Ist 635 week 5 diss

profileSweety_007
ContentServer7.pdf

A Matrixed Approach toD*-f& aI %' o- IrNnI~ a. L 3 U~ .... s I I T overnance

Throughout an organization,

individuals make decisions

daily that influence the need

for and the value received

from information technology.

A simple one-page framework

can help companies allocate

IT decision rights and

accountabilities so that

individual IT decisions align

with strategic objectives.

Peter Weill and Jeanne Ross

very enterprise engages in IT decision making, but each differs considerably C in how thoughtfully it defines accountability and how rigorously it formal-

izes and communicates decision-making processes. Without formal IT gov- ernance, individual managers are left to resolve isolated issues as they arise,

and those individual actions can often be at odds with each other. Our study of almost 300 enterprises around the world suggests that IT governance is a mystery to key deci- sion makers at most companies. On average, just one in three senior managers knows how IT is governed at his company. (See "About the Research," p. 28.) In this case, igno- rance is definitely not bliss. When senior managers take the time to design, implement, and communicate IT governance processes, companies get more value from IT.

While the research did not identify a single best formula for governing IT, one thing is abundantly clear: Effective IT governance doesn't happen by accident. Top-per- forming enterprises carefully design governance. In those companies, managers at all levels throughout the enterprise apply that design as they make daily decisions about the use of IT. Further, 60% to 80% of senior executives in those companies have a clear understanding of and can describe their IT governance. In fact, senior management awareness of IT governance is the single best indicator of its effectiveness.

The effectiveness of an enterprise's or business unit's IT governance can be assessed by evaluating how well it enables IT to deliver on four objectives: cost-effectiveness, asset utilization, business growth and business flexibility. Our research, which weighed each factor according to its relative importance to each company, showed that gover- nance performance varies significantly across enterprises in an approximately bell- shaped distribution. (See 'Assessing IT Governance Performance' p. 29.) According to this measure, high IT governance performance correlated with the achievement of other desired measures of success. For example, companies that effectively govern information technology garner profits that are 20% higher than those of other com- panies pursuing similar strategies.' They also achieve higher returns on equity and growth in market capitalization.

Although it cannot be conduded that superior governance performance causes superior financial performance, it can definitely be said that the two measures corre- late quite well. It is certainly plausible that the two are linked. Effective governance aligns IT investments with overall business priorities, determines who makes the IT decisions and assigns accountability for the outcomes. IT is inextricable from other

Peter Wefll is director of the Center for Information Systems Research and a senior research scientist at the MIT Sloan School of Management. Jeanne Ross is principal research scientist at the Center for Information Systems Research, MIT Sloan School of Management. Contact them at pweill@mitedu and jross@mitedu.

26 MIT SLOAN MANAGEMENT REVIEW WINTER 2005

key enterprise assets (financial resources, human resources, intel-

lectual property, physical structure and organizational relation-

ships), and its governance overlaps with other enterprisewide

governance processes. There is surely a good deal to learn from

examining how successful enterprises govern their IT.

How Key IT Governance Decisions Are Made IT governance encompasses five major decision domains. IT

principles comprise the high-level decisions about the strategic

role of IT in the business. IT architecture includes an integrated

set of technical choices to guide the organization in satisfying

business needs. IT infrastructure consists of the centrally coordi-

nated, shared IT services that provide the foundation for the

enterprise's IT capability and were typically created before precise

usage needs were known. Business application needs are the busi-

ness requirements for purchased or internally developed IT

applications. Last, prioritization and investment decisions deter-

mine how much and where to invest in IT. Each of these decision areas can be addressed at the corporate,

business unit or functional level or some combination of the

three. And senior management can hold business unit or IT man-

agers accountable for the related outcomes. Thus, the first step in

designing IT governance is to determine who should make and

be held accountable for each decision area. (See "Key Issues for

Each IT Decision Area," p. 30.) There are six archetypal approaches to IT decision making,

ranging from highly centralized to highly decentralized. Most

companies employ a variety of them, using different approaches

for different decisions. In a business monarchy - the most cen-

tralized approach - a senior business executive or a group of

senior executives, sometimes including the CIO, makes all the IT-

related decisions for the enterprise. In an IT monarchy, those

decisions are made by an individual IT executive or a group of IT

executives. In a federal system, C-level executives and business

representatives of all the operating groups collaborate with the IT

department. This is equivalent to the central government and the

states working together. In an IT duopoly, a two-party decision-

making approach involves IT executives and a group of business

leaders representing the operating units. In afeudal system, busi-

ness unit or process leaders make separate decisions on the basis

of the unit or process needs. And, finally, the most decentralized

system is anarchy, in which each individual user or small group

pursues his, her or their own IT agenda. A matrix that juxtaposes the five decision areas against the six

archetypal approaches creates on a single page a valuable tool for

specifying, analyzing and communicating where IT decisions are

made. Take United Parcel Service of America Inc. as an example.

(See "IT Governance on One Page," p. 31.) UPS's governance

arrangements reflect the company's commitment to offering

total, integrated solutions for customers' global commerce needs.

WINTER 2005 MIT SLOAN MANAGEMENT REVIEW 27r lustration: 6' Se CutlerlSI

Senior management accountability for principles and investment decisions ensures that IT issues are incorporated into the com- pany's strategic decision-making processes. The CIO, who is a member of the senior management team, translates principles and investment decisions into IT architecture and infrastructure (such as standards, policies and processes). Business unit proj- ects, delivered in the context of business and IT principles, define business application needs in a way that both enhances business unit performance and supports corporate objectives. 2

UPS's IT governance creates strategic control at the top of the

company while empowering decision making at multiple organi- zational levels. Senior management works to make IT governance transparent so that everyone understands and follows prescribed processes for proposing, implementing and using IT. This limits the role of organizational politics in IT-related decisions and shows in the company's bottom-line performance.

Governance Mechanisms Once the types of decisions and the archetypes for making those decisions are mapped out, a company must design and imple- ment a coordinated set of governance mechanisms that managers

will work with on a daily basis. Enterprises generally design three

kinds of governance mechanisms: (1) decision-making struc- tures, (2) alignment processes and (3) formal communications.

Decision-making structures. The most visible IT governance mechanisms are the organizational committees and roles that locate decision-making responsibilities according to intended archetypes. Different archetypes rely on different decision-mak- ing structures. Anarchies (which are rarely used - or at least rarely admitted to!) require no decision-making structures at all. Feudal arrangements rely on local decision-making structures. But monarchy, federal or duopoly arrangements demand deci- sion-making structures with the representation and authority to produce enterprisewide synergies.

Alignment processes. Alignment processes are management techniques for securing widespread and effective involvement in governance decisions and their implementation. For example, the IT investment proposal process delineates steps for defining, reviewing and prioritizing IT projects, in determining which projects will be funded. Architecture exception processes provide a formal assessment of the costs and value of project implemen- tations that veer from company standards. Service-level agree- ments and chargebacks help IT units clarify costs for IT services and instigate discussion of the kinds of services the business requires. Finally, formal tracking of business value from IT forces firms to determine the payback on completed projects, which can help firms focus their attention on generating intended benefits.

Formal communications. A huge barrier to effective IT gover- nance is lack of understanding about how decisions are made, what processes are being implemented and what the desired out- comes are. Management can communicate governance processes in a variety of ways: general announcements, the institution of formal committees, regular communication from the office of the CIO or the office of IT governance, one-on-one sessions, intranets and so on. Our research indicates that more communi- cation generally means more effective governance.

Well-designed, well-understood and transparent mechanisms promote desirable IT behaviors and individual accountability. For example, UPS has designed four coordinated governance mechanisms to implement the company's intended governance arrangements: (l) an IT steering committee, comprising four top executives who accept primary responsibility for principles and investment decisions, (2) an IT governance committee of senior IT executives responsible for key architecture decisions, (3) a for- mal "charter" process that winnows down the entire enterprise's IT project proposals to those best aligned with strategic objec- tives and (4) an escalation process to handle exceptions to archi- tecture standards at the appropriate organizational level. These four mechanisms clarify processes and accountabilities so that

28 MIT SLOAN MANAGEMENT REVIEW WINTER 2005

This article is based on two studies led by the authors. The first was a survey of ClOs at 256 enterprises in the Ameri- cas, Europe and the AsialPacific region on how large enter- prises across a wide range of industries - both for profit and not - govern IT. The survey was developed by MIT Sloan's Center for Information Systems Research in 2001 and distributed throughout 2002, both electronically and

on paper, by Gartner Inc. to members of its EXP group and by CISR to participants in executive programs. Gartner

additionally contributed to the research by conducting 10 case studies on IT governance. The second study comprised

a set of 40 interview-based case studies at large companies

such as Johnson & Johnson, Carlson Companies, UPS, Delta Air Lines and ING DIRECT, which examined IT governance in the context of organizational changes such as enterprise resource planning implementations, e-business initiatives, enterprise architecture development and IT-enabled orga- nizational transformations. These cases were developed by CISR researchers and affiliates between 1995 and 2004. To understand how top-performing enterprises governed IT, MIT CISR researchers analyzed the data using both statisti- cal and qualitative analysis. This article draws on and

extends the material in P. Weill and J. Ross, IT Governance: How Top Performers Manage IT Decision Rights for Supe- rior Results (Boston: Harvard Business School Press, 2004).

individuals throughout the company can make decisions that

result in desirable behavior as defined at UPS.

How Top Performers Govern There is no single best model of IT governance. Given different

strategies and organizational forms, different enterprises will

attempt to encourage different behaviors. Governance arrange-

ments thus can vary from more centralized approaches (most

notably monarchies) to more decentralized approaches (most

notably feudal designs), with federal and some duopoly designs

straddling the two. Similarly, some governance mechanisms sup-

port more centralized approaches (such as executive committees

and centralized capital approval process). Others support more

hybrid approaches (such as business/IT relationship managers

and service-level agreements).' Decentralized governance

designs involve very few mechanisms.

Ultimately, however, effective IT governance should be evi-

dent in business-performance metrics. We investigated the IT

governance patterns of leaders relative to the following financial

performance measures: 4 profit as measured by return on equity

(ROE), return on investment (ROI) and percent profit margin;

asset utilization as measured by return on assets (ROA); and

growth as measured by percent change in revenue per year. It is

clear that top-performing companies govern significantly differ-

ently from other companies. Even among top performers, gov-

erning styles differ according to which performance metric they

emphasize. (See "Governance Lessons From Leaders," p. 32.)

-e ; I

The worksheet below allows you to assess how well your com-

pany's IT governance facilitates its goals. The average score in

our sample was 69 out of 100. The top third scored above 74.

How does your company compare?

QUESTION: . How important ' are the following

outcomes of your IT governance?

t1 (not irr 5 (very ir

a. Cost-effective use of IT

b. Effective use of IT for growth

c. Effective use of IT for asset utilization

d. Effective use of ITfor business flexibility

Importance = Total

0 , QUESTION: 'How successfully |does your IT Igovernance rinfluence these IoUtcomes?

mportant) S (very successful)

,: , x d= ,'- _ x

:E . ; : ,D

- X; f: _T t

0 CALCULATEGOVERNANCE Total PERFORMANCE : ImportanceTotal

'Theformula'snumeratorreprasentsa totalscorethat increasesfwhen either orbothot the following are true, (1) the objective is rnportant,and (2) the objective Is achieved. To make sure the overal performrrr-e scoring is weighted toward the actualsahevemeet of ob)ectves, we divide by the 'totsl importance score. The mtltiplier or 20 is appfied skiply to adjust the ratsg scale so that the highest achievable perlormancescore is 100.

Centralized Approaches and Profitability The most profitable com- panies tend to be centralized in their approach to IT governance.

Their strategies emphasize efficient operations. Accordingly, it is

desirable for IT governance to encourage a high degree of stan-

dardization in the pursuit of low business costs. Key mechanisms

include executive committees for decision making, centralized

processes for architecture compliance and exceptions, enter-

prisewide IT investment decision processes, and formal post-

implementation assessments of IT-related projects. The United

Nations Children's Fund (UNICEF) is an example.

Although UNICEF is not for profit, its emphasis on cost-effec-

tiveness and rapid organizational learning led it to adopt a cen-

tralized IT governance model. UNICEF operates in remote and

sometimes dangerous locations, including sites affected by armed

conflict, natural disasters and other tragedies. For years, IT at

UNICEF supported administrative tasks at headquarters but was

nearly nonexistent in the field offices, where the needs of children

were directly addressed. In the mid-1990s, senior management

recognized that the lack of IT in field offices was handcuffing

operations, so the organization, led by CIO Andre Spatz, equipped

remote locations with IT services. Spatz worked with other C-level

managers to establish priorities and make important trade-offs

among features like cost, reliability, speed and accessibility. The

result was improved global knowledge, information flow, trans-

parency and communication. Field offices now can serve their

constituents based on transaction-level and value-added informa-

tion that they could not access only a few years ago.

Decentralized Approaches and Growth The fastest-growing compa- nies are focused on innovation and time to market. They insist on

local accountability. They measure success through growth in

revenues, which are often generated from products introduced in

the last two or three years. These companies seek to maximize

responsiveness to local customer needs and minimize constraints

on creativity and business unit autonomy by establishing few, if

any, enterprisewide technology and business-process standards.

Accordingly, they require few governance mechanisms, often

relying only on an investment process that identifies high-prior-

ity strategic projects and manages risk.

Atlanta-based Manheim Auctions, the U.S. market leader in

business-to-business car auctions, recognized during the early

years of e-commerce that the Internet would offer opportunities to

grow its business.5 In the late 1990s, Manheim introduced online

WINTER 2005 MIT SLOAN MANAGEMENT REVIEW 29

I.~

auction capabilities and experimented with related revenue-generat- ing electronic capabilities. One service, the Manheim Market Report, generated significant value by providing online information on the company's auctions to car dealers and other industry participants.

To launch its fast-growth online business, the company cre- ated an independent business unit, Manheim Online, a sub- sidiary of Manheim Interactive. Hal Logan, then the CEO of Manheim Interactive, worked with the senior management team to define principles and strategic business requirements. Like most high-growth startups, the company did not tightly govern architecture or infrastructure, focusing instead on managing projects for rapid development. A development team was made responsible for all aspects of each new Manheim Online service rollout: product management, deploying of the Web servers, development of the service and quality assurance of the service.

Manheim's decentralized approach to IT governance allowed the company to innovate and grow its business base. As the devel- opment teams' focus on speed of delivery became unsustainable in the context of the larger company, Manheim eventually iden- tified a need for more centralized architecture and reusable infra-

structure services. Its online business today is integrated into the overall Manheim Auctions business model, relying on a set of shared IT services. Accordingly, IT governance has transitioned to a blend of centralized and decentralized arrangements.

Hybrid Approaches and Asset Utilization Companies seeking opti- mal asset utilization attempt to balance the contrasts between gov- ernance for profitability and governance for revenue growth and innovation. They focus on using shared services to achieve either responsiveness to customers or economies of scale - or both. Their IT principles emphasize sharing and reuse of processes, sys- tems, technologies and data. Asset utilization demands a hybrid approach to governance, mixing elements of centralized and decentralized governance. Leaders who excel at asset utilization typically rely on duopolies and federal governance design. They introduce governance mechanisms to address the tensions between enterprisewide and local control. Those mechanisms include high-

level business-IT relationship managers, service-level agreements

and IT chargeback, IT leadership teams comprising business unit

IT representatives, and enterprisewide business process teams with

�,eee"

IT governance encompasses five major decision areas. In thinking about who should make and be accountable for these decisions, a number of the questions should be addressed.

IT Principles a Hoow do the business prindples translate to IT principles that guide IT decision making? X What is the role of IT in the business? a What are desirable IT behaviors? 'a How will IT be funded?

IT Architecture Ea What are the core business processes of the enterprise? How are they related? ii What information drives these core processes? How must this data be integrated? EV What technical capabilities should be standardized enterprisewide to support IT efficiencies and facili-

tate process standardization and integration? ' What activities must be standardized enterprisewide to support data integration? Ei What technology choices will guide the enterprise's approach to IT initiatives?

IT Infrastructure ml What infrastructure services are most critical to achieving the enterprise's strategic objectives? Strategies uWhat infrastructure services should be implemented enterprisewide and what are the service-level

requirements of those services? in How should infrastructure services be priced? wR What is the plan for keeping underlying technologies up-to-date? n What infrastructure services should be outsourced?

Business Application a What are the market and business process opportunities for new busiaess applications? Needs w How are strategic experiments designed to assess success?

xi How can business needs be addressed within architectural standards? When does a business need jus- tify an exception to a standard?

* Who will own the outcomes of each project and institute organizational changes to ensure the value?

IT Investment and a What process changes or enhancements are strategically most important to the enterprise? Prioritization w What is the distribution in the current IT portfolio? Is this portfolio consistent with the enterprise's

strategic objectives? n What is the relative importance of enterprisewide versus business unit investments? Do actual invest-

ment practices reflect their relative importance? mi How is the business value of IT projects determined following their implementation?

30 MIT SLOAN MANAGEMENT REVIEW WINTER 2005

IT members. The hybrid approach is common, but it clearly * demands a great deal of management attention. f

ING DIRECT, the international direct banking unit of

Dutch financial services conglomerate ING Groep N.V.,

takes a hybrid approach to IT governance.6 ING DIRECT is

organized into nine country-based businesses. Each coun-

try unit operates autonomously, but the units share a com-

mon business model. The bank leverages standardized

business solutions as well as standardized technical and

infrastructure components, offering a product set featuring

savings accounts, term deposits, personal loans/mortgages,

retirement savings plans and a few select mutual funds.

ING DIRECT's IT governance uses duopoly arrange-

ments for all its IT decisions. The key mechanism is the

Information Technology and Operations Council (made up

of the CIOs and COOs of the country-based businesses and

the head office CIO/COO). The Council makes enter-

prisewide principles, architecture, infrastructure and invest-

ment decisions. Its semiannual meetings offer a forum for

coordinating ING's IT plan with the businesses' mid-term

plans. The outcome of this meeting serves as input for the

ING DIRECT Council (executive team meeting), where the

international business strategy is discussed and defined. In

doing so, ING DIRECT allows IT capabilities to influence

business strategy just as strategy influences IT.

To facilitate development and reuse of business process mod-

ules, ING DIRECT looks to its local businesses for innovations. If

a country unit wants to introduce a new product, country man-

agers develop a product proposal detailing financial and business

implications and risks. A product committee at the company's

head office approves every new product, based on a thorough and

detailed review process involving all business units. The outcome

of this selection process is a global standard rather than an iso-

lated local solution. In addition, ING DIRECT's chief architect

helps define application specifications so that the new applica-

tion modules work effectively with existing modules and fit with

the existing business, application and technical architecture. This

arrangement supports ING DIRECT's desirable behaviors of

building modules for reuse, standardizing applications and

achieving a universally compatible architecture.

Minneapolis-based Carlson Companies Inc. takes a different

approach to hybrid IT governance. 7 Carlson is a $20 billion, pri-

vately owned conglomerate in the marketing, hospitality and travel

business. It has grown through acquisition, with operating groups

in relationship marketing services, loyalty programs (Gold Points

Reward Network), hotels (Radisson Hotels and Resorts, Regent

International Hotels), restaurants (T.G.I. Friday's Inc.), cruises and

travel services.

Traditionally, each Carlson operating group functioned inde-

pendently and competed with other operating groups. But in 2000,

1-

A matrix that juxtaposes the five IT decision domains against five of

the six archetypal approaches creates, on a single page, a valuable

tool for specifying, analyzing and communicating where IT deci-

sions are made. UPS's governance is clear and relatively centralized: A subset of the senior management team takes responsibility for

defining IT principles and IT investment; the CIO's team is held

accountable for IT architecture and IT infrastructure; and business

unit leaders and enterprisewide process managers are responsible

for defining business application needs.

GOVERNANCE ,ARCHETYPE

Business. Monarchy

IT Monarchy

DECISION DOMAIN .IT Business IT IT Infrastructure Application

Principles Architecture Strategies Needs

.,.....,x. ... , IT

Investment

: 57

x x

Federal

IT Duopoly

Feudal

chairman and CEO Marilyn Carlson sought to change that com-

petitive relationship to a collaborative one. CIO Steve Brown, who

reports directly to the CEO, was given responsibility for defining the

role of IT for the integrated enterprise. Toward that end, Brown articulated two key principles. First,

application development could continue to take place within

operating groups, but applications would be presented to users

through a shared portal, and, where necessary, data would be

shared across business units. Second, Carlson would have a

shared IT infrastructure. To translate these principles into IT architecture, infrastructure,

business applications and IT investment decisions, Carlson assigned

governance responsibilities to five decision-making structures: the

Carlson Technology Architecture Committees (CTAC), which

reside in each operating group and take responsibility for meeting

the unique needs of each individual business; the Enterprise Archi-

tect Organization (EAO), a team of business unit IT representatives

that sets corporatewide standards guiding the development efforts

of all the operating units; the IT Council, made up of the CTOs and

CIOs of each operating group, which meets monthly to talk about

new technologies and ways technology can be leveraged across Carl-

son; the Carlson Shared Services Board, the business unit ClOs and

CFOs, who meet to identify opportunities to provide shared IT and

financial services to the company; and an Investment Committee, a

subset of the Executive Committee, which renders final judgment

on all large Carlson Companies investment projects.

WINTER 2005 MIT SLOAN MANAGEMENT REVIEW 31

Af :

With some responsibility for IT decisions being more central-

ized (investment, for example) and some less centralized (such as

business application needs), Carlson's governance arrangements

attempt to maximize opportunities to leverage shared services

while minimizing constraints on the unique needs of related but

distinct operating requirements across diverse business units.

(See "IT Governance at Carlson Companies.")

Large, global companies often require the benefits of a hybrid

IT governance model to achieve both the synergies emphasized in

more centralized models and the autonomy allowed by more

decentralized models. In addition to Carlson and ING DIRECT,

companies like DuPont, J.P. Morgan Chase and Johnson & John-

son achieve these benefits by implementing IT governance at

three levels: the enterprise, the region or group of businesses and

the business unit. J.P. Morgan Chase, for example, encourages

autonomy in order to generate innovation and recognize the very

different requirements of businesses that range from credit cards

to investment banking. But the company has instituted some

enterprisewide IT principles in order to encourage the use of

standardized technologies where they can provide economies of

scale. At the division level, J.P. Morgan Chase businesses have

introduced governance mechanisms that facilitate sharing of cus- tomer data so that business units can, when appropriate, present a single face to the customer. At the individual business unit level, each business can design the IT governance arrangements that best address its own needs for synergy and autonomy.

Companies attempting to realize cost savings by capitalizing on business unit synergies often look to shared services to remove duplication or reduce IT unit costs. DuPont, for example, has an enterprise IT architecture group with representatives from all regions, all strategic business units and all competency centers. This group proposes architecture rules to a team consisting of the corporate CIO and the CIOs of the largest business units. That team makes sure the rules make sense for the businesses and takes responsibility for enforcing architectural standards. Enterprise- level governance mechanisms like DuPont's establish parameters for IT governance design at lower organizational levels.

Recommendations to Guide Effective IT Governance Design Effective IT governance demands that senior managers define enterprise performance objectives and actively design governance to facilitate behavior that is consistent with those objectives. Often

I-.

Top-performing companies govern significantly differently from other companies. Even among top performers, governing styles dif- fer according to which performance metric they emphasize.

PROFIT PERFORMANCE ASSET UTILIZATION GROWTH

Profitability via enterprisewide integration and focus on core competencies

Efficient operation by encour- aging sharing and reuse

Encourage business unit innova- tion with few mandated processes

Key Metrics RQI°RQE and business process ROA and unit IT cost Revenue growth co5ts

Key IT Governance E Enterprisewide management E Business/IT relationship u Budget approval and risk Mechanisms mechanisms (e.g., executive manager management

committee) 1 Process teams with IT members pi Local accountability * Architecture process s SLA and chargeback as Portals or other information/ -a Capital approval * IT leadership decision-making services sources a Tracking of business value of IT body

Layers of centrally mandated Shared services centrally coordi- Local customized capability with IT Infrastructure shared services nated few required shared services

Low business costs through stan- Low IT unit costs; reuse of stan- Local innovation with communities Key IT Principles dardized business processes dard models or services of practice; optional shared services

More centralized

E.g,, Monarchies and Federal

Blended More decentralized

E.g,, Federal and Duopoly E.g., Feudal arrangements; risk management emphasis

* Based on analysis of companies with statistically significantly higher three-year industry-adjusted performance: profit (ROIIROEI, asset utilization (ROA), growth (revenue growth).

32 MIT SLOAN MANAGEMENT REVIEW WINTER 2005

Strategic Driver

Governance

- -' I I

Carlson Companies allocates IT decision making to encourage

business unit autonomy while ensuring strategic use of corpo-

rate IT funds. Five decision-making mechanisms implement this objective. The IT investment committee, a subset of the senior executive committee, makes IT investment decisions. The CIO is

responsible for establishing IT principles, and the CIO's central- ized enterprise architecture organization makes architecture decisions. Carlson uses a duopoly - members of the board of its

shared services organization, as well as the ClOs and CTOs of the business units - to make infrastructure decisions. Application needs are feudal, allowing each business unit to meet unique business needs. In addition to these decision-making mecha-

nisms, Carlson benefits from three alignment mechanisms to

allocate accountability for daily decisions. First, an architecture exception process relies on the CTAC (Carlson Technology Archi- tecture Committee) in each business unit to either make excep- tion decisions or forward them to the Enterprise Architecture Organization. Second, a services catalog, compiled by the shared services unit, provides a listing of infrastructure services and their prices to help the Carlson Shared Services Board con- sider changes to infrastructure services. Finally, Carlson's fund- ing process requires the business unit and the CIO's office to carefully develop authorization proposals for funding of IT proj- ects as input to the IT funding process.

DECISION DoMAIN

IT Principles

Input Decision Chairman " 0 and CEO t0- I 0

IT Architecture

Input Decision

: IT Infrastructure Strategies

Input Decision

,~~~~~~~~~~~-------- ,_. ,,, \ ........ , I..* I f:.....::; -.,,.,......,, ,,. ,,, ...)

0,,,,.ESS,,, ,-_.,__,_,,._7D, -,, 5,-

-CIO eCIO *EAO EAO

-Architecturee, exception

Services *IT Council catalog CSS Board

* CrAC

p a st t e rn si nam l patterns in all companies

companies have mature business governance processes to use as a

starting point in designing IT governance.' For example, the Ten-

nessee ValleyAuthority piggybacked its IT governance on its more

mature business governance mechanisms, such as its capital

investment process. The TVA's IT governance included a project

review committee, benchmarking and selective chargeback - all

familiar mechanisms from the engineering side of the business.9

Companies can use the one-page framework of IT governance

to help design structures and processes that enhance their strategic

use of IT. In order to use the framework effectively, management

teams must first establish the context for IT governance. That

means clarifying how the company will operate, how the com-

pany's structure will support its operations and what governance

arrangements will elicit the desirable behaviors that structure can-

not ensure. Governance arrangements generally transcend organi-

zational structure and can be more stable than structure.

IT governance design should encompass four steps:

Identify the company's needs for synergy and autonomy. Senior managers are often enamored of the potential to derive

business value from synergistic efforts like cross-selling, standard

Business Application Needs

Input : Decision

IT Investment

Input Decision r *:. Irnestme

.... ilk ,, _ I... 9;. .- - ---- mm 6 TTT-e

*IT Council *CSS Board .CIO

-Al * Business cOs business - Some bussness leaders leadcrs

CTAC

technology platforms or enterprisewide business processes. Man-

agement teams should consider realistically both the benefits and

costs of such synergies. Synergy-autonomy trade-offs force senior managers to make tough decisions and communicate those deci-

sions throughout the enterprise. Clarifying those decisions estab-

lishes the parameters for the design of IT governance and

accompanying managerial incentives.

Establish the role of organization structure. Companies have long relied on organization structure to create the context for

achieving organizational objectives. For some time, this resulted

in pendulum-like swings between centralized and decentralized

organizational forms. Companies eventually pursued both cen-

tralization and decentralization simultaneously by introducing

more matrixed reporting relationships. However, the complexity

of matrices can overwhelm managers and limit effectiveness. By

establishing organizational priorities for autonomy and synergy,

companies can introduce organizational designs and incentive

systems that reinforce their priorities. Governance processes -

and related incentives - can then compensate for the limitations

and instability of the organizational structure. These governance

WINTER 2005 MIT SLOAN MANAGEMENT REVIEW 33

GOVERNANCE ARCHETYPE

Business - Monarchy

IT Monarchy

Federal -

IT Duopoly

Feudal

processes can be easier to design if their objectives are clear and less disruptive to implement.

Identify the desirable IT-related behaviors that fall outside the scope of organizational structures. Management teams that understand what behaviors organizational structures will enforce can identify the additional behaviors they must promote in order to achieve their objectives. Then, rather than restructuring each time priorities shift, new governance mechanisms can force new behaviors without requiring reorganization. Governance mecha- nisms can provide organizational stability by demanding disci- plined processes. And governance itself appears to become more stable as companies learn good governance practices.10 Together,

organizational structure and IT governance design can allow companies to achieve seemingly conflicting objectives.

For example, even if organizational structures emphasize the

autonomy of individual business units, a company can establish IT architecture principles that limit business unit technical choices - and achieve enterprisewide cost objectives. Similarly, IT investment decision processes can direct business unit priorities toward enter- prise priorities by approving only projects that support enterprise strategies, even if organizational structures place responsibility for accomplishing project outcomes on business unit managers. Dual incentives are necessary in most companies to motivate senior-level managers to focus on both enterprisewide and business unit goals.

Thoughtfully design IT governance on one page. When the objectives of IT governance are clear, companies can design IT governance by outlining governance arrangements and then

specifying the mechanisms that will implement the intended arrangements. Companies that have not been effective in using IT strategically should expect to invest in organizational learning. Early in the learning cycle, those decision-making mechanisms may involve large numbers of managers.

For example, in the mid-1990s, the senior executive team at Dow Corning Corp. sought to transform IT from back-office function to strategic enabler.11 The executive committee met reg- ularly for several years to redefine the role of IT, articulate the role of the CIO, establish architectural principles, outline key projects

-particularly the implementation of an enterprise system - and closely manage IT investment priorities. Once the full execu- tive committee had entrenched IT as a key function, installed a

capable CIO, and gained competence in articulating how IT should enable business strategy, ongoing IT governance responsi- bilities were assumed by a subset of executive committee mem-

bers. The ability to reduce the size of the steering committee, indicated that Dow Corning had created sustainable senior man- agement participation in high-level IT management. Making the CIO a member of both the business monarchy and the IT monar- chy provided a natural linkage between business and IT strategy.

EFFECTIVE IT GOVERNANCE certainly doesn't happen accidentally. But companies that have followed the steps enumerated above have had demonstrable success designing, communicating and

refining IT that creates real business value in their enterprises.

ACKNOWLEDGMENTS

Both authors contributed equally to this article and would like to thank all the managers who participated in the research as well as Marianne Broadbent, Mark McDonald and their colleagues at Gartner Inc. We also would like to acknowledge the MIT Sloan CISR Patrons and Sponsors for supporting this research.

REFERENCES

1. R Weill and J. Ross, "IT Governance: How Top Performers Manage IT Decision Rights for Superior Results" (Boston: Harvard Business School Press, 2004).

2. See J.W. Ross, "United Parcel Service: Delivering Packages and e-Commerce Solutions," working paper 318, MIT Sloan School of Management, Center for Information Systems Research, Cambridge, Massachusetts, 2001.

3. For a discussion of hybrid governance arrangements, see C.V. Brown and S.L. Magill, "Reconceptualizing the Context-Design Issue for the Information Systems Function," Organization Science 9, no. 2 (March-April 1998): 176-194.

4. The analysis was adjusted for industry differences so that compa- nies were compared to competitors.

5. For more information see www.manheim.com and R. Woodham and R Weill, "Manheim Interactive: Selling Cars Online," working paper 4160-01, MIT Sloan School of Management, Center for Infor- mation Systems Research, Cambridge, Massachusetts, August 2001.

6. For a more complete description of governance and architecture at ING DIRECT, see D. Robertson, "ING DIRECT: The IT Challenge (A)" and "ING DIRECT: The IT Challenge (B)," IMD-3-1344 and IMD-3- 1345, [MD International, Lausanne, Switzerland 2003.

7. For a more complete description of IT governance at Carlson Com- panies, see R Weill and J. Ross, "Mechanisms for Implementing IT Governance," chap. 4 in "IT Governance: How Top Performers Man- age IT Decision Rights for Superior Results" (Boston: Harvard Busi- ness School Press, 2004).

8. See V. Sambamurthy and R.W. Zmud, "Arrangements for Informa- tion Technology Governance: A Theory of Multiple Contingencies," MIS Quarterly 23 (June 1999): 261-288. The authors find that corporate governance is one of three important contingencies influencing IT gov- ernance arrangements in organizations. The other two contingencies are absorptive capacity and economies of scope.

9. References to TVA excerpted with permission from Gartner. See M. Broadbent and R Weill, "Effective IT Governance: By Design," Gartner EXP Premier Report, Gartner Inc., January 2003.

10. In our research, we found that companies with effective gover- nance changed some aspect of governance about once per year, whereas companies with less effective governance changed gover- nance as many as three times per year.

11. J.W. Ross, "Case Study - Dow Corning Corporation: Business Processes and Information Technology," Journal of Information Tech- nology 14, no. 3 (1999): 253-266.

Reprint 46208. For ordering itnformation, see page 1. Copyright © Massachusetts Institute of Technology, 2005. All rights reserved.

34 MIT SLOAN MANAGEMENT REVIEW WINTER 2005

COPYRIGHT INFORMATION

TITLE: A Matrixed Approach to Designing IT Governance SOURCE: MIT Sloan Manage Rev 46 no2 Wint 2005

WN: 0534907228008

The magazine publisher is the copyright holder of this article and it is reproduced with permission. Further reproduction of this article in violation of the copyright is prohibited. To contact the publisher: http://mitsloan.mit.edu/smr/

Copyright 1982-2005 The H.W. Wilson Company. All rights reserved.