Skip to Content
Author's profile photo Doug Shuptar

IT Governance – Structure and Processes

IT Governance – Structure and Processes

In a recent post, I outlined the purpose of governance from an IT point of view.  Simply stated, IT governance is defined as ‘establishing chains of responsibility, authority, and communication to empower people.’  The key concepts of this definition are found in the mnemonic “RACE’:

·         Responsibility – being held accountable for a specific duty, task, or decision

·         Authority – the power to influence behavior

·         Communication – exchanging information

·        Empowering – giving official authority to act

Using this definition, what does IT governance look like?  What are the components of IT governance?  I will seek to provide a perspective on these items in this post.

There is a structure and a process component to IT governance.  The structure component can be described as that which pertains to an organization’s information technology activities are the way those activities support the goals of the business.  The structure component answers the ‘who?’ and ‘what?’ question of governance.  Who is governing and what are they governing.  The process component relates to the decision-making rights associated with IT as well as the mechanisms and policies used to measure and control the way IT decisions are made and carried out within the organization.  The process components answer the question of ‘how?’ an organization is governed.

Let’s take a look at the structural component first.  Multiple levels of governance are required in any organization.  Each level has a distinct purpose and specific decisions that must be made.  One might picture a house with different levels in thinking about this concept.  At the top, there is a Strategic level of governance.  Typically comprised of the senior executives, this level of governance primarily focuses on the alignment between business strategy and technology strategy.  This group casts the vision as to where the business is going and how technology will help it get there.

The next level of governance is the Executive level of governance.  This group of people are responsible for prioritizing initiatives, allocation resources (both human and financial), and ensuring the attainment of the business benefits / business value from the various initiatives.  In many organizations, this group is comprised of various organizational (division, line of business, etc.) leaders along with the CIO.  This group puts ‘meat on the bones’ of the vision cast by the C-level executives.  The decisions coming from this group provide the details as to how technology enables the business objectives.

The third layer of governance consists of two different parts.  There is program governance and business process governance.  Program governance is simply the group of people put in place to oversee a specific program (or project).  This group deals with escalated program issues, organizational change management issues arising from a program (or project), and value realization activities associated with a specific program (or project).  The group is typically an ad hoc group that is created for a specific program (or project).  When the program is finished and closed out, the governing group disbands.  In most organizations, this group is called the Program (or Project) Steering Committee. 

The second part of this governance layer is business process governance.  This group is beginning to be more common as companies begin to transition to an end-to-end business process focus from a functional focus.  Business process governance is responsible for how global processes are executed and makes decisions for changes to these global business processes.

Finally, the fourth level of IT governance is the Operations layer.  This layer consists of what is usually called the Change Control Board, the Change Advisory Board, or the Change Advisory Council.  The operations governing body is much more IT-focused and concentrates on managing incidents, change requests, and the entire process of managing change in the application landscape.

Organizational structures are different for every enterprise.  The structure and levels of governance are no different.  In some companies, the Executive and Strategic governance layers are combined.  In some companies, the Strategic layer does not formally exist.  The Business Process layer many not exist because there is no group responsible for everything that happens in one end-to-end process.  Regardless of the structure, there is one key point necessary for effective governance.  The decision-making boundaries MUST be clearly defined at each level.  Lack of clarity around what each group is responsible for will lead to decision that don’t get made because one group thinks another group will be addressing it or decision that supposedly are made will get rehashed by another group that believes the decision rests with them.  In either case, it is not difficult to see that a lack of clearly defined decision-making boundaries leads to ineffective governance and will add time (and cost) to any project / program.

Having addressed the structural component of governance, the process component describes the ‘how?’  There are three basic aspects of the governing process.  Two aspects are quite common and one is oftentimes forgotten.

As one reads through the descriptions for each level above, it is relatively obvious that much of the governance activity focuses on prioritization.  There are always going to be competing initiatives and competition among resources.  It is the governance process that sifts through these conflicts.  The resulting decisions are communicated to the impacted groups and the resulting activities become clear.  Once the priorities are established, the demand for resources is managed such that the priorities can be achieved.  As this information is communicated, the resources are empowered to work on the priorities.  This is the process of governance in its most basic form.

The one process of governance that is often lacking is the measurement and communication of performance results.  “How did we do?” is a question that does not always get asked (or answered, for that matter).  Yet, it is a key part of governance.  Without performance measurement, how should adjustments to the priorities be carried out?  Without performance measurement, how can the organization know if progress is being or the objectives are being met?  This feedback loop is very important and why effective governance must include the measurement of performance.

In wrapping up this post on governance, the key elements of IT governance are:

  • Multiple level of governance are required in any organization
  • Clear decision-making boundaries must be in place to ensure effective governance
  • Governance processes include prioritization and demand management but also must include the measurement of performance.

Reflecting back to the organizations I have worked with over the past years, I would summarize the critical success factors for IT governance as follows:

  • Active senior management involvement is key
  • Top executives should set IT priorities
  • IT goals and budgets must align with strategic business objectives
  • Clarity of governance roles and decision-making
  • Focus on the business value of a project and understand what drives the generation of business value
  • Communicate priorities and progress clearly
  • Continually engage the business customer
  • Regularly monitor program (or project) progress and communicate the results

Does your organization (or customer) need to improve your IT governance?  We can help.  Doug Shuptar is a Principal in SAP’s Industry Business Consulting Group.  He can be reached at with questions and comments.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.