How much governance is too much governance?


No, I’m not talking about government, another interesting topic these days that I don’t happen to cover on this blog, I’m talking about IT governance, loosely defined as the decisions made and accountabilities set related to the effective use of IT within an organization.

With most companies reigning in IT spending while pushing out accountability to business units, governance, whether or not it is called such by name, is back as a hot topic of many involved with IT. I’m hearing about challenges lately like:

  1. Companies who need to go through reductions in force, but don’t know which resources within IT are working on which projects.
  2. Executives who, frustrated by their IT organization’s behemoth approval process, are going around IT to outside vendors to get anything done.
  3. Companies who are continuing to waste money on IT projects that are now obsolete due to changing business strategy.
  4. Executives who fight against any kind of governance because they are afraid it will limit their ability to change direction or priorities on a dime.

Those are just a few examples that have popped up recently; I’m sure you readers could add many to this list, and please do. All these examples are issues that arise with too much or too little governance.

So I’d like to propose a simple answer: the right amount of governance is the least possible amount required to get people aligned around and aware of decisions related to IT. That does not mean that everyone has to be aligned around and aware of every decision, it means that the right people are involved and in the know for each type of decision. The easiest way to put this in practice is to define what decisions and accountabilities need to be set related to IT, decisions like overall IT spend, business application development, IT infrastructure investment, IT services offered, and then define who will make those decisions, whether it is business executives, the CIO, a council or steering committee.