Starting in the boardroom, if consultants were engaged to identify some of the problematic issues and behaviours in the boardroom around the treatment of projects, they might come up with a list that looks something like this:
-
the board often make decisions in isolation due to lack of context for informed debate;
-
the board treats project approval as an event – without strategic context;
-
the board relies on the capability of the CIO rather than ensuring good governance is in place;
-
the board holds the CIO accountable for the failure of business projects;
-
the board digs into detail and misses the big picture;
-
project risk monitoring can get lost in the overall risk profile of the organisation; and
-
IT is not home ground for most, so the subject can get passed by very quickly.
So what is the answer? What does the board do? The simple answers include:
-
implement better IT governance;
-
know what questions to ask; or
-
apply better project governance.
These sound good, but what do they really mean? And more importantly, will these measures address the problem?
In isolation, I suspect not: in the first place the board has to understand what it is governing! The answer lies in:
-
implementing better IT governance in the boardroom;
-
knowing what questions to ask; and
-
implementing better project governance.
Before we look at the scope of IT governance, let’s go back to first principles, derived from the ASX principles of Corporate Governance. The key phrases to note are:
-
‘provide accountability and control systems commensurate with the risks involved’; and
-
‘accountabilities, processes and auditable and measurable control’.
This raises questions about what we look at in the boardroom: Gantt charts or decision frameworks and accountabilities?
What is the Board’s role?
The Board is ultimately accountable for the company’s purpose and the means of delivering it ... and the Board is accountable for the Governance of the organisation:
‘Good corporate governance structures encourage companies to create value and provide accountability and control systems commensurate with the risks involved’.
‘Governance is a set of accountabilities, processes, and auditable and measurable controls that ensure a company is on track to achieve its objectives’.
ASX Principles of Corporate Governance [2]
Broadbent and Weill developed a further definition which clarifies IT governance specifically. The key words here being ‘IT governance is different from IT management’. Think about who makes the project decisions in your organisation and who is accountable for implementing them.
IT Governance
IT governance is about who is entitled to make major decisions, who has input and who is accountable for implementing those decisions.
AND
IT governance is different from IT management.
(Broadbent and Weill, 2003; Weill and Ross 2004.)
Broadbent and Weill also recommend that we start in the Boardroom by treating IT as we would treat any other corporate asset and apply the same rigor. For IT this would mean the Board decides strategic direction, ensures accountability, makes policy and monitors and supervises. The board appoints the CEO and the CEO and the board appoints the senior executive team and they are accountable for the management of the company’s key assets, including IT.
I think this is where the answer lies for boards in coming to grips with IT – it is not about project detail and Gantt charts – it about decision making, accountabilities and processes (see Fig 1).
