Share on:

Governance of Enterprise IT Missing In Action

By Troy DuMoulin, COBIT, ITIL Expert, ISO 27000, Lean IT, Prince2

COBIT Focus | 23 March 2015 French | German | Polish | Portuguese | Spanish

For a team to win games and claim championships, it needs to be more than a group of individual star players with unique sets of specialty skills. Winning teams operate under a common vision, mission and share a playbook established by strong leaders who understand how the various members of the team are best organized to achieve team goals. Following this analogy, business and IT leaders across an enterprise should share a common vision, portfolio priorities and agree on how they collectively best leverage technology resources and data to achieve business objectives. To achieve this goal, it is safe to assume that the organization would need to have an effective governance structure and framework to bring the diverse internal and external players into an alignment and shared purpose. To carry the sports analogy a bit further, what is needed is an informed and skilled senior coaching staff who understand that their primary responsibility is to take a team of very diverse players and optimize their performance as a collective whole versus focusing on one or two star players.

While using sports analogies helps, the real challenge facing the IT industry is to define what is actually meant by the concept of “governance.” COBIT 5 helps with this challenge by defining the difference between the activities of governance vs. management. Using a bit of artistic license, COBIT’s 5 core principles are summarized in this article. (The things that the enterprise IT team need to collectively believe in order to share a common vision around the question, “What is IT governance?”).

COBIT 5 defines the governance of enterprise IT (GEIT), which is guided by 5 key principles, combined here into the following summary statement. GEIT offers a holistic approach to stakeholder value creation where end-to-end enterprise functions adopt a single integrated governance framework defining the key competencies and enablers of value creation which clearly delineates the differences between governance and management activities.

Based on the analogy of winning teams, this aspirational statement only seems logical. However, for most organizations, the reality of this statement is as much a fairy tale as the stories read to children before bedtime.

The great majority of IT organizations today operate within a politically entrenched, silo-based model where GEIT is a myth and enterprise strategies are nonexistent. At best, an enterprise IT function may have an operations strategy and a development strategy. However, for many organizations, each major silo will have its own IT strategy based on its own departmental objectives (e.g., infrastructure, business unit or shadow IT priorities) with little to no integration or shared collaboration. Even the concept of one integrated governance framework being adopted across all internal and external IT stakeholders would be scorned as impractical, naive and impossible within the current leadership and organizational structure.

To make issues more challenging the terms “information technology” or “information services” can often be misleading because in stakeholders’ minds they relate these terms to one department in the organizational chart, such as a shared infrastructure or an operations group. However, in reality, these terms refer to all groups that manage technical assets and data that include multiple organizational functions, spanning both internal and external suppliers, across the end-to-end enterprise. Through this scope of “enterprise,” there is often simply no agreement or vision to govern these often-dependent assets under one agreed-upon approach.

The problem with this current state of affairs is that while this governance model can be argued to promote creativity, flexibility and innovation, it also suffers from fragmentation, redundancy, waste, and issues of flow and velocity. Simply put, the price of silo-based governance is unnecessary complexity, low throughput, increased risk, exposure to liability, and issues with quality and higher costs. The reality is that the current approach to silo/task specialization-based governance comes with the price tag of lack of scalability.

Perhaps, in this context, when one states that enterprise IT governance is missing in action (MIA), one can point to the results mentioned previously as the cause and effect of an organization that suffers from the lack of enterprise governance. That being the case, it is also important to understand how IT governance would positively impact an organization’s ability to achieve strategic objectives.

Consider the analogy of a symphony orchestra; the sponsor of the orchestra is enabled with the right budget and mandate to go out and hire the most talented and skilled musicians from wherever they may be found. Some may be full-time employees, while others may be external suppliers who have been contracted due to a special skill they bring to the group (figure 1).

Figure 1—Conducting a Symphony Orchestra

Source: ©

Once assembled, the various musicians and orchestra sections will be told that the goal is to play George Frideric Handel’s Messiah. Each person there has been hired specifically based on their skill and perhaps past experience in playing that exact piece of music in another orchestra. The conductor then turns to each section independently and says, “You know how this works. Start playing." One can imagine what would result in this example. Rather than beautiful music, the best talent assembled for the money simply make noise and produce cacophony rather than harmony. The obvious element missing in this scenario is a single sheet of music or a common score (one integrated governance framework) used by the conductor to manage a series of sequential and parallel musical activities, which include elements of timing, volume and cadence.

However, if the orchestra is presented with a single, end-to-end integrated musical score (governance framework), the assembled artists would know their individual parts and can practice, improve and understand immediately if an error has occurred in producing the flow of music to successfully complete the desired outcome.

The challenge faced today is that many senior IT leaders consider the current fragmented approach to IT value stream governance and management to be normal and even positive. Very few have questioned the cause and effect of silo-based governance and have yet to acknowledge the cause and effect of the status quo.

Federated Empire Vs. Warring City-states

Another model that can be used to understand the practicality of federated enterprise governance is the historical governance model of the Roman Empire. Long before despotic emperors led Rome to its eventual collapse, the empire had established itself as a republic governed by a senate (figure 2). The Roman Empire was made up of several very different geographic territories called provinces, each of which was represented by a regional governor. Each governor represented the interest of their specific province when decisions on policy were made that would impact the direction and practice of the entire empire. The emperor was the proconsul or chair of all provinces.

Figure 2—Roman Senators

Source: ©

In this federated governance model, the unique nature, culture and practices of the various regions were acknowledged, celebrated and promoted based on the understanding that regions contributed in a positive way to the benefit of the whole. However, it is also true that the senate defined policy, practice and law, which spanned the empire and held it together as a cohesive whole. Roman citizens enjoyed the benefit of a common legal system; transportation standards, as evidenced by the famous Roman roads; and the reality of a prosperous economic model that survived for hundreds of years. This empire/enterprise governance model brought peace to the majority of the known world (Pax Romana) and made Rome a superpower for hundreds of years.

Without this federated governance model, each of the provinces would have been self-contained city-states, each warring against the other for dominance, resources and priority, eventually falling prey to a larger organization's military conquest—merger or acquisition goals. That is exactly what happened to the Roman Empire as it slowly transitioned away from its original governance model to one driven by the strength of personality and personal ambition of its later emperors.

The state of today's silo-based IT organizations is similar to the warring city-state analogy where each city-state looks to its own best interests and priorities. While there is often a central, shared IT services function, the use of this organization's services is seen as optional. Frequently the chief information officer’s (CIO's) practical influence does not extend into many areas of the enterprise where IT assets are managed and third-party suppliers are engaged directly through traditional IT or cloud-based services.

Rarely will one see evidence of a senate-like federated governance approach that orchestrates and coordinates the various business units’ use of IT assets and information. In fact, most organizations can be seen today to be further investing in divergence rather than coordination through direct acquisition of IT assets, talents and the growth of what is popularly called shadow IT groups. The very existence of these shadow IT functions, which operate outside the oversight of an enterprise governance model, demonstrates the true state of IT governance for most organizations.

GEIT Missing in Action (MIA)

Today, enterprisewide governance as described by COBIT 5 is largely missing in action (MIA). The result is conflicting priorities and fragmentation of purpose. That is not to say that GEIT is impractical or unnecessary. History, as well as the analogies used in this article, shows that there is a strong case for the need for an orchestrated approach to governing all information technology assets under a federated enterprise governance approach leveraging a single integrated framework.

Until this industry realizes this fact and begins to move away from the silo-based, city-state model of today's governance reality, enterprises will not be able to scale to meet business objectives or successfully integrate multiple suppliers, and the business will find alternative ways to achieve its objectives.

For decades, IT organizations have swung back and forth through periods of centralization and decentralization. The answer to governance needs is actually somewhere in the middle, based on a federated approach, which establishes central policy and Roman roads for certain IT services and processes, but also values and promotes regional or business unit variation where this makes sense and benefits the goals of the enterprise.

Bring on GEIT. It is critical to the future success of this industry.

Troy DuMoulin, COBIT, ITIL Expert, ISO 27000, Lean IT, Prince2

Is vice president, Research, Innovation & Product Development with Pink Elephant. DuMoulin is a leading ITIL and IT governance authority with a solid and rich background in executive IT management consulting. He holds the ITIL Service Manager and Expert certifications and has extensive experience in leading IT service management (ITSM) programs with a regional and global scope. He is a frequent speaker at IT management events and is a contributing author to multiple ITSM and Lean IT books, papers and official ITIL publications including ITIL’s Planning To Implement IT Service Management and Continual Service Improvement. DuMoulin has also worked with ISACA on COBIT 4 development and alignment with ITIL.

© 2015 Troy DuMoulin