What has the SDLC got to do with IT Governance?

It has long been the tradition of board-level executives to defer all key IT decisions to the company’s IT professionals. The truth is that many board-level executives don’t understand IT well enough to manage IT effectively; and IT professionals don’t understand business initiatives well enough to decide how to invest in them. Deferring key decisions to the IT staff often leads to disconnects between the board’s strategic goals and real business initiatives and the investments IT makes. It leads to frustration at all levels.

IT governance is a business-driven function which focuses on the investment and prioritization of IT systems, their performance, risk management and enhancing a company’s competitiveness. It’s about ensuring IT investments harmonize with the enterprise’s strategic priorities. It’s about IT demonstrating to senior leadership they are receiving acceptable value in return for making IT investments.

In June of 2005, I attended a summer session on IT Governance and Leadership at the MIT Sloan School of Management Center for Information Systems Research (CISR) in Cambridge Massachusetts. The course was facilitated by Peter Weill and Jeanne W. Ross. Peter is the director of CISR and Jeanne is a Principal Research Scientist. Together they authored the book IT Governance published in 2000 by Harvard Business School Press. The book is about How Top Performers Manage IT Decision Rights for Superior Results. It is written for “concerned officers of the enterprise (CEO, CFO, COO, and other senior managers) looking for practical guidelines to improve their returns from IT investments.”

According to Weill and Ross:

Top-performing enterprises succeed where others fail by implementing effective IT governance to support their strategies. For example, firms with above-average IT governance following a specific strategy (for example, customer intimacy) had more than 20 percent higher profits than firms with poor governance following the same strategy.

All companies have some sort of IT governance. Effective IT governance includes well defined and documented processes for work uptake, decision making, budgeting and estimating resources, approvals, IT value realization, project reporting and change management. Many IT governance committees are comprised of the senior most leaders from all strategic areas of the business, not just IT leaders. With a finite enterprise budget, there is competition for capital project dollars. There must be a governance process in place to assure that the right projects are getting the right amount of investment at the right time to improve bottom line profitability and shareholder value.

Weill and Ross assert that effective IT governance answers three questions:

1. What decisions must be made?
2. Who should make these decisions?
3. How will we make and monitor these decisions?

To further explain the first question, they say, “Every enterprise must address five interrelated IT decisions: IT principles, IT architecture, IT infrastructure, business application needs, and IT investment and prioritization.”

The SDLC figures prominently in executing the answers to all of the interrelated decisions above with the lone exception of IT principles. IT principles are subordinate to corporate principles established at the enterprise level. They support or enable strategic company business goals, guide the development and implementation of the SDLC and steer the decision making process in the other four areas. We’ll explore the linkage between IT Governance and the SDLC further in my next post.