When people hear the word governance, they often associate it with the word government which makes them think about politics, waste, high costs, blown budgets, and very slow progress. The goal of IT governance is the complete opposite of all of those characteristics. IT Governance strives to assist in decision making based on best practices and guidance, not politics. It strives to remove waste and optimize costs by taking an enterprise view as opposed to reinventing the wheel over and over in application silos and by putting a process in place for business justification of projects. Governance also provides a framework of decision making and technical requirements gathering that can assist in speeding up delivery and reducing maintenance.
Air Traffic Control Tower Analogy
I like to use the air traffic control tower analogy when describing the need for IT governance. I think we can all agree that most pilots are exceptional at what they do and most planes are well maintained. Success rates of airplane flights are extremely high. In fact, according to a report by Boeing, from 2001 through 2010, the number of fatalities per one million flight hours is less than one. What do you think would happen to these metrics if they closed down the control towers? Imagine observing airplanes take off and land at JFK in New York City, one of the busiest airports in the world, with nobody in the control tower. We would likely witness a number of disasters. This would not be attributed to a lack of skill by the pilots or a lack of quality and highly maintained airplanes. No, this would be a direct result of a lack of controls.
The art of flying has been enhanced over the years by improvements in technology, but the biggest reason for the incredible success rate is the enforcement of proven processes, controls, communications, training, and financial investments made on behalf of customer safety. Nobody would dream of boarding a plane that was departing from and arriving at an airport with no control tower and no aircraft controllers.
Flying blind in the enterprise
Now let’s take that analogy and apply it to business. How many organizations do you know who have not implemented IT governance or have an extremely minimal governance strategy? In essence, these companies are flying blind. They are loading up their planes (assets/projects) with customers (investor’s cash) and betting that the pilot (developers) can take off and land all by themselves with no guidance, no best practices, no help, and at any cost. Sure the “pilots” will land a “plane” or two, but they will also crash and burn along the way. Imagine a sky filled with hundreds of unregulated planes, some lacking the proper maintenance, some never afforded the time to build the proper safety controls, and no clear route for the pilots to get from point A to B. The fatality rate would increase dramatically. The costs would sky rocket due to emergency repairs that could have been avoided with preventative maintenance. Gas would be consumed at alarming rates due to the lack of an optimized path from point A to point B. The consumer experience would degrade to the point where consumers would not be able to afford flying or they would no longer trust the service or they would look for alternative ways to get from point A to point B.
Get your control tower in place
If we think about our enterprise projects and applications as a series of flights from point A to point B, it should not take a rocket scientist to figure out why we need to put controls in place. The criticality of the service that a company delivers should be directly proportional to the amount of governance that is implemented. For example, if our service carries the burden of impacting our customers’ lives (i.e. airlines, hospitals, etc.) the amount of controls put in place should be substantial. One screw up could cost a life and bankrupt the company. If the criticality of the services is moderate (i.e. clearing a coupon) the level of governance can be modest. Nobody dies if a coupon does not clear. That is not to say that clearing coupons is not important. What it does say is that we need to put just enough controls in place to ensure that we provide an acceptable level of service to our consumers.
Goals of IT governance
The goal of IT governance is to facilitate a framework of accountability, guidelines, and empowerment to help achieve a desirable outcome in the use of IT (IT Governance, Weill, Ross, 2000). My interpretation of that definition is, IT governance goals are to assist in working smarter instead of harder while helping our company deliver reliable products and services at an optimal price. This is accomplished by combining three distinct practices:
- Enterprise Architecture
- Portfolio Management
|From Enterprise Initiatives|