Well we’re over the first hurdle. The first edition seems to have been well received, with subscribe requests greatly outnumbering unsubscribes – of which there were only three. Traffic on www.infonomics.com.au went through the roof – thanks to all who took the time to get in there and have a look at the Executive Briefs, and what Infonomics is all about.
This edition’s got a variety of features, and we’re trying some different approaches to organising the content. Your feedback is valued, and I hope that there will be lots of it.
If you missed the first edition, it’s here on the web – please feel free to enjoy it.
Mark Toomey
12th September 2005.
We’re here to help you win with ICT. Infonomics is a small company with a big goal. We aim to improve the success rate for organisations that use ICT in the course of their business. But we can’t do it just by sending out free newsletters. We are looking for some of you to become paying customers as well. This is the commercial – the only one in this edition.
Telstra, the Bush, and the Future – What does Australia need? Telstra has been in the news a great deal of late. We think that there’s much more to the plot than has been discussed to date – and some serious issues for the federal government to address. We used AS8015 as a framework to think about not just Telstra, but Australia’s National Communications Infrastructure.
More Telstra Discussion. It took several goes to get our discussion down to 2 pages. There are many unanswered questions. There’s a four pager as well, that concludes by asking Senator Coonan the question Senator Joyce might now also be asking: “Are the plans and controls for Australia’s National Communications Infrastructure sufficiently well developed to support any change in the status-quo”?
Polishing the kettle – on the inside. We take an old proverb and stretch it a bit, to explain why we believe that much of the investment organisations make in improving their IT shop is misdirected.
IT Governance Tools. Many organisations will be contemplating deployment of new-generation tools for IT Governance. These investments may produce significant benefits – if the fundamentals of the business case are sound.
The Good, the Bad, and the Downright Ugly. The popular press loves an IT disaster, and industry journals delight in dissecting the major ones. But sometimes, we also get some stories that delight, of how ICT is being used well. This section explores just a little of what’s been written lately.
Email: Risky business practices. We love to hate it. Email has taken over our lives and has become a staple of communications. On a global scale, it’s one of those unplanned things that just happened. Now, despite the spam and other nuisance aspects, email is an essential business tool that contributes to performance and brings risk. Here we explore a couple of areas where organisations may benefit from a bit more care in how this essential technology is governed.
Reader’s Question: One of our readers wanted to know what we thought about the tension between investments in good governance and the freedom of an entrepreneurial environment.
Events: John Thorp – author of The Information Paradox - delivered an entertaining and thought-provoking address to over 180 senior executives and CEDA members in Melbourne on Wednesday September 6th. And the Macquarie University mini-conference we foreshadowed last month is locked-in for September 24th. That’s right – a Saturday afternoon – so being too busy with business is not an excuse. If you know of something that should perhaps be listed here, please let us know.
Sources of further information: This section of The IT Governance Letter is intended as a repository of references. We’ll include brief reviews on good books as we read them, and commentary on papers as they are developed. If you know of something that should perhaps be listed here, please let us know.
Infonomics in the Press. Sometimes the articles that appear in the press contain valuable lessons, and we’re not shy about pointing them out. We’re grateful that the editors are tuned in – now we just wonder if the readers are tuned in too. Of course, sometimes we may be preaching to the converted, but we will continue our efforts and will always seize opportunities to spread the word about who needs to be responsible for effective corporate governance of ICT.
What is IT Governance all about anyway? We had a lot of readers dive onto the web site last month, but not everybody got a look at the Executive Briefs. We decided that perhaps we should embed the content in the Letter – so here’s a replay of the first Executive Brief, and links to the next two. EB4 is also mentioned, but it’s not ready for publication yet.
The Infonomics Mailing List, SPAM and Privacy: For those who may think that this material isn’t for them, for those who would like to receive a copy direct, and for those who are generous enough to give us some feedback, or content for the future.
OK – we’re doing the promo up front. After all, the purpose of this newsletter is not just to inform and entertain you. We’re also looking for opportunities to add value to your organisation – and in doing so, to put bread on our tables.
If statistics showed that 95% of organisations achieved 95% of the forecast results from 95% of their IT investments, and that their installed information systems achieved 95% of the reasonable expectations of the stakeholders, we would probably think that that result was not good enough. We would want to do better!
Well, 95% is far from where we are. Statistics show that closer to 50% of IT projects fail. Many organisations suffer major disruption due to failure of IT systems, and a disturbing number don’t survive the failures.
Few contemporary organisations can operate at all if their ICT breaks down. Yet few of these organisations can score well when assessed against the recommendations of the Australian Standard for Corporate Governance of Information and Communication Technology (You can do a quick-test by downloading our Executive Brief 3: Profiling your Organisation’s IT Governance). When assessment demonstrates, for example, that an organisation’s annual business planning cycle completely ignores the IT implications of its strategic intent, it’s not hard to imagine that improving alignment with AS8015 might also increase effectiveness and efficiency in the use of ICT.
Infonomics is an independent organisation that exists for the purpose of helping organisations achieve greater success in their use of information and communications technologies. Our specialty is IT Governance, and our customers are the C-level executives and directors who need to know that their organisation’s IT Governance is working properly.
Our job is to help you understand your situation, and what’s important. We do this by conducting diagnostic assessments, and by supporting organisations that are improving their IT Governance capabilities. We are available to review strategies and business cases and to check the health of ICT initiatives. We conduct seminars and workshops to help top level executives and directors gain new perspective on why and how they might engage in setting and monitoring IT direction. We evaluate, and help organisations to design and implement the processes and organisational constructs of effective ICT Governance, including executive and board committees. And we provide confidential individual advice and coaching to C-level executives and directors.
Smart CIO’s understand that ICT should be on the agenda for the corporate executive and the board. But sometimes it’s hard to get that message to stick with the people who need to understand it most. Infonomics experience is that assessment against AS8015 helps ensure that ICT is on the agenda. As a direct consequence of assessments conducted since the standard was released in January 2005, we have seen reporting lines change so that a CIO reports direct to the CIO, and we have heard a CEO announce that ICT will take a seat in the executive circle.
Does your organisation have a brilliant track-record and high performance in ICT Governance? Why not ask us to test it for you, and increase your confidence that your use of ICT is efficient, effective and acceptable. To do so, just reply to this message and ask us to contact you – or phone us any time on (03) 9801 1237. And if you’re in the midst of a major investment program, perhaps you should ask us to check that it’s doing exactly what you expect it to be doing.
No Australian resident could have missed the furore of the past few weeks regarding the proposed final privatisation of the nation’s major telco – Telstra. Many of our international readers may also be aware – and if you’re not – try Googling “Telstra, Trujillo, Joyce, ASIC”. Sol Trujillo is Telstra’s recently appointed CEO. Barnaby Joyce is a newly elected Senator in the Australian Parliament, and ASIC is the Australian regulator of good corporate behaviour.
But underneath the bluster that is going on between the Telstra executive and the government, there is a scenario emerging of dreadful neglect in the development and maintenance of the nation’s telecommunications infrastructure. This sort of situation also occurs in some organisations – particularly larger ones, and we thought it warranted some further contemplation.
So we set out to assess the governance of Australia’s National Communications Infrastructure, using AS8015 as the evaluation framework. Here’s what we thought.
To read and save this as a PDF, please click here.
If this doesn’t interest you right now, you can Skip forward.
Regulation: the problem, or a symptom?
Sol Trujillo seems to want us to believe that Telstra’s market value and performance prospects are a consequence of inappropriate regulation. He seems to be saying that Telstra should not be made to share its infrastructure, and that Telstra should not bear an obligation to the bush. For many, his words ring hollow. Telstra is often seen as fat and lazy, contemptuous of the needs of its many less powerful customers, and resistant to change. Years of appallingly bad technology decisions have left Telstra and Australia with outdated, inflexible and unreliable National Communications Infrastructure. Now, Telstra is baulking at the prospect of having to fix the problem.
But the problem does not lie just with Telstra. Successive governments and regulators having failed to appreciate that Australia’s prosperity is utterly dependent on a National Communications Infrastructure that allows all Australians to connect to each other, to their wealth generating assets and to the world.
The National Communications Infrastructure (NCI) is the entire collection of copper wires, fibre cables, radio and microwave transmitters, satellites, switches and software that underpins everything from the humble telephone to the most advanced wireless broadband links. From a planning perspective, the NCI looks like a mess.
From the dawn of telecommunications in Australia, Telstra and its predecessors have been the stewards of the NCI. As the incumbent major investor and dominant competitor, Telstra has been responsible for planning and delivering Australia’s NCI. But Telstra’s decisions seem to have been driven by short term and anti-competitive priorities, rather than any clearly articulated vision of a truly connected Australia.
A framework for asking (the right) questions
Australia’s National Communications Infrastructure and Telstra’s stewardship of the NCI fail the test when examined using our world-leading standard for Corporate Governance of Information and Communication Technology. Known as AS8015:2005, this standard was developed to guide all Australian organisations, with a view to increasing the prospects that their use of ICT would prove efficient, effective and acceptable. Considering the current debate, it’s not unreasonable to use AS8015 as a lens to test what’s been happening. The perspective it gives suggests we have much to do before we can be confident in Australia’s future communications.
Assessment of Australia’s NCI does not involve just Telstra. Telstra is a technology provider, and AS8015 tells us that others should be setting the agenda – driving the efficient, effective and acceptable use of technology from a requirements perspective. The Australian people, our businesses and other organisations, and our governments collectively define what we require from our telecommunications companies – and expect them to deliver. As the largest incumbent, with the dominant infrastructure, we expect Telstra to understand and deliver not only our current requirements, but our future ones. And we expect Telstra to do so with a very clear appreciation of its social responsibility – to treat all Australians – including businesses, with dignity and balance.
AS8015 sets out six principles for governing the use of ICT. Clearly, the NCI is the “Big C” in ICT, and the principles apply. But when we look closely, we can conclude that they have not been applied well to date. A new approach is needed to ensure that Australia’s future NCI is fit for purpose.
Who sets the agenda?
Principle 1 in AS8015 is about responsibility. It says that clearly understood (and by implication, appropriate) responsibilities for ICT must be established. In terms of the NCI, we haven’t done this. The technology providers should not be responsible for setting the agenda – because it’s their job to deliver to the agenda. Letting Telstra set the NCI agenda is comparable to setting foxes in charge of henhouses. Telstra’s litany of short-sighted and anti-competitive decisions about infrastructure have frustrated consumers and competitors alike. Now they are hurting Telstra too, and deservedly so. The responsibility principle isn’t just about delivery – it’s about planning as well. Australia’s plans for the NCI should be driven by a well formed, clearly articulated vision of a connected Australia, that takes into account a proper understanding of how technology is evolving, and the opportunities that are emerging. Australia needs a new, independent approach to form and articulate the NCI vision and agenda.
Does the plan fit the need?
The second principle is more specific about planning – it says that ICT must be planned to best support the organisation. In this case, the organisation is the Australian nation – all of it! Do we see evidence of good planning in Australia’s current NCI? Certainly not! The consequences of under-investment are becoming obvious. And the proposed solution – a national broadband rollout – is at best short-sighted and simplistic. Wire based broadband has limits regarding accessibility – and there are many barriers to universal broadband in both copper and fibre networks at present. Wireless broadband and satellite may be options – but have they been assessed properly? And what will happen to the investment in these technologies when the physics labs deliver the next breakthrough? Technology is evolving at a dramatic rate and whatever we commit to installing today will need careful management to maximise its life without compromising future developments. Australia’s plans for the NCI are missing the point – that continuous evolution is essential and that base technologies must evolve too.
A question of validity
AS8015 says that ICT must be acquired validly – in the right way, for the right reasons. Has Telstra delivered Australia’s NCI for the right reasons, in the right way? Probably not! Under-investment and technology choices have limited the availability of contemporary (but by no means leading-edge) broadband services, frustrating both consumers and competitors. Telstra’s wholesale pricing, combined with its perceived weak performance in service activation and fault repair has driven competitors to invest in parallel infrastructure. The total investment to date in the NCI may have been sufficient to deliver Australia world-leading communications. But competitive behaviour has focused it in areas where there are high revenues and thus high margins – giving us an NCI that is over-delivered in some areas and chronically under-delivered in others. Surely this cannot be seen as a valid result!
Australia needs a new approach to planning and delivering the NCI. Fundamental decisions about its design should be made with foresight, pragmatism and common sense. Hiving off the wholesale portion of Telstra may be a good start to achieving this – but it’s probably not the complete answer. The answer does need to recognise that there are now several infrastructure providers, and they should work together in the national interest, while remaining individually viable and effective.
Standards of performance
Principle 4 says that we should ensure that ICT performs well, whenever required. Some will say that Australia’s NCI performs well – others will say definitely not! Basic and long-established services are generally good in areas where revenue and population density sustains good maintenance. Weakness emerges when we look at regions that don’t produce compelling revenue – the same regions where competition is a lesser factor. However, there are more dimensions to performance than merely reliability and serviceability. Ability to deliver, to support and maintain are also important – as is the time taken to bring new capabilities on stream. Current circumstances suggest that Australia has been slow to retire obsolete infrastructure and far from fast at adopting and implementing the infrastructure for new technologies.
Compliance with rules
In Principle 5, AS8015 says: “Ensure that ICT conforms with formal rules”. Well, we have rules and regulation aplenty when it comes to Telstra and the NCI. The regulatory regime has enabled competition, and Telstra has on several occasions felt the sting of the regulatory enforcement regime. But the rules that we have in place today have not delivered us the efficient, effective and acceptable NCI we desire. They have not ensured that we have deployed the appropriate technologies at the right time, in the interests of the national need. They have not driven quantum improvements in service delivery and performance.
Australia’s NCI rule-book should be re-written, to ensure that the infrastructure investors and the retailers balance their shareholder interests and the national agenda, with efficient, effective products that deliver acceptable standards of performance, flexibility, reliability, resilience, accessibility and cost.
Accounting for the human factors
Finally, AS8015 insists that ICT use should respect human factors. Much of the dissatisfaction being expressed today can be attributed to failure in this area. Australians want mobility – witness our preference for mobile phones over fixed line home and business phones. Yet we are rolling out a broadband infrastructure that ties us to one place – or at best the small area covered by a wireless LAN. Does this make sense?
Australia’s plans for the National Communications Infrastructure must take into account the behaviours, habits, aspirations and other realities of the people and organisations that will use it. This understanding must be woven into the fabric of the national vision for the effective, efficient and acceptable use of communications technology in the pursuit of Australia’s social, economic, environmental and political goals.
As always, it takes a great deal more effort to write a short article, than a long one. What’s above meets the target for my Executive Briefs at two pages. But the topic is enormous, and it was not easy to get it down that small. The first cut ran to around 6 or 7 pages, and the first complete version was still 4 pages. Having spent that much time, I knew I had to go to a different level, which is what you see above.
But I was rather attached to the four page version as well – it’s full of what I suspect are unanswered, and sometimes maybe unanswerable questions. So if you’d like to delve a bit deeper, the 4 pager is on the web site. Enjoy!
We all know the proverb about pots calling kettles black. At a conference in 2001, Commonwealth Bank CEO David Murray stunned delegates with a tirade centred on over-hyped solutions that failed to deliver value. Murray was certainly calling the ICT Kettle black. And today, ICT projects continue to go wrong, in all sorts of organisations. For many, the ICT kettle is indeed, black.
Murray would not be the only chief executive who is frustrated by the apparent failure of IT to deliver on its promise. For several decades, billions of dollars have been sunk into investments that were intended to improve the success of ICT initiatives. The investments include training, tools, equipment, methodologies, outsourcing arrangements, process reviews and improvement programs, external audits and so on. Have these investments all been flights of fancy, and an abject waste of shareholder funds? Will further spend on methodologies, training and tools deliver any better results?
Perhaps one way to answer these questions is to extent the pot and kettle metaphor. We won’t debate whether or not the pot (the business) is black too – that would be fruitless. Instead, we’ll look more closely at the kettle (ICT). In most organisations it’s only the outside of the kettle that’s black. Inside, it’s clean, and one would have no concern with its product. The billions of dollars spent on improving the internal workings of the ICT department have actually delivered something – better performing, more capable IT departments. The problem is that in too many cases, the money needed to be spent on the inside of the kettle – the ICT department – but rather on the outside – how the ICT department is used.
Analysis of many ICT project failures reveals that the technical elements are generally successful. It is the business context and implementation of initiatives that is more likely to be the centre of trouble.
So rather than tipping more money into the internals of IT departments, Infonomics recommends that organisations look more closely at how the organisation, and particularly the business leaders, engage with IT to set the directions, priorities and controls for ongoing IT investment.
Directors should insist that any IT performance improvement program starts with a thorough and unbiased assessment of how IT is positioned within the context of the organisation, how the IT agenda is set, and how IT is governed. If these factors are not appropriate, it is probable that any investment in IT improvement will be internally focused, and thus a wasted effort leading to additional frustration.
I overheard the CIO of a major industrial firm being asked recently what tools his team uses for tracking and managing the IT project portfolio. The answer: - a spreadsheet!
In manual trades, master craftspersons can do astonishing things with the most rudimentary tools. Yet advanced tools rarely enable the rank amateur to achieve anything like the quality of the master craftsperson.
But give the master the advanced tools, and truly extraordinary results can emerge.
So it is also the case in respect of tools to support the processes of ICT Governance. There are now many tools available, and most, if not all of them can assist organisations to improve their approach and effectiveness. But a Governance tool alone will do precious little, unless it is accompanied by development of culture and attitude, with process and rigour. Organisations that plan to implement ICT Governance software should ensure that there is a properly developed business case for the initiative. The Business Case should provide clear answers to our planning and justification mantra:
· Objective: Is there a clear, statement of the outcome to be delivered?
· Value: Why is achieving the objective important?
· Approach: What work will be undertaken in order to deliver the objective and realise the value?
· Performance: How is progress toward achievement of the objective and realisation of the value assured?
· Risk: How are events that might compromise achievement of the objectives identified and managed?
Directors should check that every IT Governance initiative is properly defined in a suitable business cases, and should ensure that the initiative deals as much with embedding proper governance process and culture as with establishment of technical systems.
The popular press loves an IT disaster, and industry journals delight in dissecting the major ones. But sometimes, we also get some stories that delight, of how ICT is being used well. This section explores just a little of what’s been written lately.
The promise of ICT is not merely that it allows organisations to speed up process and reduce overhead. The promise is that when used to its full potential, ICT enables organisations to do things differently, and more effectively. It can be difficult to conceive and communicate just how differently when we tend to discuss ICT in technical and structured terms. But painting a scenario in words can deliver a much more comprehensive understanding of the future.
Eleanor Limprecht paints a wonderful picture of how ICT has been used to improve health services in her article “E-records – a healthy chart buster” that appeared in The Age on Tuesday September 6.
Business cases for ICT investment should communicate the intended outcomes and benefits in language that is clear for all stakeholders. Directors and executives should insist that propositions are realistic and compelling, and that they are underpinned by testable rigour.
Joyce Moullakis told us in the Finnacial Review on 31 August about how “Technology fuels Cabcharge surge”. An 18% profit lift and a 9.6% share price lift are said to stem from deployment of wireless technology to streamline its fare processing. This outcome was certainly planned, as illustrated by Melissa Jenkins article “Swipe cards help to drive Cabcharge growth” in the August 2003.
Directors should require business cases to be clear about the timeframe for the investment and the realisation of the results, and should monitor the major initiatives periodically to ensure they remain on track – or to require adjustment when the forecast outcomes are at unacceptable risk.
Just when we thought we could forget about Year 2000 comes news that there may be more Y2K bugs. On 23 August, Mark Davis in the Financial Review told us: “IT Bug could white-ant Defence supplies”. The article points out that several different techniques were used to represent dates when computer memory was priced like gold rather than sand. The techniques were legitimate at the time, but the very real savings at the time are offset by the risks that ancient systems have been kept operational long past their use-by dates.
Directors and executives should check on the age of their organisations critical business systems, and seek properly researched reassurance that there are no variants of the millennium bug present. This may be a good time to enquire about the age of the software on which the organisation depends. How effective are the older systems, and when should they be replaced?
From 2000 to the present year, spending in ICT fell significantly as organisations digested the costs of the millennium bug and (in Australia at least) GST compliance. But the systems on which organisations depend have continued ageing one day at a time, and some organisations are now facing massive costs in IT systems overhaul, as Stuart Kennedy writes in “IT costs fuel Qantas worry” in the September 1 edition of The Australian IT. For a variety of reasons (few of them particularly valid), many organisations have deferred investment in maintenance and replacement of information systems and equipment. Qantas is not alone in facing a massive spend on IT in coming years.
As organisations develop business plans, it is wise to ask questions about the effective life of key business systems, as well as to investigate the demands that new approaches to business may create for these systems.
Sometime in the last month, I received an email advising that a certain CEO would be out of the office for a period.
There’s nothing unusual about this – except that I was one of 900 addressees, and every one of those email addresses was contained in the “to” line of the message. With not a lot of difficulty, I would have been able to extract quite a number of what their owners would consider to be very private addresses.
Of course, I did let the unfortunate PA who had sent the message aware of the possible consequences – and I’m sure that she won’t make the same mistake again. But there are many more people out there who seem not to realise just how easy it is to let out sensitive information accidentally when using email.
Like many IT tools, email was originally conceived by, and designed for technical people who would not have dreamed of using it for anything but good purpose. While it’s become more functional over time, with spelling checkers and so on, email still carries some of its original design weaknesses, and if these are not to become pitfalls, some effort is required to ensure that it is used properly.
Observe email coming to you from within, and external to your own organisation. Are unnecessary risks being taken because people simply don’t realise the possible consequences of what they are doing?
Apart from privacy, there are numerous other legal risks associated with email. As a principal medium for business correspondence, Email has become fundamental to corporate record-keeping. Corporations and individuals have significant obligations to retain records, and many records now exist only in electronic form, as email messages. It’s important that there are proven mechanisms in place to capture and preserve all records-related emails. Relying in individuals to keep track is generally not sufficient – especially if messages are downloaded to the user’s PC rather than being held and managed on an email server.
Directors should satisfy themselves that appropriate measures, such as training and capture systems, are in place, to ensure that the use of email does not create unacceptable legal and compliance risk for the organisation.
In response to the August edition, one of our readers wrote: “One of the subjects I find fascinating is the tension between investment in good governance – arguably a risk averse approach to doing business – and the condition (or maybe perception) of unrestrained freedom that characterises an entrepreneurial approach to doing business. I’d love to see an article on the latest thinking on this subject”.
First of all – it’s great to have questions coming up like this. We’d love to have more, and we’ll also be happy to take on board, and publish contributions on worthwhile topics. However, please be aware that we are small, and decidedly low-tech, so if there’s a flood we may have to be selective.
Now – the question – how does one reconcile the tension between investment in good governance and the apparent unrestrained freedom that is associated with entrepreneurial approaches to business?
What is an entrepreneur? Sometimes we get the view from advocates of entrepreneurial approaches that entrepreneurs are people who can achieve success at speed, while not following conventional rules and disciplines. An entrepreneur might be a free spirit in business, able to generate fabulous results through activity that involves incisive and expeditious decisions with minimal formality and low overheads. But are these images realistic? History says, virtually never. This type of entrepreneur generally falls foul of unmanaged risk and lack of planning. They have no fallback when things go wrong, and in too many cases even the core money-making idea is fundamentally flawed, so that the market never really gets going anyway.
Hit Google with the simple question “What is an entrepreneur?” You’ll get pages of results, and plenty of discussion. There is plenty of latitude in the definitions, but with some common themes about translating ideas into results. Some suggest that there is a high degree of autonomy and freedom, but others make the point that results generally depend on a disciplined approach. We saw definitions like this from Merriam-Webster Online: "one who organizes, manages, and assumes the risks of a business or enterprise." Another explains an entrepreneur as “a person who organizes and manages a business undertaking and assumes a risk for the sake of profit”. It goes on to say “Operating a business takes certain skills. Few people have all the skills needed to run a business, but they can compensate for their weaknesses by hiring staff or consultants and by becoming more knowledgeable through education or training”.
What we find by exploring in this way is that a true entrepreneur exhibits the disciplines of planning, control and monitoring, combining them with rigour, communication and delegation, to translate a good idea into a valuable reality. That sounds exactly like what we are advocating as good governance. Successful entrepreneurs know that survival and prosperity depend on discipline. Virtually none have unrestrained freedom, because none have unlimited resources. And most unsuccessful entrepreneurs can be shown to have run out of (dare we say squandered) their resources, before they generated a return on the investment.
So, when somebody suggests that good governance gets in the way of entrepreneurism, it may be appropriate to start with a common understanding of the concept. Then perhaps there can be common ground for agreeing that good governance is actually essential, and the foundations for a business case for governance investment should emerge.
Now of course there is another viewpoint. That’s the one that relates to bad governance – and there’s plenty of that around at present. What is bad governance? It’s the result of poorly thought-out knee-jerk reactions to things that have gone wrong, or may go wrong. Bad governance creates overhead without value – such as demanding massive progress reports in a complex template framework, without ever looking inside the reports to understand the situation they describe. Bad governance includes processes that demand irrelevant and unproductive activities, or that set inappropriate parameters, or that involve the wrong people. True entrepreneurs will understand the difference between good governance and bad governance. They will work with, and exploit the former, but they will resist and obstruct the latter – though sometimes they may need to experience it in order to be convinced that it is indeed good.
Directors and executives should be wary of those who espouse reduction in controls as an enabler to a higher performance, entrepreneurial approach to business. It is possible that they are indicating problems with the governance system, but more likely that they are attempting to bypass the proper disciplines of making sure that every investment has a clear objective, will deliver value, will be conducted using an appropriate approach, will deliver measurable performance, and will identify and control all relevant risk. On the other hand, true entrepreneurs will exhibit very strong understanding of these factors, and will be able to link their propositions to the organisation’s strategic vision and objectives in a way that is compelling and reliable.
John Thorp, author of The Information Paradox and Head of the Fujitsu Global Consulting Centre for Strategic Leadership addressed a CEDA Luncheon in Melbourne on 7 September. His topic: Meeting the Challenge for IT - Enabled Change: A Strategic Governance Approach is absolutely relevant for all concerned with strategic development of any enterprise. The briefing attracted about 180 senior managers, executives and directors, evenly divided between IT and non-IT orientations.
John opened by discussing the IT Casino – where organisations gamble on investments. And he defined insanity as “doing the same thing, the same way, and expecting to get a different result” – a clear and direct reference to one of our own favourite issues – the apparent inability of organisations to learn from their own mistakes – let alone the mistakes of others. He reminded us that it’s not the IT that produces value – but they way that we use and apply it. He noted that IT enabled transformation of organisations is hitting a ceiling – the barrier where organisations need to imagine themselves differently in order to appreciate the true potential of IT.
Thorp believes, passionately, that IT is too important for its planning to be left to IT people. He asserts that the use of IT needs to be driven from the top – and he quotes our own minister, Senator Helen Coonan, who said that IT should be driven from the boardroom. He also notes a Gartner statistic, that globally, $800 Billion is wasted on poor IT decisions.
He went on to explain his concept of strategic governance – an optimised approach to enterprise governance, which should ensure that an organisation is doing the right things, the right way, doing it well, and deriving the benefits. He explained the concept of governance, drawing on the Greek root (Kuberman) which relates to steering the ship, and brings forth the notion that governance is a process of continually orienting and adjusting. He emphasised that the continuous process needs inputs about performance, noting that “hope is not a method”!
Thorp made an interesting point – that organisations with good IT governance tend also to have good enterprise governance. He then explored the planning and control of organisation change programs – again noting that these are not merely IT initiatives, but all-embracing activities in which IT plays a pivotal role. He described:
· Strategy – Understanding, configuring and managing all the organisations assets so that they create optimum value;
· Architecture – The relationship between the assets. Understanding this is essential, because if one is adjusted, it is important to have the means of predicting the consequent impact on other. Related assets;
· Program – Structured group of activities designed to produce clearly identified business outcomes and results.
· Portfolio – Collection of programs that makes up the organisation’s total change agenda.
In discussing past change programs that organisations have undertaken, Thorp noted that many organisations “rush to fail, but never take the time to succeed”. He suggested that failure to plan properly up front arises from factors such as lack of business engagement, denial of complexity, vested interests, and the simple reality that planning is not easy.
At the close of the session, Thorp delighted the audience by promising a copy of his recently updated book “The Information Paradox” to each attendee. This book is an excellent read, and will help many who are not familiar with IT gain new appreciation of how, and why, the governors of organisations need to take an active role in IT Governance as part of strategic governance.
This half day mini-conference is being promoted by Macquarie University, and will be delivered on Saturday 24 September, at the Macquarie Graduate School of Management in North Ryde, Sydney. Full details and registration forms are available here on the Infonomics web site.
The conference leader is Dr. Raymond Young, course convenor and lecturer for the Macquarie University course ITEC844 Strategic Project Management on IT governance. Raymond is a former CIO and management consultant. His recent PhD thesis entitled “Explaining senior management support through IT project governance” forms the basis of a forthcoming Standards Australia handbook: “HB 280 - 2005 IT Project Governance Handbook - Effective Senior Management Approaches”. The content for the proposed conference includes:
· PRO:NED Director Michael Hadaway will discuss the future of IT Governance at a board level;
· Infonomics principal Mark Toomey will describe how leading organisations are employing AS8015 to understand better how their organisations tackle the job of IT Governance;
· Laurence Archer chairs the committee developing AS8016, the forthcoming Australian Standard for Corporate Governance of ICT projects. He will present the status and directions of work on development of this companion to AS8015;
· Cooper Lee, of PlanPower and CPMGroup will discuss diversity in benefits being attained from projects, and techniques for identifying when benefits may not be delivered;
· Fujitsu (previously DMR) Consulting Director, Peter Harrison will present case studies of what has actually been achieved in practical benefits realisation and will argue that ‘value management’ may be a useful way of understanding IT Governance;
· Si2 principal John Englaro, notes that time and budget are critical elements IT project governance and the realisation of business benefits. He will explain why project plans are consistently wrong, and what to do about it.
On 20 September, Mark Toomey is addressing the monthly meeting of the Melbourne chapter of ISACA. Details are here.
This section of The IT Governance Letter is intended as a repository of references. In the future, we’ll include brief reviews on good books as we read them, and commentary on papers as they are developed. And if you have something to tell us about, of course we’ll take it on board.
In November 2003, Glen McLane produced a review of literature for his Master of Business in Information Technology Management at UTS. IT Governance and its Impact on IT Management promises to be an interesting read. Would any of our readers care to review it?
Alan Calder is well known as an IT Governance specialist in the UK. He recently released “IT Governance Guidelines for Directors”, which we are yet to read. For more information, go to www.itgovernance.co.uk.
One starting point for this is AS8015 - The Australian Standard for Corporate Governance of Information and Communication Technology, which can be purchased as a download for $41.18 from SAI Global.
IT Governance: How Top Performers Manage IT Decision Rights for Superior Performance, by Peter Weill and Jeanne Ross (Harvard Business School Press, 2004) presents compelling case study data to underpin the importance of effective IT Governance. I’m still reading this work – and will produce a review in the near future.
The IT Governance Institute provides a range of briefings, and as well as promoting a popular framework for overall control of IT.
The Australian Department of Communications Information Technology and the Arts published a major Australian research study entitled “Achieving value from ICT: key management strategies” in April 2005. This study clearly explains several fundamental pre-requisites for success with IT investment.
The Infonomics web site of course has a range of information, and some may be interested to consider The Directors’ IT Compass, which can be obtained direct from Infonomics.
The August 2005 edition of MIS Australia magazine includes an article entitled “When Information Systems Attack”, and chronicles the experience of Canon Australia with an apparently troubled CRM initiative. The story is reminiscent of many past disasters, and prompted us to write to MIS. Editor Paul Smith kindly gave our letter prime spot in the Letters section of the September issue, and that his header line that said: “Are enterprise software failures more due to management sticking heads in the sand than IT faults? Maybe while down there, they can check for dark fibre networks…”.
This is what we said:
Patrick Gray’s story “When Information Systems Attack” (MIS, August 2005) reminds us that the lessons of history are hard to learn. It reinforces the need for robust top level governance of every IT based initiative.
ERP, CRM, B2B and similar terms are code words for “massive business change enabled by IT systems”. They should strike fear into the hearts of the most experienced board directors. The history of such initiatives is littered with the wreckage of companies and careers. Patrick Gray refers to the experience of RMIT University. Another illustration is the FoxMeyer Drug Company, for which bankruptcy was the consequence of a failed ERP initiative.
Sometimes technology is troublesome, but mostly, projects fail because organisations treat them as technology projects – when in reality they are delivering fundamental change to the organisation’s operations. The seeds of RMIT’s bad experience were in objectives for standardised administrative processes, which RMIT failed to manage. In conducting a board sponsored review of CRM plans for a leading Australian business, I found a naďve business case which specifically excluded all effort, costs and risks for business re-engineering from the plan. And that project was jointly sponsored by the heads of marketing and IT!
Organisations can enhance success for IT initiatives through top-level governance. Board oversight and inquiry about critical initiatives can be guided by the six principles set out in the new Australian Standard AS8015. Directors and top executives should satisfy themselves that five questions are properly answered at the outset, and continuously through the life of an initiative. What is the objective, and has it changed? What compelling value will be realised, and is it still attainable? What approach will be used to implement the initiative, and is it effective? What performance is being achieved against goals for progress and realisation of value? How are identified and unidentified risk factors being managed to ensure the success of the initiative?
Projects that don’t satisfy should be stopped in their tracks – or corporate disaster awaits!
Last month, we introduced the Infonomics Executive Brief series. But perhaps we made it a bit hard for some to read them – because the promise of an email attachment somehow failed to materialise, and not everybody is willing to click through to a web link. So we decided to make it a little easier, and embed the Executive Briefs in the main email. We’ll do it progressively – one every month. That will also give me a bit more space to write the next ones J.
Each Executive Brief is a tight two-pager, written specifically for top-level executives and company directors. The first three are designed to give you a broad perspective on what IT Governance is about, and why it’s something that should be on the agenda for most organisations. We sincerely trust that you find them interesting, useful and worthy of further circulation. In addition to the embedded content, you can download individual briefs from the Infonomics web site by clicking the links below.
EB1: IT Governance Definitions Explains what IT Governance is all about – in plain language. It positions the AS8015 definition in relation to suggestions from other authoritative sources.
If you’ve already read this one, you may want to Skip forward.
What is IT Governance Anyway?
It’s hard to say when exactly the term IT Governance1 moved into common use. But it’s not hard to see that the term has acquired many different meanings over the past few years and so it’s not surprising that argument rages. It can be quite difficult for managers, executives and directors to find a suitable definition of IT Governance – and one that will serve as a foundation stone for their own efforts in developing or upgrading their organisation’s approach and performance.
One way to get a start on defining IT Governance is to start from the point of view of the consequences of poor IT Governance. We all know what that looks like – an organisation unable to perform as it should because its IT systems are inadequate, with its IT projects failing to deliver, and its IT costs spiralling out of control. This leads to a basic premise that IT Governance must have something to do with ensuring that IT is performing as it should to support the organisation, that the IT costs are appropriate, and that IT projects are generally successful.
This brief discussion does not attempt to go through an exhaustive discussion of IT Governance. Nor does it attempt to derive a formal definition of IT Governance. Instead, it looks briefly at a key distinction, and looks at two highly consistent definitions – each of which should stand the test of time.
Governance vs Management
It is interesting to note that some commentators and even some practitioners appear unable to make clear distinction between the concepts of “governance” and “management”. This is not an IT specific issue – the problem extends into broader matters of corporate governance, where there is a tendency for those who do not understand the difference to demand that directors become increasingly involved in management, rather than focusing on effective governance. Some may be surprised that dictionaries provide quite clear distinction between the two concepts, and by applying the dictionary definitions to the roles of board and management, one can readily formulate this distinction:
· Governance is the process of setting parameters for, and monitoring the performance of management.
Understanding this distinction should help eliminate a lot of muddled thinking that prevails in the current marketplace. However, the distinction still does not give us a clear view of IT Governance.
Does the Market help us understand IT Governance?
IT Governance is a hot topic today – much more so than just a year ago. Unsurprisingly, there are many players in the IT Governance market. Take a moment to try a web search on “IT Governance”. You should get over 500,000 entries. Restrict the search to Australia and you still get 5,000 plus.
Look a little closer at the search results and you will discern software vendors with catchy phrases like “Maximize IT value by aligning & managing the complete IT portfolio” and “Make more informed real-time decisions to manage the business of IT with an IT Governance Dashboard”. There are newspaper articles such as “Coleman delivers for RailCorp IT division2” discussing how some organisations are overhauling their approach to IT Governance. White papers from various vendors abound, and you can look at publicly accessible IT Governance frameworks implemented by public sector and educational organisations. There are books too – and some of them are very good.
But, using the distinction above, you may also see that much of what is being touted in the market as IT Governance is in fact tools for IT Management. Some of it is undoubtedly very good IT management too – but perhaps it cannot deliver all of the potential value on its own – because without proper attention to the fundamental governance issues, it may well operate under inappropriate parameters.
This perhaps explains why past efforts by organisations to improve IT Management have sometimes failed to deliver the anticipated breakthroughs in performance. Even the best IT Management frameworks will fail to perform well if the parameters for their operation are set incorrectly.
Formal Definitions of IT Governance
The IT Governance Institute (www.itgi.org) defines IT Governance as: “An integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation's IT sustains and extends the organisation's strategies and objectives”. ITGI prefixes its definition with the assertion: IT Governance is the responsibility of the board of directors and executive management”.
Peter Weill and Jeanne W. Ross3 define IT Governance as: “Specifying the decision rights and accountability framework to encourage desirable behaviour in the use of IT”.
AS8015-20054 defines Corporate Governance of ICT: “The system by which the current and future use of ICT is directed and controlled”. AS8015 continues: “(Corporate Governance of ICT) involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organization”.
There is strong synergy across these definitions – each makes it clear that governance of IT is as much about the use of IT and not just about how IT is delivered. They make it clear that IT Governance involves systems, structures and frameworks, and they are all consistent with the distinction made earlier, that governance involves the setting of parameters and monitoring of performance.
For organisations that aim to optimise their current and future use of IT, the basic AS8015 definition is probably the most straight-forward. The notion of “system” is fundamental. The System of IT Governance necessarily includes the management processes and tools employed, as well as the setting of the parameters and the monitoring of performance and outcomes.
Thus, a “System of IT Governance” is a collection of processes, policies, rules, roles and tools that together enable an organisation to make effective, efficient and acceptable use of IT through: organising and aligning IT activity to corporate intent; understanding its IT activities and capabilities; allocating and focusing IT resources; monitoring IT activity for appropriate performance; reducing risk of expensive IT failures; and detecting and correcting emerging IT problems.
The System of IT Governance is the superstructure that provides engagement of all the relevant stakeholders, from the boardroom to the coalface. It puts all the methodologies (including for example ITIL, CobiT and Prince2) and tools and processes in context, enabling the organisation to use them effectively, appropriately and persistently. And, while standard processes and tools may be employed, the parameters for operation will be unique to each organisation. AS8015 provides useful top-level guidance with regard to parameters. Its six principles for good governance invite organisations to think deeply, and establish clear, consistent policies and rules in six areas: Responsibility for ICT; Planning ICT to serve the business; Acquiring ICT Validly; Ensuring that ICT Performs Well; Ensuring that ICT Conforms with Formal Rules; and Respect for Human Factors.
Improving IT Governance
Evidence presented by Weill and Ross3 and in numerous other publications, such as “Achieving Value from ICT: Key Management Strategies5” shows conclusively that effective IT Governance is directly related to superior organisation performance and higher return on investment for initiatives that have substantial IT components.
Organisations seeking to develop and improve their systems of IT Governance should clearly articulate what they are aiming to achieve (objective); why it is important (value); the resources, techniques and tools you will employ (approach); how you will know if you are actually achieving the results you seek (performance); and the situations you will need to manage along the way (risk) that could cause the objective to be not delivered.
A powerful way to establish a baseline for planning an IT Governance improvement program is to benchmark your current capability using the Infonomics AS8015 Alignment Diagnostic.
[1] IT Governance and ICT Governance are synonymous. The latter term specifically includes communication, which is implicit in the former. Infonomics uses the terms interchangeably, though the short form is in most common use.
2 The Age, Melbourne, 5th July 2005, reporter: Agnes King.
3 IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business School Press, 2004.
4 AS8015-2005: Corporate Governance of Information and Communication Technology, Standards Australia, 2005.
5 Dept of Communications, Information Technology and the Arts, Opticon Australia and The Australian National University, April 2005
EB2: AS8015 – What does it mean? Overviews the main points of the new standard, and explains the purpose of the six principles for good corporate governance of IT. Click on the link – or wait for the October edition.
EB3: Profiling your Organisation’s IT Governance gives you a thumbnail self-assessment and checklist, to help you see if your organisation has characteristics of good IT Governance as suggested in AS8015. The results may well surprise many readers. We’ll embed this in the November edition – or again you can click on the link.
EB4: Attitude: Setting strategic policy to guide IT Governance will be the next in the series. It will feature in the November edition, though it will be on the website much earlier than that – probably by the end of September. Most organisations use formal policies to guide behaviour in the use of ICT – and most readers will be familiar with Email policies, password policies and perhaps even with ICT purchasing policies. But how many organisations have a concise set of strategic policies that orient how the organisation approaches the fundamental questions of planning for the effective, efficient and acceptable use of ICT. This brief will describe how AS8015 can be used as the basis for a set of strategic policies, and to drive out a framework for the more detailed policies as well.
Nobody likes SPAM – and we don’t either. The Infonomics mailing list complies with the requirements of the Spam Act: 2003, as described in the advice provided in “Spam Act 2003: A practical guide for business” which was published by the National Office for the Information Economy in February 2004. We believe that we have “Inferred Consent” to send you this newsletter because we have obtained your details through direct contact with you in a business context, as a friend, colleague, or client, or through meeting you and exchanging business cards at a legitimate business networking event.
Privacy is a concern to all, and we take our obligations very seriously. Please see our privacy policy.
If you do not wish to receive further correspondence from Infonomics, please unsubscribe here or reply to this email with the word unsubscribe in the subject line.
If you think a friend or colleague would find this newsletter and its attachments useful, please forward it to them, or ask them to subscribe here or by sending us an email requesting subscription to the mailing list.
Did you find the newsletter interesting and useful? What could we do to improve it? Do you have something to say about what Corporate Governance of IT is about, or why it is important? We will be delighted to take on board your feedback and inputs.
