Wednesday, May 19, 2010

Guidance on the Role of a Governing Body

Good governance of IT projects alone would increase GDP in Australia by 1.6% and excellent governance would increase GDP by 3.1%! – Dr Raymond Young, Assistant Professor at University of Canberra
Mark Toomey, who represented the Australian Institute of Company Directors (AICD) and worked with Dr Young on the Standards Australia committee that developed the world's first jargon-free standard for effective corporate governance of the use of IT (AS 8015), and co-authored and edited the largely unchanged successor to that standard, ISO/IEC 38500, observed:
"Organizations that consistently have trouble with IT also consistently behave poorly when evaluated through the lens of ISO/IEC 38500. Examination of many IT problems, with both projects and operations shows that in every case, at least one and often, several of the principles has been violated." - Mark Toomey, in Waltzing with the Elephant
Mark has published the results of a recent international survey and provided additional commentary in his April newsletter:
  • Only 37% of boards have effective oversight of the use of IT
  • Only 27% of boards have the necessary skills and knowledge to provide that oversight
  • Only in 38% of firms do executive management have the requisite skills and knowledge to keep control over the use of IT
  • Only in 25% of firms are executives seen as having a good understanding of the costs, risks, opportunities and value associated with its portfolio of IT assets
"The survey results point to considerable gaps in the ability of boards to provide appropriate oversight of IT, compounded by corresponding weakness in executive management’s capability to set appropriate direction, control and monitor the IT agenda."
Lest we think it is just IT that organizations have problems with, I’m reminded of John Kotter's research that revealed only 30% of organizational change programmes succeed. Despite the thousands of books and courses dedicated to managing change since Kotter’s work, a 2008 survey by McKinsey found that still only one transformation in three succeeds.

These are perennial governance and leadership issues and boards of directors have a responsibility to properly address them. Being only 15 pages of jargon-free guidance for boards and executives, putting the ISO/IEC 38500 standard for corporate governance of IT in the hands of every serious director is not a bad way to start.

Sunday, February 28, 2010

Owners Deserve a Better Deal

Drucker said, "In every single business failure of a large company in the last few decades, the board was the last to realize that things were going wrong." In fact the owner was the last to realize.

Protecting the interests of the owner and ensuring that the owner achieves the goals for their investment, ethically and transparently, is the fundamental purpose of corporate governance. By extension, this is also the purpose of corporate governance of IT.
"Top management must take charge if profits are to result" - John Garrity, 1963
Boards of directors and business leaders, over the last 50 years, have failed to ensure that IT related investments create value, despite these investments being responsible for up to 50% of capital expenditure for businesses worldwide.

Consider Cranfield University's study of IS/IT investment appraisal processes of large UK firms (described in Ward and Daniels, "Benefits Management"):
  • Only 30% of investment appraisals have adequate involvement of business managers
  • Just 10% consider the implications of business changes
  • Only 25% of decision makers understand the business case
  • Not surprisingly, just 27% of projects deliver the benefits that justified the investment.
If managers are not doing their job then neither are the directors, whose job it is to make sure that management does its job.
"In law, all directors are responsible for the stewardship of the company’s assets. All directors, therefore, whether or not they have executive responsibilities, have a monitoring role and are responsible for ensuring that the necessary controls over the activities of their companies are in place - and working." - Report of the Committee on the Financial Aspects of Corporate Governance, Sir Adrian Cadbury, London, 1992 ("The Cadbury Report").
An effective system of corporate governance allows owners to direct and control the organization within a framework of effective transparency and accountability. It enables the owners to provide input into the organization's overall strategy and direction and receive assurance that the organization is growing in value, fulfilling its responsibilities to stakeholders, and limiting risk exposure to tolerable levels. It is the enabler of improved business performance.

After 50 years it is time to re-frame governance of the use of IT in these terms. We must start using language and concepts that business leaders at the very highest levels readily understand and can adopt. 

The ISO/IEC 38500 standard provides guidance for doing that. It is a business leaders’ framework, free of jargon, for managing risk and maximizing the value of IT. Business leaders that follow its guidance give owners assurance that managers are doing their job.

Consider the Benefits

John Garrity was the first to observe that, in firms with the highest returns on IT investment,  executive management dedicate their time to system projects in proportion to the cost and potential of the systems. They:
  • Evaluate the plans for these systems; 
  • Make the major IT decisions;
  • Monitor and follow up on the results achieved.
In 2006, Dr Raymond Young, Macquarie University, analysed a variety of authoritative literature and reasoned (in "What is the ROI for IT Project Governance?") that currently:
  • Overall Return on Investment (ROI) for IT related projects is 30%
  • 2/3 of projects deliver no benefits whatsoever
  • Overall, every effective dollar of IT investment is producing four dollars of tangible financial benefit to offset the failed and challenged projects. 
Dr Young further reasoned that improved IT project governance practices would ensure that more projects either realized their promised benefits or get put out of their misery. Doing so would:
  • Increase overall ROI for projects to between 135% and 240% 
  • Increase national GDP by between 1.6% and 3.1% (for Australia).
When governance considers the whole IT investment portfolio, the benefits are even more substantial. MIT Center for Information Systems Research found that the top five percent of firms, in terms of "IT Savvy," earned an average of $250 for each dollar invested in IT infrastructure in the year following the investment. (Weill and Aral, 2005).

These studies highlight that the way most organizations govern their IT investments is denying their owners, and the national economy, a considerable opportunity to create value. Business leaders and stakeholders that elect to do something about it stand to reap huge rewards.
"To remain competitive in a changing world, corporations must innovate and adapt their corporate governance practices so that they can meet new demands and grasp new opportunities." - OECD Principles of Corporate Governance, 2004