Pendulums swing back and forth in lots of areas. This is especially true in corporate and technology governance. But it may stop swinging for good very soon. Let’s look at why things are so different now — and likely to stay that way forever.
THE OLD DEFINITION
Let’s begin with a definition of technology governance. Wikipedia describes it as:
… a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives, for instance Sarbanes-Oxley in the USA and Basel II in Europe, as well as the acknowledgment that IT projects can easily get out of control and profoundly affect the performance of an organization. A characteristic theme of IT governance discussions is that the IT capability can no longer be a black box. The traditional involvement of board-level executives in IT issues was to defer all key decisions to the company’s IT professionals. IT governance implies a system in which all stakeholders, including the board, internal customers, and in particular departments such as finance, have the necessary input into the decision making process. This prevents IT from independently making and later being held solely responsible for poor decisions. It also prevents critical users from later finding that the system does not behave or perform as expected ….
The primary goals for information technology governance are to (1) assure that the investments in IT generate business value, and (2) mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications, infrastructure, etc. Decision rights are a key concern of IT governance. The well defined control of IT is the key to success.1
The traditional way to think about governance revolved around centralization and decentralization, with decision rights distributed across the stakeholders. In the old days — way, way back in the “glasshouse” days — everything was centralized under the command of a technology czar. As time progressed, however, centralization yielded to decentralization. The czars countered with standardization. They believed that even if the lines of business had some sway, so long as the czars controlled technology standards, they were still essentially in control. The centralization/decentralization/ standardization game persisted until the Internet arrived, when control was challenged by technology “consumers” who no longer perceived themselves as “end users.”
Since the mid-1990s, the governance pendulum has swung wildly. In the mid- to late-1990s, technology was considered strategic. After the dot-com crash in 2000, the pendulum swung back to operational control. It stayed that way until 2003, when technology budgets began to increase. The pendulum then swung from operational to strategic again, and governance was shared between the enterprise CIO and the business unit CIOs (i.e., if the structure recognized business unit CIOs) or just the business unit directors. We stayed this course until the world melted down again, in 2008, and the governance pendulum swung back. This time, it swung all the way back to total budget lockdown where governance was centralized in the hands of a few or just one, the CFO.
During all this pendulum swinging, something changed. Almost as if it was clandestinely taking advantage of the budgetary distractions, technology freed itself from the control of both enterprise and business unit professionals. It escaped from all the arguments that had it swinging back and forth for all those decades. In fact, it rendered the word “control” moot.
So what exactly happened? Technology commoditized, consumerized — and left the building. It also completed the dependency that business has on the reliability, scalability, reach, and security of its digital technology. Put another, much simpler, way: business cannot exist without IT.
Commoditization has pushed prices down and performance up. Industry consolidation has fueled standardized hardware and software architectures. It’s now possible to pay less and less for more and more capacity.
Consumerization spreads control to everyone. While innovation in digital technology used to occur inside corporate firewalls, now the longest technology line is at the Apple Store in the mall. Social media came into corporations through windows left open by Gen X and, especially, Gen Y.
So what does all this mean for governance? The short story is that all of the old notions of governance will be challenged by technology commoditization, consumerization, and delivery.

Pendulums swing back and forth in lots of areas. This is especially true in corporate and technology governance. But it may stop swinging for good very soon. Let’s look at why things are so different now — and likely to stay that way forever.

The Old Definition

Let’s begin with a definition of technology governance. Wikipedia describes it as:

… a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives, for instance Sarbanes-Oxley in the USA and Basel II in Europe, as well as the acknowledgment that IT projects can easily get out of control and profoundly affect the performance of an organization. A characteristic theme of IT governance discussions is that the IT capability can no longer be a black box. The traditional involvement of board-level executives in IT issues was to defer all key decisions to the company’s IT professionals. IT governance implies a system in which all stakeholders, including the board, internal customers, and in particular departments such as finance, have the necessary input into the decision making process. This prevents IT from independently making and later being held solely responsible for poor decisions. It also prevents critical users from later finding that the system does not behave or perform as expected ….

The primary goals for information technology governance are to (1) assure that the investments in IT generate business value, and (2) mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications, infrastructure, etc. Decision rights are a key concern of IT governance. The well defined control of IT is the key to success.

The traditional way to think about governance revolved around centralization and decentralization, with decision rights distributed across the stakeholders. In the old days — way, way back in the “glasshouse” days — everything was centralized under the command of a technology czar. As time progressed, however, centralization yielded to decentralization. The czars countered with standardization. They believed that even if the lines of business had some sway, so long as the czars controlled technology standards, they were still essentially in control. The centralization/decentralization/ standardization game persisted until the Internet arrived, when control was challenged by technology “consumers” who no longer perceived themselves as “end users.”

Since the mid-1990s, the governance pendulum has swung wildly. In the mid- to late-1990s, technology was considered strategic. After the dot-com crash in 2000, the pendulum swung back to operational control. It stayed that way until 2003, when technology budgets began to increase. The pendulum then swung from operational to strategic again, and governance was shared between the enterprise CIO and the business unit CIOs (i.e., if the structure recognized business unit CIOs) or just the business unit directors. We stayed this course until the world melted down again, in 2008, and the governance pendulum swung back. This time, it swung all the way back to total budget lockdown where governance was centralized in the hands of a few or just one, the CFO.

During all this pendulum swinging, something changed. Almost as if it was clandestinely taking advantage of the budgetary distractions, technology freed itself from the control of both enterprise and business unit professionals. It escaped from all the arguments that had it swinging back and forth for all those decades. In fact, it rendered the word “control” moot.

So what exactly happened? Technology commoditized, consumerized — and left the building. It also completed the dependency that business has on the reliability, scalability, reach, and security of its digital technology. Put another, much simpler, way: business cannot exist without IT.

Commoditization has pushed prices down and performance up. Industry consolidation has fueled standardized hardware and software architectures. It’s now possible to pay less and less for more and more capacity.

Consumerization spreads control to everyone. While innovation in digital technology used to occur inside corporate firewalls, now the longest technology line is at the Apple Store in the mall. Social media came into corporations through windows left open by Gen X and, especially, Gen Y.

So what does all this mean for governance? The short story is that all of the old notions of governance will be challenged by technology commoditization, consumerization, and delivery.

avatar

Stephen Andriole

Dr. Stephen J. Andriole is a Fellow with Cutter's Business Technology Strategies practice. Dr. Andriole's career has focused on the development, application and management of information technology and analytical methodology to complex business problems.

Discussion

  4 Responses to “Business Technology Governance: Why the Pendulum Finally Stops Swinging”

  1. [...] por Carlos Francavilla en 17 Noviembre 2009 Gracias a Eduardo Duarte descubrí esta opinión de Stephen Andriole acerca de lo que ocurrió con el vaivén del gobierno de IT en las [...]

  2. [...] Business Technology Governance: Why the Pendulum Finally Stops Swinging by Stephen Andriole on The Cutter Blog | Debate Online [...]

  3. avatar

    It seems like much of what you are speaking to here are IT-centric or infrastructure investments in Information Technology. Investments that are more business aligned seem to have gotten far more difficult to make. With shared services, SOA initiatives, and ever-increasing pressure to deliver more business value with less, there seems to be more tension than ever IT’s desire to be more responsive and the business’s lack of time to be truly involved IT enabled business improvement.

    It feels like within our major IT portfolio of investments, we need to be clear that when speaking about the different types of investments, each will require different demands on the business and IT with respect to delivering the purported business value. For example, data center consolidation has very different business management demands than implementing click-to-chat for all online servicing customers and products. One requires almost no business management attention; the other requires almost constant business management collaboration at a very high level across the organization to succeed.

    Would you agree?

  4. [...] governance. Wikipedia describes it as: … a subset discipline of Corporate Governance … Read More RECOMMENDED BOOKS REVIEWS AND OPINIONS Information Technology Governance & [...]

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>