level executives and business groups (e.g., business units or processes); may also include IT

monarchy

A group of business executives or individual executives (CxOs). Includes committees of senior business executives (may include CIO). Excludes IT executives acting independently.

IT.monarchy Individuals or groups of IT executives

Feudal Business unit leaders, key process owners or their delegates

Federal

C-level executives and business groups (e.g., business units or processes); may also include IT executives as additional participants.

Duopoly IT executives and at least one other group (e.g., CxO or business unit or process leaders)

used as input for the three more business related IT decisions (IT principles, business applications, and IT investments). Enterprises mainly rely on IT monarchies when choosing an IT architecture or making IT infrastructure strategy decisions, both seen as more technical.

This “typical” pattern follows generally accepted corporate governance guidelines—that is, encouraging broad-based inputs and at the same time firmly controlling decision rights to a small group of leaders—and reflects the stage of evolution of IT management in many firms. Weill and Ross also analysed the governance performance of these companies and they concluded that the federal style is the most effective for input to all five key IT deci-

Figure 26. How enterprises make IT decisions (Adapted from Weill & Ross, 2004)

Decision Style

IT.Principles IT.Architecture IT.

Infrastructure. Strategies Business. Application. Needs IT.Investment

Input Decision Input Decision Input Decision Input Decision Input Decision Business Monarchy 0 27 0 6 0 7 1 12 1 30 IT Monarchy 1 18 20 73 10 59 0 8 0 9 Feudal 0 3 0 0 1 2 1 18 0 3 Federal 83 14 46 4 59 6 81 30 93 27 Duopoly 15 36 34 15 30 23 17 27 6 30 Anarchy 0 0 0 1 0 1 0 3 0 1 No Data or don’t know 1 2 0 1 0 2 0 2 0 0

Most common input pattern for all enterprises. Most common decision patterns for all enterprises

The numbers in each cell are percentages of the 256 enterprises studied in 23 countries. The columns add to 100 percent.

sions. Indeed, the federal model for input provides a broad-based vehicle for

capturing the tradeoffs between the desires of the senior corporate managers and the managers in the business units. For making decisions, on the other

hand, the federal model in general is experienced as less effective, mainly because of too much people involved, slowing down the decision-making process and creating too many compromises, which may block the real needs of the business. Top governance performers often used duopolies for both IT principles and investments, enabling joint decision making between the business leaders and IT professionals. Figure 27 portrays the three most suc- cessful combinations of archetypes (in terms of governance performance) used in IT decisions, balancing multiple performance objectives such as cost, growth and flexibility.

Further breakdown and refinement of governance is done taking into account the enterprise’s strategy and its performance goals. For example, firms with higher growth in market capitalization typically had very decentralized IT

Figure 27. Archetypes of the top three governance performers (Adapted from Weill & Woodham, 2002)

IT. principles IT. architecture IT. infrastructure. strategies Business. application. needs IT. investment Business. monarchy    .... IT. monarchy  ... ... .... Feudal Federal ... Duopoly ......   Anarchy

 = TOP three governance performers (achieving four performance objectives, weighted

governance structures with a combination of a federal style for investment, feudal style for architecture and anarchy for IT principles, which encourages entrepreneurship with little regard to standardization. Top performers measured by return on asset improvements combined infrastructure and architecture decisions made by a centralized business monarchy with the pattern of a typical firm for the other decision domains, encouraging sharing, reuse, and asset utilization. Leading performers measured by profit margin or revenue per employee also prefer business monarchy over IT monarchy for decisions on IT principles. Another interesting finding of the study is the fact that “feu- dal structures” are used by top performing firms for infrastructure decisions, thereby maximising local responsiveness (Weill & Woodham, 2002).

IT Strategy Committee and IT Steering Committee

IT governance should be an integral part of corporate governance, and in this way a primary concern of the board of directors. Boards may carry out their governance duties through committees and they can consider the criticality of IT through an IT strategy committee. This IT strategy commit- tee—composed of board and non-board members—should assist the board in governing and overseeing the enterprise’s IT-related matters. This committee should ensure that IT is a regular item on the board’s agenda, where it must be addressed in a structured way. The IT strategy committee should work in close relationship with the other board committees and with management in order to provide input to, and to review and amend the aligned enterprise and IT strategies (ITGI, 2003). The implementation of the IT strategy must be the responsibility of executive management assisted by one or more IT steering committees. Typically, such a steering committee has the respon- sibility for overseeing major projects and managing IT priorities, IT costs, and IT resource allocation. While the IT strategy committee operates at the board level, the IT steering committee is situated at executive level, which implies that they have different responsibility, authority and membership (Figure 28) (ITGI, 2003).

Similar, Nolan and McFarlan (2005) describe an IT governance committee as a board-level IT committee that is on par with the company’s audit, compensa- tion, and governance committees. Establishing a board-level IT committee is not, however a best practice for all companies. The way to involve the board in IT decisions is dependent upon a variety of contingencies. For example companies that require dependable systems and emerging technologies to

Figure 28. Comparison of typical IT strategy committee and IT steering committee responsibilities (ITGI, 2003)

IT.Strategy.Committee IT.Steering.Committee

Level Board level Executive level

Responsibility

• Provides insight and advice to the board on topics such as:

• The relevance of developments in IT from a business perspective • The alignment of IT with the

business direction

• The achievement of strategic IT objectives

• The availability of suitable IT resources, skills and infrastructure to meet the strategic objectives • Optimisation of IT costs, including

the role and value delivery of external IT sourcing • Risk, return and competitive

aspects of IT investments • Progress on major IT projects • The contribution of IT to the

business (i.e., delivering the promised business value) • Exposure to IT risks, including

compliance risks • Containment of IT risks • Provides direction to management

relative to IT strategy

• Is driver and catalyst for the board’s IT governance practices

• Decides the overall level of IT spending and how costs will be allocated

• Aligns and approves the enterprise IT architecture

• Approves project plans and budgets, setting priorities and milestones

• Acquires and assigns appropriate resources

• Ensures projects continuously meet business requirements, including re-evaluation of the business case • Monitors project plans for delivery

of expected value and desired outcomes, on time and within budget

• Monitors resource and priority conflict between enterprise divisions and the IT function, and between projects

• Makes recommendations and requests for changes to strategic plans (priorities, funding, technology approaches, resources, etc.)

• Communicates strategic goals to project teams

• Is a major contributor to management’s IT governance responsibilities

Authority

• Advises the board and management on IT strategy

• Is delegated by the board to provide input to the strategy and prepare its approval

• Focuses on current and future strategic IT issues

• Assists the executive in the delivery of the IT strategy • Oversees day-to-day management

of IT service delivery and IT projects

• Focuses on implementation

Membership

• Board members and (specialist) non- board members

• Sponsoring executive • Business executive (key users) • CIO

• Key advisors as required (IT, audit, legal, finance)

hold their competitive position, have large IT expenditures and board level IT governance is critical for them (Nolan & McFarlan, 2005).

Luftman and Brier (1999) identified critical success factors for sustaining an IT steering committee (Figure 29). These critical success factors are important for both the strategic and more tactical and operational IT steering commit- tees. Important for example is that the steering committee is responsible and accountable for its decisions made and that it has the authority to have decisions carried out.

In practice, the names used for these kinds of committees will be different in every organisation. The Canadian utility company NB Power, for example,

Figure 29. Critical success factors for sustaining IT steering committees (Adapted from Luftman & Brier, 1999)

Bureaucracy Focus on reduction/elimination to expedite opportunities to leverage IT

Career.building Opportunities for participants to learn and expand responsibilities

Communication

Primary vehicle for IT and business discussions and sharing knowledge across parts of the organisation

Complex.decisions Do not get involved in ‘mundane’ areas Influence /

empowerment Authority to have decisions carried out

Low.hanging.fruit Immediate changes carried out when appropriate Marketing Vehicle for ‘selling’ the value of IT to the business Objective.

measurements

Formal assessment and review of IT’s business contributions

Ownership Responsible/accountable for the decision made Priorities Primary vehicle for selecting what is done, when,

and how much of resources to allocate Relationships Partnership of business and IT

Right.participants Cooperative, committed, respected team members with knowledge of the business and IT

Share.risks Equal accountability, recognition, responsibility, rewards and uncertainty

defined an IT governance executive committee and an IT governance steering committee, as described in Figure 30. The IT governance executive commit- tee includes vice-presidents and general managers from each business unit of the corporation and focuses on approving the IT plan, funding, policies, and so forth, whereas the IT governance management committee is made up of senior managers to represent all business units and corporate services and focuses on prioritisation within the IT plan (Callahan & Keyes, 2003).