Pendulums swing back and forth in lots of areas. This is especially true in corporate and technology governance. But it may stop swinging for good very soon. Let’s look at why things are so different now — and likely to stay that way forever.
The Old Definition
Let’s begin with a definition of technology governance. Wikipedia describes it as:
… a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives, for instance Sarbanes-Oxley in the USA and Basel II in Europe, as well as the acknowledgment that IT projects can easily get out of control and profoundly affect the performance of an organization. A characteristic theme of IT governance discussions is that the IT capability can no longer be a black box. The traditional involvement of board-level executives in IT issues was to defer all key decisions to the company’s IT professionals. IT governance implies a system in which all stakeholders, including the board, internal customers, and in particular departments such as finance, have the necessary input into the decision making process. This prevents IT from independently making and later being held solely responsible for poor decisions. It also prevents critical users from later finding that the system does not behave or perform as expected ….
The primary goals for information technology governance are to (1) assure that the investments in IT generate business value, and (2) mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications, infrastructure, etc. Decision rights are a key concern of IT governance. The well defined control of IT is the key to success.
The traditional way to think about governance revolved around centralization and decentralization, with decision rights distributed across the stakeholders. In the old days — way, way back in the “glasshouse” days — everything was centralized under the command of a technology czar. As time progressed, however, centralization yielded to decentralization. The czars countered with standardization. They believed that even if the lines of business had some sway, so long as the czars controlled technology standards, they were still essentially in control. The centralization/decentralization/ standardization game persisted until the Internet arrived, when control was challenged by technology “consumers” who no longer perceived themselves as “end users.”
Since the mid-1990s, the governance pendulum has swung wildly. In the mid- to late-1990s, technology was considered strategic. After the dot-com crash in 2000, the pendulum swung back to operational control. It stayed that way until 2003, when technology budgets began to increase. The pendulum then swung from operational to strategic again, and governance was shared between the enterprise CIO and the business unit CIOs (i.e., if the structure recognized business unit CIOs) or just the business unit directors. We stayed this course until the world melted down again, in 2008, and the governance pendulum swung back. This time, it swung all the way back to total budget lockdown where governance was centralized in the hands of a few or just one, the CFO.
During all this pendulum swinging, something changed. Almost as if it was clandestinely taking advantage of the budgetary distractions, technology freed itself from the control of both enterprise and business unit professionals. It escaped from all the arguments that had it swinging back and forth for all those decades. In fact, it rendered the word “control” moot.
So what exactly happened? Technology commoditized, consumerized — and left the building. It also completed the dependency that business has on the reliability, scalability, reach, and security of its digital technology. Put another, much simpler, way: business cannot exist without IT.
Commoditization has pushed prices down and performance up. Industry consolidation has fueled standardized hardware and software architectures. It’s now possible to pay less and less for more and more capacity.
Consumerization spreads control to everyone. While innovation in digital technology used to occur inside corporate firewalls, now the longest technology line is at the Apple Store in the mall. Social media came into corporations through windows left open by Gen X and, especially, Gen Y.
So what does all this mean for governance? The short story is that all of the old notions of governance will be challenged by technology commoditization, consumerization, and delivery.