some attributes common to all (IT governance elements), some specific to your family (industry refinements), and some specific to you (individual organization).
Your approach to governance needs to change over time in order to remain relevant and continue to enable value and success, but organizations rarely want to change governance once it’s in place.
To meet the speed and flow of practices like Lean, DevOps, and Agile, your IT governance needs to be done differently and become embedded into the way your organization works. You must adjust your governance model based on key moments of change – organizational triggers – to maintain the effectiveness of your model.

Info-Tech Insight

Build an optimal model quickly and implement the core elements using an iterative approach to ensure the changes provide the most value.

The Technology Value Trinity

Delivery of Business Value & Strategic Needs

DIGITAL & TECHNOLOGY STRATEGY
The identification of objectives and initiatives necessary to achieve business goals.
IT OPERATING MODEL
The model for how IT is organized to deliver on business needs and strategies.
INFORMATION & TECHNOLOGY GOVERNANCE
The governance to ensure the organization and its customers get maximum value from the use of information and technology.

All three elements of the Technology Value Trinity work in harmony to deliver business value and meet strategic needs. As one changes, the others need to change as well.

Digital and IT Strategy tells you what you need to achieve to be successful.
IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
Information & Technology Governance is the confirmation that IT’s goals and strategy align with the business’ strategy. It is the mechanism by which you continuously prioritize work to ensure that what you deliver is in line with the strategy. This oversight involves evaluating, directing, and monitoring the delivery of outcomes to ensure that the use of resources results in achieving the organization’s goals.

Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest rather than on what is in the best interest of the organization.

Where information & technology governance fits within an organization

An infographic illustrating where Governance fits within an organization. The main section is titled 'Enterprise Governance and Strategy' and contains 'Value Outcomes', 'Mission and Vision', 'Goals and Objectives', and 'Guiding Principles'. These all feed into the highlighted 'Information & Technology Governance', which then contributes to 'IT Strategy', which lies outside the main section.

I&T governance hasn’t achieved its purpose

Governance is the means by which IT ensures that information and technology delivery and spend is aligned to business goals and delivers business outcomes. However, most CEOs continue to perceive IT as being poorly aligned to the business’ strategic goals, which indicates that governance is not implemented or executed properly.

For I&T governance to be effective you need a clear understanding of the things that drive your organization and its success. This understanding becomes your guiding star, which is critical for effective governance. It also requires participation by all parts of the organization, not just IT.

Info-Tech CIO/CEO Alignment Diagnostics (N=124)

43% of CEOs believe that business goals are going unsupported by IT.

60% of CEOs believe that improvement is required around IT’s understanding of business goals.

80% of CIOs/CEOs are misaligned on the target role for IT.

30% of business stakeholders are supporters (N=32,536) of their IT departments

Common causes of poor governance

Key causes of poor or misaligned governance

Governance and its value to your organization is not well understood, often being confused or integrated with more granular management activities.
Business executives fail to understand that IT governance is a function of the business and not the IT department.
Poor past experiences have made “governance” a bad word in the organization. People see it as a constraint and barrier that must be circumvented to get work done.
There is misalignment between accountability and authority throughout the organization, and the wrong people are involved in governance practices.
There is an unwillingness to change a governance approach that has served the organization well in the past, leading to challenges when the organization starts to change practices and speed of delivery.
There is a lack of data and data-related capabilities required to support good decision making and the automation of governance decisions.
The goals and strategy of the organization are not known or understood, leaving nothing for IT governance to orient around.

Key symptoms of ineffective governance committees

No actions or decisions are generated. The committee produces no value and makes no decisions after it meets. The lack of value output makes the usefulness of the committee questionable.
Resources are overallocated. There is a lack of clear understanding of capacity and value in work to be done, leading to consistent underestimation of required resources and poor resource allocation.
Decisions are changed outside of committee. Decisions made or initiatives approved by the committee are later changed when the proper decision makers are involved or the right information becomes available.
Governance decisions conflict with organizational direction. This shows an obvious lack of alignment and behavioral disconnect that work against organizational success. It is often due to not accounting for where power really exists within the structure.
Consistently poor outcomes are produced from governance direction. Committee members’ lack of business acumen, relevant data, or understanding of organizational goals results in decisions that fail to drive successful measured outcomes.

Mature your governance by transitioning from ad hoc to automated

Organizations should look to progress in their governance stages. Ad hoc and controlled governance practices tend to be more rigid, making these a poor fit for organizations requiring higher velocity delivery or using more agile and adaptive practices.

The goal as you progress through these stages is to delegate governance and empower teams based on your fit and culture, enabling teams where needed to make optimal decisions in real time, ensuring that they are aligned with the best interests of the organization.

Automate governance for optimal velocity while mitigating risks and driving value.

This puts your organization in the best position to be adaptive, able to react effectively to volatility and uncertainty.

Stages of governance

Adaptive Data-Centric ˆ ˆ ˆ ˆ ˆ Traditional (People- and Document-Centric)	4	Automated Governance Entrenched into organizational processes and product/service design Empowered and fully delegated to maintain fit and drive organizational success and survival
	3	Agile Governance Flexible enough to support different needs in the organization and respond quickly to change Driven by principles and delegated throughout the company
	2	Controlled Governance Focused on compliance and hierarchy-based authority Levels of authority defined and often driven by regulatory requirements
	1	Ad Hoc Governance Not well defined or understood within the organization Occurs out of necessity but often not done by the right people or bodies

Make Governance Adaptable and Automated to Drive Success and Value

Governance adaptiveness ensures the success of digital organizations and modern practice implementation.

THE PROBLEM

The wrong people are making decisions.
Organizations don't understand what governance is or why it's done.
Governance scope and design is a bad fit, damaging the organization.
People think governance is optional.

THE SOLUTION

ESTABLISH YOUR GUIDING PRINCIPLES

Define and establish the guiding principle that drive your organization toward success.

Mission & Vision
Business Goals & Success Criteria
Operating Model & Work Practices
Governance Scope
Principles

SELECT AND REFINE YOUR MODEL

Use Info-Tech's IT Governance Models to identify a base model similar to the way you are organized. Confirm your current and future placement in governance execution.

IDENTIFY MODEL UPDATE TRIGGERS

Adjust the model based on industry needs, your principles, regulatory requirements, and future direction.

Principles
Select principles that allow the organization to be adaptive while still ensuring the governance continues to stay on course with pursuing its guiding star.
Responsibilities
Decide on the governance responsibilities related to Oversight Level, Strategic Alignment, Value Delivery, Risk Optimization, Resource Optimization, and Performance Management.
Structure
Determine at which structured level governance is appropriate: Enterprise, Strategic, Tactical, or Operational.
Processes
Establish processes that will enable governance to occur such as: Embed the processes required for successful governance.
Membership
Identify the Responsibility & Accountability of those who should be involved in governance processes, policies, guidelines, and responsibilities.
Policies
Confirm any governing policies that need to be adhered to and considered to manage risk.

DETERMINE AUTOMATION OPTIONS AND DECISION RULES

Identify where to embed or automate decision making and compliance and what is required to do so effectively.

STAGES OF GOVERNANCE

Traditional (People- and document-centric)

AD HOC GOVERNANCE
Governance that is not well defined or understood within the organization. It occurs out of necessity but often not by the right people or bodies.
CONTROLLED GOVERNANCE
Governance focused on compliance and hierarchy-based, authority-driven control of decisions. Levels of Authority are defined and often driven by regulatory requirements.

Adaptive (Data Centric)

AGILE GOVERNANCE
Governance that is flexible to support different needs and quick responses in the organization. Driven by principles and delegated throughout the company.
AUTOMATED GOVERNANCE
Governance that is entrenched and automated into the organizational processes and product/service design. Empowered and fully delegated governance to maintain fit and drive organizational success and survival.

KEY INSIGHT

Governance must actively adapt to changes in your organization, environment, and practices or it will drive you to failure.

Developing governance principles

Governance principles support the move from controlled to automated governance by providing guardrails that guide your decisions. They provide the ethical boundaries and cultural perspectives that contextualize your decisions and keep you in line with organizational values. Determining principles are global in nature.

CONTROLLED	CHANGE ACTIONS AND RATIONALE	AUTOMATED
Disentangle governance and management	Move from governance focused on evaluating, directing, and monitoring strategic decisions around information and technology toward defining and automating rules and principles for decision making into processes and practices, empowering the organization and driving adaptiveness.	Delegate and empower
Govern toward value	Move from identifying the organization’s mission, goals, and key drivers toward orienting IT to align with those value outcomes and embedding value outcomes into design and delivery practices.	Deliver to defined outcomes
Make risk-informed decisions	Move from governance bodies using risk information to manually make informed decisions based on their defined risk tolerance toward having risk information and attestation baked into decision making across all aspects and layers of the IT organization – from design to sustainment.	Embed risk decision making into processes and practices
Measure to drive improvement	Move from static lagging metrics that validate that the work being done is meeting the organization’s needs and guide future decision making toward automated governance with more transparency driven by data-based decision making and real-time data insights.	Trust through real-time reporting
Enforce standards and behavior	Move from enforcing standards and behavior and managing exceptions to ensure that there are consistent outcomes and quality toward automating standards and behavioral policies and embedding adherence and changes in behavior into the organization’s natural way of working.	Automate standards through automated decision rules, verification, and validation

Find your guiding star

MISSION AND VISION –›	GOALS AND OBJECTIVES –›	GUIDING PRINCIPLES –›	VALUE
Why your organization exists and what value it aims to provide. The purpose you build a strategy to achieve.	What your organization needs be successful at to fulfill its mission.	Key propositions and guardrails that define and guide expected organizational behavior and beliefs.

Your mission and vision define your goals and objectives. These are reinforced by your guiding principles, including ethical considerations, your culture, and expected behaviors. They provide the boundaries and guardrails for enabling adaptive governance, ensuring you continue to move in the right direction for organizational success.

To paraphrase Lewis Carroll, “If you don't know where you want to get to, it doesn't much matter which way you go.” Once you know what matters, where value resides, and which considerations are necessary to make decisions, you have consistent directional alignment that allows you to delegate empowered governance throughout the organization, taking you to the places you want to go.

Understand governance versus management

Don’t blur the lines between governance and management; each has a unique role to play. Confusing them results in wasted time and confusion around ownership.

Governance

I&T governance defines WHAT should be done and sets direction through prioritization and decision making, monitoring overall IT performance.

Governance aligns with the mission and vision of the organization to guide IT.

Management

Management focuses on HOW to do things to achieve the WHAT. It is responsible for executing on, operating, and monitoring activities as determined by I&T governance.

Management makes decisions for implementation based on governance direction.

Data is critical to automating governance

Documents and subjective/non-transparent decisions do not create sufficient structure to allow for the true automation of governance. Data related to decisions and aggregated risk allow you to define decision logic and rules and algorithmically embed them into your organization.

People- and Document-Centric

Governance drives activities through specific actors (individuals/committees) and unstructured data in processes and documents that are manually executed, assessed, and revised. There are often constraints caused by gaps or lack of adequate and integrated information in support of good decisions.

Data-Centric

Governance actors provide principles, parameters, and decision logic that enable the creation of code, rulesets, and algorithms that leverage organizational data. Attestation is automatic – validated and managed within the process, product, or service.