An abstract by Lookman SANNI and Younes ABOUELFAID
Nowadays, many companies are interested in implementing IT governance since many high level models are being developed to support it. But from developing an IT governance model to its effectiveness inside the organization, there’s a huge ditch people don’t often realize. What’s IT governance, and what is its state of art?
Several definitions have been provided for IT governance, but the common point between them is the achievement of IT/Business link, and the absolute involvement of the board. Even if Henderson and Venkatraman had developed the Strategic Alignment Model (SAM) in 93, the “IT governance” term’s uprise period is still gloomy.
Nevertheless, Peterson, Van Grembergen, De Haes, Guldentops, Weill and Woodham proposed a sustainable IT governance framework that can be deployed using a mix of structures, processes and relational mechanisms. If structures address the way IT functions are organized, processes refer to strategic decision making and monitoring while relational mechanism’s concern is the close collaboration between business and IT. Implementing the framework would consist in finding the optimal mix of these, taking in account the organization’s specificity. Let’s see by the case of an IT governance implementation in a Belgian financial organization how the framework can be used.
KBC is a major Belgian financial services organization that was founded in 1998 after the merger of the centenaries Kredietbank, Cera Bank and ABB Insurance. In 2003 there were employing almost 50000 employees of which almost 2500 in the central IT department. The decision-making structures of KBC are organized in function of five core activity domains including “Retail and private bancassurance”, “Corporate services”, “Market activities” and “Asset management”.
KBC called for IT governance since they needed to achieve economies of scale and prioritize projects within their projects portfolio as their business units were requesting more and more projects that IT cannot immediately respond to. Obviously such adoption would bring high flexibility to the organization, effective allocation of IT resources and changes anticipation. Moreover it would give their business units responsibilities with regards to IT, since these last will therefore have to make well considered decisions and effective ROI measurement based on clear service level agreement with IT. Thus, they went for a resistant governance model for the forthcoming 4-5 years. The CIO was charged to develop the business-IT model by the executive committee. But the output IT charter which clarifies how IT and business will collaborate in future soon face resistance, as it was perceived as an imposition, proof of the mandatory business implication in such exercise. But how had the IT governance framework been implemented inside KBC? In other words what was the mix of structures, functions and relational mechanisms they used to successfully deploy their IT governance model?
Undoubtedly, the IT decision-making authority plays a key role in an effective IT governance implementation. Responsibilities and roles are mostly defined by committees composed of IT and business people. The IT department is headed by a CIO at the same direct reporting line as general directors of business lines and under an executive committee of 8 members, topped by a board of 23 directors. Additionally, the CIO was frequently invited to the executive committee’s meeting in a way that a close link between IT and business was ensured at a high level of the organization. Thus, IT is regularly addressed during board meetings even if IT governance is the prime responsibility of the board of directors. At a lower level, several other structures exist for new or continuity projects for ensuring IT/business steering, domain specific counseling, budget composition and projects prioritization. Hence, alignment is ensured at initiation, development and maintenance stages of their IT projects; but how are these committees involved into ensuring that?
A good way to go through such description would be to follow a new project’s way across the organization. After been initiated by a business architect, the project’s business value and Service Level agreement are evaluated by a Domain Consultative Body (DCB), before been integrated into the corresponding activity’s project portfolio priority list by the IT/Business Steering Committee (IBSC). Afterwards, the executive committee will have to consider all the planned projects for the year after. This process includes amendment, evaluation, approval, prioritization by information economics assessment and then funding. Once agreement on investment for a project is reached, different committees will appear at different stages of the project’s lifecycle. A Program Management Steering Group will be in charge of following its development process, before been relayed at production stage by a Management Operational Systems Committee (MOSC). The latter will be responsible for operational costs evaluation and performance management using Activity Based Costing (ABC), Information Technology Infrastructure Library (ITIL), and Balanced Scorecard (BSC) on maintenance projects, all this within strategy and budget approved by its upper committee (IBSC).
Even with structures and processes in place, a governance implementation might fail if the involved persons doesn‘t understand one another. There appears the importance of the soft side of IT governance; put differently, IT governance relational mechanisms implementation, in order to ensure a good communication, participation and share understanding of all participants at different levels. KBC used several relational mechanisms to reach this end. The main one was their IT charter which clearly defines mirror roles between business and IT people, enabling the concerned people to interact directly in a two-way communication context. Another quite relevant mechanism they used was establishing account management meetings focusing on relational aspects between high level IT and business people. Other methods such as co-location, language use, senior IT exemplarity, job rotation, training sessions on business activities, internal magazines, and intranet.
Implementing such a model across a large organization is a tricky exercise. Business and IT need to be convinced that it’s for the best interest of both and that they better share the same understanding of the business and different metrics, what only strong communication can solve. Another complexity point of the model is the huge competence management and training it implies across the organization and the need to make everyone aware of its role. In the KBC case, the Board could have play more its leading role in IT governance. The IT balanced scorecard used was just for measurement purpose and no metrics or goals were defined to clearly monitor and measure the alignment. Yet KBC was characterized by a complex organizational environment what makes the model implementation very harsh. However, in a less complicated environment, the optimal mix of structures, processes and relational mechanisms to setup will be less enigmatic. Determining all the variables that have an impact on the appropriate IT governance model is probably not feasible. It would be an extremely complex endeavor to identify all factors that influence the choice for one specific process, structure or relational mechanism.
Tags: abouelfaid, alignment, architecture, business, enterprise, IT, KBC, lookman, sanni, younes