A quick search of IT job sites reveals many postings with the key words “IT governance” or “governance of IT.” Clicking through the descriptions reveals a wide range of requested duties and experience, much wider than is typical for a head of application development, security or finance. Due to my exposure to a wide range of enterprises and service on several industry standards and practices committees, I’m often asked, “What makes a good IT governance leader?” This post offers a few insights from what I have seen across countries, industries, business-IT models, IT organization models and enterprise sizes.
To begin, let’s level set on what “IT governance” is about. Governance, in general, has a variety of rather wordy legal, human resource-ish and academic definitions. A more simple, outcomes-focused definition is “Getting the right information to the right people at the right time to make the right (or at least better) decisions with accountability.” The “better” is because there is a cost/benefit in gathering more decision information. Managing that balance is crucial.
Governance purely exists only with the board of directors. However, as a practical matter, it is often delegated. In this context, two requirements are generally necessary – 1) clear charter from the board or higher level governance body and 2) that the people involved are acting in the interest of the enterprise as governors -- in contrast to daily management silos. These people (governors) represent the various business line, functional and geographic units that fund (especially those who own P&L) and leverage IT to generate risk-return balanced value for the enterprise (or achieve mission in governments). This value should be very demonstrable, having impact on ability to launch products, acquire, expand and satisfy customers. It should be able to be measured by investors (whether shareholders or an acquiring firm).
Because of the requirement to act in the interest of the enterprise, balancing across silos, the preferred term is often “enterprise governance of IT.” This helps guard against the tendency to use “IT governance” to mean managing the IT shop or the CIO’s staff meeting. The enterprise governance of IT leader is therefore often principal advisor (strategic, financial, operational) and secretary (coordinator, facilitator, catalyst, peacemaker) to this governance body. Thus, key expertise includes:
• Business skills
• Business strategy (competitive, market, industry, economic)
• Business products and processes
• Financial (portfolio management, investment risk-return analysis, capital budgeting, make/buy)
• Risk-return management (across financial, project and operational areas)
• Strong knowledge of industry best practice (e.g. ISACA’s Val IT, Risk IT, COBIT or academic research such as from MIT Sloan Center for Information Systems Research)
• Technology (directions, trends, competitive advantage, cost/benefit implications)
• Broad exposure to IT operations (not necessarily that deep, but enough to interlock with needs)
• Inter-personal skills
• Independent, executive presence
• Collaborator seeking common ground
• Facilitator understanding each governor’s perspective
• Curious, questioning
• Negotiator with eye on shared objectives
• Calming influence
• Leverages by nature, doesn’t get bogged down reinventing the wheel
• Personally committed to key governance measures – informed, transparent, agile and accountable
Some of these attributes, such as negotiating, significantly increase in importance with federated organization models or the more dissimilar the business lines. Technology trend skills are more important the more dependent the enterprises’ offerings are on technology for differentiation in the market. Others shift with the intensity of competition, riskiness of business initiatives or complexity of business operations.
Finally, there are points to delete from the job description or include only as liaison points – compliance, control or audit. These are not only incidental to the focus on driving and balancing risk-return value, but also often bring in personal attributes that are “square peg in round hole” relative to other requirements. Armed with this information, you can create a more focused job description, screen, interview, hire and then – crucially – enable your governance leader for success.