IT governance is more crucial than ever during an economic recession. Particularly under financial duress, IT organizations -- and the companies they work for -- must establish cohesive IT governance processes
Craig Crawford, senior manager of advisory services at Ernst & Young LLP, points to increasing risks in and expectations of IT in recent years -- the growth of the Internet, compliance concerns, mobile computing and advanced security risks -- as reasons for the critical need for IT governance.
Add the pressure that comes with operating in an economic recession, and, "at this moment in time, IT governance is probably more important than ever," Crawford said. "Specifically at the highest level of IT, making investments going forward, [there must be] an understanding of how to make decisions, take specific technologies and [determine] how IT applies them."
As companies try to pare down their budgets, one of the easiest places in IT to look at is the project portfolio -- specifically at those areas they don't have to do now, Crawford said. "It is that governing capability where those decisions have to be made between IT and the business."
Jane Landon, CIO and deputy commissioner of finance for the city of New York, advises being prepared for changes in IT governance in an economic recession.
"In my humble opinion, this is a period of time in which you're going to see changes in governance, not because IT is thinking it wants to change governance, but because companies are thinking they want to change it," she said. "There's nothing worse than having IT governance not in line with corporate governance. Governance needs to adapt. Otherwise, you're a fish out of water swimming upstream."
Jeff Stempora, a consultant who most recently was senior vice president and CIO at 4,500-employee Erie Insurance Group, called governance a "critical component" of doing more with less in an economic recession.
"In times like these, everybody wants to make sure they're focusing on the things that have to be done versus those they want to get done," he said. "Governance is all about who makes the decisions. And the results are obvious -- you get more out of the system with governance."
Establishing an IT governance solution
Landon went right to work on establishing a governance system when she started working for the city of New York two years ago. "There was none in place -- it was whoever called the right person or screamed the loudest" got what they wanted, she said.
The city implemented governance at three separate levels, depending on the cost of project or item requests and their impact on the organization as a whole. The city also makes an effort to track those projects within the organization that take less than 24 hours to complete.
These governance committees rely heavily on metrics, Landon said. For example, they might assess the effectiveness of IT adding a function to payment operations by measuring whether customer satisfaction increased by a certain percentage.
"We have literally thousands of metrics that we're measuring today as an agency," she said. "It's a little more difficult to do the pure ROI here in government like you would do in a business. We typically don't do that unless it's a project of a large scale."
That's why it's important, in promoting IT governance, to make IT performance management compatible with how the business at large understands and measures things, Crawford said.
"We tend to want to have some type of management system in place for IT, but they often become something that only IT understands," Crawford said.
For instance, an IT department in the mortgage lending business might relate its IT capabilities back to the number of loans originated or cost per loan originated, Crawford said. "It's a way of helping the business understand, in its own terms, how IT is contributing back to what they do."
IT governance and strategy
IT governance at Erie Insurance was linked to the firm's overall annual strategic planning process, Stempora said, following a system he put into place during his tenures at State Farm Mutual Automobile Insurance Co. and Citigroup.
Executives from all areas of the business gathered to discuss plans for five years out, then worked back to the current year in determining how to move forward with those plans and link them to the final budget.
"Typically, there are more initiatives than money and time to do them, so it becomes critical to sit down with the business and say, 'Here's what I have in terms of resources and budget,'" Stempora said.
Implementing checkpoints along the way are very important, so the business can see, for example, that a project's price is creeping up to the point that its cost outweighs its returns.
"That's the part of governance that needs to become more critical in current times, because very few companies can take on endeavors costing $3 million when they're only making $2 million," Stempora said. "Once you see the process going south, there are ways to recover that using insight and governance to make the right call."
Find the IT governance model that works for you
Landon said there are probably 10 to 15 well-established governance models, and organizations should assess which work best for them before putting one into place.
A CIO or other IT executive looking to improve an IT governance system should first determine whether the organization has a corporate governance structure and, if so, read it, understand it and model the decision making process to align with it, Landon advised.
If the company doesn't have a formal corporate governance, there is probably an informal one in place. The IT governance model "needs to be in alignment with the way decisions are being made; otherwise, you're fighting upstream on all decisions," she said.
Most important, "In these economic times … ROI and how you weigh things should be really important, so the right projects bubble to the top," Landon said. "As an executive, don't be married to the model you put in place in these economic times, because I think there will be changes to corporate governance."