The following is reprinted by permission of Harvard Business School Press. Excerpt from Enterprise Architecture as Strategy. Copyright 2006 Jeanne W. Ross, Peter Weill, and David C. Robertson. All rights reserved.
Large systems-based implementations have a lousy track record of success. Many companies have implemented extensive ERP systems, expecting their core business processes to be automated into a foundation. The size, complexity, disruption, cost, and learning required all contributed to the failure of more than 50 percent of these implementations, with millions of dollars and much management goodwill going down the drain.
The alternative to the “big-bang” implementations is to build the foundation one project at a time. To do so, every business project must not only meet its short-term business goals but also help implement (or at least not undermine) the company’s architecture. Assigning each project responsibility for implementing a piece of the architecture has at least three benefits. First, it ensures that the architecture isn’t an ivory-tower abstraction of the world, but a useful model for how to do business. Second, it ensures that the foundation for execution becomes increasingly robust as the business and available technology evolve. Finally, it can cut costs dramatically by distributing the costs and risks of implementing the company’s enterprise architecture across many smaller and more-manageable projects. It is often no more expensive to implement project solutions in an architecturally sound manner, and over time the progress toward implementing the company’s desired architecture is substantial.
The IT Engagement Model
Building a foundation one project at a time requires the engagement of key stakeholders in the design, implementation, and use of new IT and business process capabilities—an IT engagement model. We define the IT engagement model as the system of governance mechanisms assuring that business and IT projects achieve both local and company-wide objectives. At top performing companies the engagement model has three main ingredients:
1. Companywide IT governance: decision rights and accountability framework to encourage desirable behavior in the use of IT
2. Project management: formalized project methodology, with clear deliverables and regular checkpoints
3. Linking mechanisms: processes and decision-making bodies that align incentives and connect the project-level activities to the overall IT governance
In large companies, the IT engagement model contains six key stakeholder groups: the overall company management, business unit management, and line or project management—each of which exists on both the IT and business sides of the company. The different perspectives, objectives, and incentives of these groups create two challenges: coordination and alignment.
At the company level, senior leaders set direction, create a climate for success, and design incentives to meet companywide goals. Business unit leaders focus on the performance of their business unit. Project leaders are typically entirely focused on the success of their projects, garnering all the company resources they can find, beg, borrow, or steal to get the job done.
The IT engagement model coordinates these three different levels: company, business unit, and project. The IT governance establishes high-level goals and incentives. Project management applies the best practices of company-specific project management tools and techniques to every major project, ensuring local project success. Linking mechanisms ensure that, as projects move forward, they reflect and inform the goals and priorities of all parties.
The second challenge of engagement is to align the company’s IT and business activities to ensure that value is generated from IT investments. In some top-performing companies, IT-business alignment is ingrained in every management process. More often, however, the IT and business managers’ conflicting priorities lead to unresolved differences. IT executives focus on providing the most powerful, risk-free IT environment possible. Business leaders focus on cutting costs and delivering rapid solutions. Constructive tension between business and IT leads to effective resolution of these discrepancies. The IT engagement model helps leaders recognize and resolve their differences in accordance with companywide business objectives.
By linking IT governance and project management, the engagement model coordinates and aligns. Without an engagement model, project leaders execute in isolation. They choose solutions that meet project goals, but the company’s overall goals for integration and standardization are ignored and the foundation for execution never emerges.
IT governance is the decision rights and accountability framework for encouraging desirable behaviors in the use of IT. IT governance reflects broader corporate governance principles while focusing on the management and use of IT to achieve corporate performance goals. IT governance shouldn’t be considered in isolation because IT is linked to other key company assets (i.e., financial, human, knowhow/intellectual property, physical, and relational assets). Thus, IT governance might share mechanisms, such as executive committees and budget processes, with other asset-governance processes, thereby aligning companywide decision-making processes.
IT governance encompasses five major decision areas related to the management and use of IT in a firm, all of which should be driven by the operating model:
1. IT principles: high-level decisions about the strategic role of IT in the business
2. Enterprise architecture: the organizing logic for business processes and IT infrastructure
3. IT infrastructure: centrally coordinated, shared IT services providing part of the foundation for execution
4. Business application needs: business requirements for purchased or internally developed IT applications that both use and build the foundation for execution
5. Prioritization and investment: decisions about how much and where to invest in IT, including project approval and justification techniques
Each of these decisions can be made by corporate, business unit, or functional managers—or some combination—with the operating model as a guide. Thus, the first step in designing IT governance is to determine who should make, and be held accountable for, each decision area.
Every company engages in IT decision making, but firms differ considerably in how thoughtfully they have defined accountability and how rigorously they formalize and communicate decision-making processes. Without formal IT governance, individual managers are left to resolve isolated issues as they arise. These individual actions can be at odds with each other and can lead to misalignment and a lack of coordination. For example, the CIO at a global transportation firm was instructed to cut the corporate IT budget. This CIO introduced a charge-back system to curtail demand for IT services. Unhappy with the new charges, managers within each of the business units hired local technical specialists to provide services. The new technical specialists did not show up in the corporate IT budget, so it looked as if the CIO had achieved his goal, but the new business unit hires increased, rather than decreased, the firm’s total IT spending. Worse, the business unit employees developed local services that compromised the integrity of the company’s architecture, reducing the quality of service for customers of more than one business unit.
In contrast, when UNICEF’s senior managers recognized that IT was playing an increasingly strategic (and expensive) role in enabling the organization’s mission of delivering services to children, the senior management team defined the role of IT in the organization, decided on project priorities and funding levels, clarified the need for shared services, and established organizationwide standardization and integration requirements. These managers held division directors accountable for implementation of global systems, and the CIO was held accountable for delivering key infrastructure services and coordinating IT use for the company.
Over the past few years, IT has fundamentally transformed the way UNICEF operates. Andre Spatz, UNICEF’s CIO, explains:
As a CIO, I invest a lot of my time in making governance work at all levels, to educate, coach, mentor and lobby. In a global organization, governance is quite a challenge. We face high pressures for synergy across UNICEF and at the same time, we have high pressures for local autonomy from the regional and country offices. CIO leadership in a global IT organization is not just command and execute. We need to continually empower people with a vision and execution strategy, and position governance elements within a global framework. Part of my role is to ensure that we do not centralize too much and that our IT organization adapts to the different cultural environments we work in.
Companies with effective IT governance have profits that are 20 percent higher than companies pursuing similar strategies. But IT governance is a mystery to many key decision makers at most companies. Our research indicates that, on average, only 38 percent of senior managers in a company know how IT is governed. And ignorance is not bliss. Senior management’s awareness of IT governance processes proved to be the best indicator of governance effectiveness. At top-performing firms, as many as 80 percent of senior executives are aware of how IT is governed.
In our study of almost three hundred companies around the world, we did not identify a single best formula for governing IT. However, one thing is clear: effective IT governance doesn’t happen by accident. Top-performing companies carefully design governance, and managers throughout those companies make daily decisions putting that design into practice.
Jeanne W. Ross is principal research scientist at the MIT Sloan Center for Information Systems Research.
Peter Weill is director of CISR and MIT Sloan senior research scientist at MIT.
David C. Robertson is professor of technology and strategy at IMD International.