**GROW** | Innovation & Business Value
Cover image: Natalie Mis, Shutterstock Lead article photo: Song About Summer, Shutterstock
Josh Hamit understands why IT governance sometimes gets a bad rap.
“When I and others think of governance, it has the connotation of being slow and having a lot of hoops to jump through, and that’s scary for an organization in this age of digital transformation,” he says.
Hamit then asks, “In a time when we need to embrace innovation, how do we do that in a way that governance won’t slow us down?”
Josh Hamit, CIO, Altra Federal Credit Union
It’s a challenge Hamit has been tackling as CIO at Altra Federal Credit Union, where he has implemented a governance model that uses appropriate guardrails for risk management yet still enables adaptability and speed.
Hamit’s governance structure defines roles and responsibilities, assigns decision-making and accountability, and creates procedures to keep IT working on strategic priorities. It also includes policies to ensure IT adheres to standards and regulatory requirements but with enough flexibility to meet emerging business needs.
Hamit says weekly meetings with senior business and IT leaders enable the organization to quickly reprioritize when needed. Agile practices empower IT staffers to make their own decisions. And policies around risk assessments and change management ensure tech products and services meet regulatory and security requirements as well as user needs.
IT governance is the collection of policies, processes and tools that govern how the technology function operates.
“It’s a natural part of running an organization [that’s] supposed to enable you to get the outcomes you want to produce,” says Valence Howden, principle director in the CIO practice at Info-Tech Research Group and an analyst who helps organizations succeed through optimizing how they govern themselves. But experts say many CIOs are clinging to a governance philosophy focused on requirements around availability and stability.
Valence Howden, principle director, Info-Tech Research Group
CIOs today need a different approach to IT governance, one centered on adaptability and innovation that enables IT to adjust as quickly as markets demand. But this governance model still cannot sacrifice availability, stability and security—all of which remain as critical as ever.
“Change, and the velocity of change, means governance has to look different now,” Howden adds.
The need to change how IT is governed is significant and widespread. A recent study conducted by Lawless Research and commissioned by software company Planview found that the inability to quickly adapt strategy execution leads to a decline in growth, opportunities lost to competitors, decreased customer retention and major profit loss.
According to the report, executives cited complex governance and approval processes as a top barrier to adapting to change; the executives also listed unclear and conflicting priorities as well as a lack of resources for approved projects as the other two big barriers to agility.
“We need to tie technology investments to market success. That’s how we now need to regulate the business of technology,” says Nicola Morini Bianzino, global CTO for professional services firm EY. “There is a big push to shift the IT function to be a business function, to be a driver of growth.”
Nicola Morini Bianzino, CTO, EY
IT governance models that support adaptability, agility and speed incorporate several new ways of operating the IT department, say consultants and executives who have adopted such approaches.
To start, these models embrace agile development principles by building in the policies, procedures and tools specific to agile development rather than trying to tweak rules that worked for monolithic application deployments. For example, they eliminate committee reviews and approvals for planned software releases, thereby empowering product owners to manage roadmaps while also empowering product teams to make decisions and accept accountability for their choices.
“Part of this is simply accepting that to move with more speed or more velocity you must run this without having a heavy hand on everything,” Info-Tech's Howden says.
IT governance models built for agility and adaptability also commit to shorter development cycles by putting in place policies that enable them, says Asaf Weisberg, ISACA board director and founder and CEO of security and risk management consulting firm IntroSight.
Asaf Weisberg, ISACA board director and CEO, IntroSight
They do the same for high-performance cross-functional teams by reworking resource management plans so that these teams are given the capabilities they need and are managed and evaluated based on this new way of working.
“It’s a different way of looking at resource management,” Weisberg adds.
Leading CIOs also embed into their governance structures the rules and limits required of their organization’s needs, risk tolerance and regulatory requirements. But they tend to do so in ways that won’t impede adaptability and responsiveness.
For example, Howden says CIOs who delegate authority to the lowest possible levels within their IT departments to enable agility also establish guidelines on what risk scenarios need to go to senior leaders for discussion.
Or, in another example, CIOs demonstrate trust in teams by granting them autonomy but then establish metrics to hold those teams accountable.
Finally, experts say this new IT governance approach should extend beyond IT. “If another department spins up technology, they have to be governed the same way, too,” Howden says.
Marcelo De Santis, executive adviser, Thoughtworks
Some experts advocate for even bolder changes to the notion of IT governance.
“What we need is a completely new operating model for the organization that goes above and beyond IT,” says Marcelo De Santis, an executive adviser at Thoughtworks who works with executives on their digital transformations and innovation strategies.
All organizations must be ready to adapt quickly and constantly innovate, he explains, so the way they operate must match that need.
“It’s the new 'business as usual' for all organizations, whether they’re digital natives or traditional companies,” says De Santis. “That’s how the world works today, so companies need an operating model for change, not stability.”
Mary K. Pratt is a regular contributor to CIO.com.