Good IT Governance Is Becoming A Continuous Improvement Process

This is the conclusion of a recent research project on the future of IT governance. I am writing this summary of facts and findings hoping to get your feedback.

Here is what we did in the project: We started from the recently released COBIT 5 framework to set a baseline for what good IT governance is. We then assessed 15 case studies and selected nine that displayed characteristics of good IT governance. We also interviewed 25 technology management experts, asking them "whether and how IT governance will need to change when organizations adopt smart technologies such as a mobile, social, analytics business process management (BPM), and cloud."

What is the conclusion? The more your organization invests in smart technologies for business innovation, differentiation, and productivity improvements, the more you will need good IT governance for managing these investments. And because developing good IT governance is a learning experience filled with trial and error, the earlier you start applying good IT governance as a continuous improvement process, the faster you will benefit from it and your investments.

But what does this mean in practical terms? We identified five directions for change. They nicely fit with the COBIT principles:

1)      Make technology development an integral part of business strategy.

2)      Focus on cross-functional business alignment.

3)      Engage employees at all levels of the organization.

4)      Maintain an integrated IT governance framework and single ownership.

5)      Develop separate responsibilities for IT governance and IT management.

These directions look obvious, but their organizational implications are not. For example, organizations cultivating good IT governance will eliminate slow and inefficient IT planning rituals. Moreover, we anticipate that responsibility for technology development will shift to business architects and business process owners, who in many cases live outside the IT department. Last but not least, good IT governance ensures that employees are engaged in technology decisions, in particular when these decisions impact individual productivity.

I would appreciate your thoughts. Thank you very much in advance!


Alex - This is indeed a

Alex - This is indeed a futuristic exercise & an example of research well done! The big question that remains unanswered is direction # 1 of your research i.e. making IT strategy a component of Business strategy.
Irrespective of industry, there is always a huge disconnect in the business functions of the underlying technology that supports them & that can be attributed to plethora of reasons.
Quick question, does Cobit 5 provide a framework as to "How IT Strategy can be integrated with Business Strategy? "

Does Cobit 5 provide a framework as to "How IT Strategy can be i

Hi Safaraz,
Thank you very much for your comment and question.
COBIT 5 is a generic standard. We found COBIT 5 to be a very useful reference for our research on the future of IT governance. But of course having a copy of it on the shelf doesn't replace good IT governance in practice.
The researched case studies show clearly that IT governance works well in organizations where
1) senior execs actively drive the IT governance development and link it to business strategy
2) scope the IT governance on cross-functional processes, not on tech platforms
3) manadate a senior exec to develop and facilitate the governace process
4) maintain a culture of performance that touches all levels of the organization
According to 2 BPM-oriented surveys we performed last year, there are indeed few organizations that meet these criteria
Thank you again for the excellent comments,

Communications gap

Alexander – wonderful research. As you point out the findings may seem obvious but truly implementing them is a real challenge for many organizations. At Symantec I have the opportunity to talk to technology leaders in large enterprises, and have heard frequently how difficult it is to do some of the things you mention, such as create cross -functional business alignment, and engage employees at all levels. These technology leaders seem to struggle trying to translate technical data around security/ threats / risk / into concepts that can be easily consumed by their business peers. This gap in communications prevents them from getting the alignment they need to move forward on key projects, it also undermines their ability to contribute to strategic decision making. I think if we can somehow bridge this gap and make IT issues business issues, there is a real opportunity to create the type of cross functional business alignement and employee engagement that can drive innovation, differentiation, and productivity improvements.

Communications gap

Thank you very much Melanie.
I fully agree with your comment. The size of the business-IT communications gap is critical for the maturity of the IT governance process. We found also that implementations of IT governance broadly differin maturity depending on:
1) What business stakeholders expect from IT
2) IT's ability to engage business stakeholders in making tech-related decisions
3) The mix of systems of record and engagement in the IT portfolio

Good IT Governance

Hi Alex,

Interesting blog. I agree with all your points, especially the role of an integrated governance model and the involvement of people. I also believe their is great value in integrating complimentary and overlapping governance models together ( eg, itil, prince2, cobit, security etc) and use these frameworks to add value. I believe that good IT Governance is more like a relay rather than a sprint, and as such, how these frameworks coexist adds great value. The 'missing' framework is that of people, for if we Adopt, Adapt, but not embed good governance, it will not last. The missing framework, people, will assist with this activity. We use SFIA to close this gap, and it works very well.


the people framework

Hi Simon, Thanks for pointing at SFIA! The people framework - the deliberate approach to building skills and establishing a culture of performance - is indeed one of four fundamentals of "good" IT governance and management. We identified "culture of performance" as one of four most critical capabilities, and used examples from two companies that use Lean Six Sigma as such a framework.
I am constantly looking for case studies and lessons learned from companies that are applying people fremworks in the context of mobility/social deployments. It would be fantastic if you could point us at such an application of SFIA. Thanks very much in advance.


5) Develop separate responsibilities for IT governance and IT management.

How do you see the difference between IT Management und IT Gouvernance?