Quelle: CIO, USA
David Drew used to have his own supergroup for IT decision making at3M: the Information Systems Steering Committee. He had all sixbusiness division chiefs in there, along with the top functionalleaders, meeting together six times a year to do nothing but jam on ITstrategy, endorse IT projects of more than $1 million and prioritizeIT resources.
It was great while it lasted. In a company of strong businessunitseach focused on their own wants and needsthe committee was Drew'sbase for creating consensus for a unified IT strategy. But when W.James McNerney, the company's new CEO, took over in January 2001, hebroke up Drew's group. And the business unit executives didn'tprotest. They already had to prioritize IT resources for their ownunit; they didn't want to do it at the corporate level too.
"Our company is big and complex, and the group members didn't feelthey understood the issues in all the different units well enough,"explains Drew, who is vice president of IT for St. Paul, Minn.-based3M.
But Drew can't conceal his disappointment. "The corporate ITprioritization process was moved back to IT, and I would really ratherhave it at the highest business level," he laments.
Why I.T. is not like a shopping cart
Well, what CIO wouldn't want IT decisions made "at the highestbusiness level"? For years, management gurus and the IT media havepushed for committees like Drew's late-lamented supergroup as thesolution to the age-old problem of business-IT alignment. If a CIOcould just get all the top honchos in the company meeting regularly totalk about IT, the thinking went, all his troubles would beover.
Unfortunately, this ideal of good IT governance is more oftenphilosophical than practical. Even though big companies are nowspending more than 50 percent of their capital investment dollars onIT (according to Gartner), few have a supergroup to guide their ITstrategies. Most top executives still regard IT as a shopping cartfull of hardware, apps and systems, and the extent of theirinvolvement is to say, "We'll take that one and that one but not thatone."
That approach leads to flavor-of-the-month technology spending.Executives buy what they think they need to accomplish the short-termgoals of their unit. Corporate strategy? Pie in the sky. Technologyand business process standards? What's that got to do withthird-quarter revenue?
If they are ever to rid themselves of the IT-shopping-cart mentality,CIOs must create something better: a governance structure that 1.keeps IT and the business jointly accountable for linking technologyto the most important business strategies of the company, and 2.produces IT decisions that benefit the entire company and not just apart of it.
Governance (not governance)
Understanding governance is easiest if first you understand what itisn't: It isn't management. Management is the decisions you make;governance is the structure for making them. Without good governance,you won't get good decisions consistently, no matter how wise orshrewd you are. The executive IT committee is the most powerful toolcompanies have to steer IT decision making at all levels, but it can'tbe the only mechanism you have.
The two main components of governance are 1. the decision-makingmechanisms you create, whether committees and review boards or writtenpolicies, and 2. the assignment of decision-making authority andaccountability. IT governance drives decisions in three main areas: ITstrategy, and investment in IT projects and IT architecture.
The big challenge in IT governance, as 3M's Drew discovered, is thatbusinesspeople view all IT as local unless the governance structureforces them to think otherwise. CIOs have to build governance systemsthat fulfill the strategic business goals of every part of the companywhile somehow imposing standards for the safest, lowest- cost use oftechnology across the entire enterprise.
A tall order for sure.
Beginning Governance
CIOs can begin attacking the problem by examining the different piecesof IT governance they already have. Chances are, they aren't very welllinked, says Peter Weill, director of the MIT Sloan School Center forInformation Systems Research in Cambridge, Mass. "The use of IT incompanies has become mature, but IT governance hasn't caught up," hesays. "Most governance mechanisms are created to solve specificproblems, like IT investment or architecture, but little thought isgiven to how they work together."
Here's how the failure to link governance mechanisms hurts yourcompany: A business unit wants to buy 10 PCs, and the business unitinvestment committee gives the go-ahead. Meanwhile, your ITarchitecture board (or architecture policy) says you have to buyThinkPads. If those mechanismsthe business unit investment committeeand the IT architecture boardare not linked, the company will end upwith 10 different business units with 10 different brands of PCsrunning 10 different flavors of software, and you'll need at least 10different guys on the help desk to service them. You might as well nothave a corporate IT architecture at all for all the good it's doingyou.
But not only must the governance mechanisms be linked functionally,they must be linked philosophically, says Weill. The differentgovernance structures should not have conflicting goals that drivedifferent types of behaviorsuch as linking a freewheeling ITpurchasing process to a rigid corporate architecture. Ifbusinesspeople are free to buy whatever PC they want, they will beresistant if IT then wants to control the software they can put onthose machines. In effect, the two governance mechanisms are sendingtwo different messages.
The messages that governance mechanisms send need to be consistent notonly with each other but with the prevailing business strategy. So ifthe CEO is on an acquisition binge and wants to grow the company asfast as possible, IT may need to relax its governance structures tolet decisions happen more quickly and with fewer qualifications.Conversely, when the CEO calls for cost reductions, CIOs may need toadd a few layers of new IT governance to control spending and betterenforce standards and architecture.
Governance from the bottom up: When You HaveMultiple Business Units
Of course, in the real world, companiesespecially big ones withmultiple business unitsrarely have consistent business strategies. At3M, for example, there are six market centers and 45 units, all withdifferent strategies and market conditions. Drew needs to tie them alltogether with a single governance structure that serves the uniqueneeds of each business while somehow maintaining consistency acrossthe units and building support for a unified IT strategy across thecompany.
To do that, Drew has developed a governance structure that promotesthe IT goals of 3M as a wholestandardization, cost savings and ROIatthe functional and business unit levels of the company.
Drew's governance structure starts at the bottom, at the businessprocess level. Each of the six business divisions must keep a runninglist of "e-productivity" projects, which identify a specific businessprocess (such as order management or customer service) whose cost,quality and speed can be improved by IT. Leaders in the business unitschoose the projects and champion them, with IT in a supporting role.Each business division has a quarterly cost-reduction dollar target,and the projects are reviewed to see if the goals are being met. Ifthey aren't, the business unit leadership has to explain itself to thetop executives. That pushes the units to become more accountable forIT projects and to devote the resources necessary to help Drew's staffget the job done. Of course, Drew also measures his own staff on itsability to drive those projects to success. If the projects look likethey might be transferrable across more than one business unit, theybecome "Super E's" and get bumped up to the corporate level.
The governance mechanism that Drew uses to keep these projects ontrack and in line with 3M's corporate goals for IT is the enterprisearchitecture, the CIO's secret weapon. Each e-productivity projectmust adhere to a list of common applications, hardware and programminglanguages. In this way, Drew is gradually pushing the differentdivisions toward a common architecture without having to issue a fiatfrom above.
He calls the architecture "embedded governance" because it's builtinto the projects and drives the technology decisions that benefit 3Mas a whole, not just the individual business units.
Governance from the top down: When Your Leaders KnowWhat They Want
Governance structures that drive hard at the process level gain theirpower from clear IT strategies at the top. Without guidance fromsenior executives, process-level projects have a tendency to multiplyor become neglected and unfocusedor, worst of all, simplyirrelevant.
"The single most important IT governance decision you can make isgetting senior management to identify three or four or five strategic,core business processes and then decide which ones they want to focustheir IT spending on, because then everything else kind of falls inplace from there," says Jeanne W. Ross, principal research scientistat the MIT Center for Information Systems Research. "These companiesget so much better value from IT than the companies that say, OK, hereare all the IT project proposals that were submitted this year, let'sdecide which ones have the highest ROI and allocate the dollarsaccordingly."
At State Street Corp., the Boston-based bank, IT knows which coreprocesses to focus on because the company has an IT supergroup, the ITexecutive committee, devoted to talking about them 12 times a year.All of the heads of the different business units, along with thepresident and COO, sit at the table. The IT budget, which used to becontrolled almost entirely by State Street's highly independentbusiness units, is now in the committee's hands. The committee focusesprimarily on IT investments, but it also discusses business strategyand the role of IT in supporting it, as well as IT-specific issueslike security and architecture. The different units still have theirown discretionary budget, and quite a bit of power to determine theirown IT destinies, but they all know that the IT executive committee isthere to serve the interests of the company as a whole, which rightnow is focused on improving customer service across all the businessunits. John Fiore, who developed State Street's governance structureas CIO, left the company last month. His successor, Joseph Antonellis,who assisted Fiore in creating the structure, says he will maintainit. "I strongly believe in the governance and the ideals that [Fiore]put in place," he says.
Electronics manufacturer Flextronics also has an IT supergroup thatconsists of the CFO, the COO and the presidents of the company'sdifferent business units and functions. Because Singapore-basedFlextronics' margins are so thin2 percent to 3 percent on averagethegroup focuses on using IT to support and enforce a set of commonpractices in the company's core processes of planning, manufacturingand global distribution. Microsoft wants Flextronics to build itsX-Box game console with the same speed, efficiency and quality inChina as it does in Mexico. "We need to provide global consistency,"says Mike Webb, Flextronics' senior vice president of informationtechnology. "That is a fundamental part of our business."
Such a clear message from the business's top leaders makes Webb's jobmuch easier. For example, Flextronics' quest for consistency drivesWebb to go really deep on the architecture piece of governance. Thecompany has a single version of all its major software platforms thatit installs around the world. Webb even has a staff of 60 fullydedicated in-house consultants who drop in like commandos to set upthe infrastructure at a new plant. Control is so tight from Webb's120-person corporate group (800 IT people worldwide) that when Webbships a router to a new factory, it has already been configured andtested by his corporate group.
Of course, even at companies that place as high a value on technologyas Flextronics and State Street, top executives have other things todo besides meeting about IT, so Webb and Fiore must be like rock androll managers, keeping egos under control and minimizing fighting andboredom. Before leaving, Fiore already had seen a backlash against thedepth and complexity of the IT discussions in the committee meetings.He reduced the size of the committee from 22 to 10 and rejiggered itsmission to focus more on business and less on specific technologydiscussions.
Webb makes sure to keep the discussion in the room big-picture. "Idon't involve [the committee] in the details of our IT infrastructureor our network security strategy, other than reviewing the cost," saysWebb. "I present them with plans that help them understand why we'redoing something. I'll show them the business risks we face and thenexplain the level of investment that I think makes sense to alleviatethat risk." He also keeps the details of IT architecture tohimself.
But CIOs can't keep too much to themselves or they risk alienating thetop execs. So education is important. At Milwaukee-based sign-makerBrady, Keith Kaczanowski feeds the company's top executivesinformation about a technology before they have to make a decisionabout it. Brady recently centralized its computing infrastructure on anew ERP system, which raised the stakes on issues such as security anddisaster recovery now that all the company's digital eggs have beenplaced in one system basket. Kaczanowski, who is vice president of ITand process improvement, devoted a meeting to educating the topexecutives on those issues because he knows he'll soon be recommendingsome new spending in those areas. At Atlanta-based package giantUnited Parcel Service, CIO Ken Lacy also uses education to setexpectations. "The top executives travel all the time, and they'rehearing things about new technologies wherever they go," says Lacy."So I listen for that. And we'll have education sessions on Linux, forexample, where our people will present the issues and talk about whywe think we should wait on Linux or go ahead with it."
Governance from the middle out: When You'reDecentralized
Not all CIOs can expect to get that kind of attention from seniorexecutives. That is why having a good committee governance structureat the middle level is so important.
Jeff Balagna, senior vice president and CIO for Minneapolis-basedMedtronic, which makes pacemakers and other electronic medicaldevices, was brought in from GE in 2001 to establish a core governancestructure. Medtronic is highly decentralized and was not interested inpowerful supergroups. So Balagna formed a committee of senior ITleaders from the company's five business units. Many companies usethis device, the IT council, to govern the IT function when they havemultiple independent business units, each with its own ITstaff.
Though he does not have the leaders of the different business units inthe council, Balagna adds an interesting twist to this governancemechanism that gives it more strategic significance: Each CIO ofMedtronic's five business units reports directly to the president ofthose business units, not to Balagna, who gets dotted-line authorityover them. The divisional CIOs sit in on their business units'strategy sessions and bring those strategies with them to the meetingsof the IT council. That helps the council set an overall strategy forIT that reflects the business interests of the business units. Whenthe committee decides to make a big IT investment or a major policychange, final approval goes to Medtronic's executive committee of topbusiness honchos, but most of the company's IT discussion andstrategizing remains at the IT level.
Too much governance?
If all these governance mechanisms sound like extra layers ofbureaucracy, you're right. However, "large company bureaucracy is notalways a bad thing," says Balagna. "It can keep you from doingknee-jerk technology projects."
But CIOs need to be careful. As layers of governance build up,innovation and flexibility suffer. Companies with highly formalizedstructures for investing in IT, for example, tend to invest only inprojects that support current business. In a survey of 40 companies,MIT's Weill found that companies that do well in terms of return onassets tend to have tight, centralized governance mechanisms, whilecompanies looking to maximize their market caps tend to push ITdecision making out to the local business unit or end users.
All the committees and rules that come with good governance tend tolead to investment decisions short on risk or creativity. So companieshave to be willing to devote a certain percent of the budget toexperimentation5 percent seems to be average for companies thatmaintain this innovative edge, according to Ross. At UPS, for example,Lacy has an advanced technology department that works with UPS's majorvendors to test new technologies. And the department has the power tocommission small-scale pilots from scratch. "There isn't a whole lotof off-the-shelf technology you can buy for transportation," Lacysays. To change that, UPS also has a Strategic Enterprise Fund thatinvests in small or startup vendors that could eventually deliver thefunctionality UPS is looking for.
The end of governance
At 3M, Drew says IT is surviving just fine without his supergroup. Thecompany still has a corporate council, composed of all the functionalheads, that talks about enterprise IT strategy on a regular basis. AndIT projects over $3 million still pop up to the executive committee,which gives Drew a forum to talk IT strategy with all the top execs.Beneath this level, he has built steering committees in each businessunit and an IT operating committee, composed of the different businessunit IT leaders, that meets regularly to talk strategy and prioritizeinvestments.
Asked if he thinks his supergroup will ever reunite, Drew says no.3M's new CEO is a Six Sigma fanatic, so the quest for zero defects inbusiness processes will occupy top management for the foreseeablefuture. Drew has responded by placing IT people on all the Six Sigmateams and doing his best to anticipate the IT requests that will comeout of the exercises.
In the end, and above all, governance must be adaptable.
"You can't solve everything with committees," Drew says. "You have tofigure out the most practical way to interrelate with seniormanagement on IT issues and be prepared to change the way you do it.There's no standard model for that."