The Global Status Report on the Governance of Enterprise IT
Gert du Preez and Marc De Pauw
Release date: June 13, 2012
Host: Suzanne Bays
Guests: Gert du Preez and Marc De Pauw
Running time: 20:41 minutes
Ask 834 business executives and heads of IT what they think about the role of IT in their enterprise and you might expect to get 834 different answers. But that was not the case for the 4th edition of the IT Governance Institute’s Global Status Report on the Governance of Enterprise IT (GEIT). Gert du Preez and Marc De Pauw discuss the findings in this episode of Strategy Talks.
Voiceover: Welcome to Strategy Talks, the business podcast series from PwC Canada. This interview series featuring new topics and guest every episode is designed to give you valuable insight into some of today’s hottest issues affecting your business.
Susan: Ask 834 business executives and heads of IT what they think about the role of IT in their enterprise and you might expect to get 834 different answers, but that was not the case for the global status report on the governance of enterprise IT. Welcome to Strategy Talks, my name is Susan Bays, your host for today’s episode. I am joined today by Gert Du Preez a director in our technology consulting practice in Canada and Marc De Pauw a director in our governance, risk and compliance practice in Belgium. Gert and Mark will be discussing the findings of the Global Status Report on the Governance of Enterprise IT.
Gert, What were the objectives of this global study?
Gert: Susan, the IT Governance Institute asked us to conduct research for this which was the fourth edition of a global status report. The IT had three objectives for the study, firstly to better understand the degree to which this concept of IT governance is understood and accepted by the C suite, including both business and IT stakeholders, and that would really included their thoughts around how important IT in their businesses, the current contribution of IT, the value being delivered, the accountability for IT governance and also the degree to which IT governance is integrated with the overall enterprise governance. The second objective dealt with the level of IT governance that currently exist in the marketplace, so the maturity level of organizations with regards to IT governance, the frameworks that they use and also their perceptions around certain certifications and what is required or preferred in the market. The third one was to look at the impact of a couple of topics of current special interest and how they relate to IT governance. So for this survey, it included the impact of the economic crisis, innovation and also the governance of enterprise architecture.
Susan: That’s great, thanks Gert. Now Marc, how was this research conducted?
Marc: Well Susan, we used a combination of telephone and web survey methods and using a standard questionnaire for both of these methods. So as you mentioned, we finalized or completed 834 surveys of which 704 were completed through the online service and 130 we get it by telephone. We also ensure to have good demographic representation which allowed us then to have some interesting cross analysis. So we looked at geographic representation, in fact we had 21 countries surveyed including BRIC countries; so Brazil, Russia, India and China. We had an adequate representation of a variety of sectors; we surveyed both smaller enterprises and larger enterprises, and interesting also is that we had 450 respondents which were in fact heads of IT, while 384 were business executives, so giving both that business view and that IT view. Finally, we also could compare results of our survey with results of previous IT governance surveys which were conducted in 2004, 2006 and 2008.
Susan: That’s great! Now Gert, what outcomes did respondents mention regarding their IT governance initiatives?
Gert: So, the most commonly experienced outcomes mentioned by respondents, were improved management of IT risks and secondly improved relationships between the business and IT. So both of these outcomes were mentioned by 40% or more of respondents which is certainly very positive, we were also glad to see a couple of outcomes which will certainly resonate very strongly with the business. So almost 4 in 10 respondents cited lower IT costs as an outcome of their IT governance practices, and almost 3 in 10 mentioned improved business competitiveness; and these figures can really help organizations that are trying to build a business case for their IT governance projects by showing the value and the benefits that other organizations have realized. We did see some differences between the business and the IT respondents, so if we think of some of the more business focus outcomes, such as increased business competitiveness, those were mentioned more frequently by the business respondents and some of the more IT focus outcomes, such as improved IT innovations, mentioned more frequently by the IT respondents. While we are on that topic of improved IT innovations as an outcome, that was one of the outcomes mentioned the least frequently by respondents, only by 22% of them. We see that innovation is becoming so important in almost every organization in almost any industry sector, that there should be a focus for most organizations in their IT governance efforts.
Susan: So Marc, what were the findings of the study on the overall IT maturity levels of companies regarding their IT governance?
Marc: The good news is that IT governance has continued to grow in importance. In fact it has gained importance compared with our previous studies 2004/2006 and well it’s about the same level as we found in 2008. So in this 2011 survey, we observed that two thirds of respondents have some degree of IT governance measures in place, only a very small number, it’s about 5%, consider IT governance unimportant. Small enterprises reported a lower maturity profile than lager enterprises; 81% of large enterprises have at least ad hoc IT governance measures in place, while only about 50% of small enterprises claimed this level of maturity. Cross referencing responses on IT governance maturity level to the IT organization model, indicates that centralized IT organizations, have an overall higher maturity profile than de-centralized models. And the last interesting cross reference we found is that organizations that believe that IT is important to the delivery of the business strategy also show significantly higher IT governance maturity levels than organizations that do not consider IT important for their business strategy.
Susan: Interesting... Now Gert, what role can IT governance play in areas such as outsourcing in the cloud which many respondents are currently considering?
Gert: Susan when you look at the findings it reflected what we see with many organizations that we work with. So 93% of respondents had at least some form of outsourcing in place. Doing some of the cross analysis, we also found that those organizations with outsourcing are more likely in organizations where there is a proactive role of IT and also better perception of IT service levels. Sourcing decisions can have a significant impact on the effectiveness and efficiency of IT and as such it is a really important focus area for IT governance. We see many organizations that have implemented dedicated mechanisms for this, often called a “vendor management office (VMO)” or an “external service management committee” that can report on, oversee and coordinate the third party services and delivery and ultimately this can prevent value leakage and mitigate outsourcing risks, so significant value add there . However, when we turn to the cloud, it’s a bit of a different picture that emerges when we look at the results. So current usage of the cloud was found to be quite low, 1 in 8 respondents mentioned that they use it for mission critical IT services, and for the non-mission critical services it was 1 in 5. Almost 60% of respondents are currently not planning to use cloud computing for the mission critical services and 40% not planning to use for the non-critical mission services. When we look at emerging technologies such as the cloud, again, the right IT governance mechanisms can really help the adoption of these emerging technologies, for example by ensuring that the right communication channels and mechanisms exists among all the required stakeholders so that you can take a balanced view of the risks and benefits. Also when we asked respondents why they are not adopting or planning to adopt the cloud, the response most frequently mentioned was legacy infrastructure issues. Now if we think about planning about legacy infrastructure issues, it is complex it does involve many stakeholders, so by having a clear decision model that delineates responsibilities and accountability through your IT governance, it can help their decision making.
Susan: Thanks Gert. Now looking into the future Marc, what are some of the finding regarding the major initiatives that respondents are planning in the next 12 months, and what does it means from a governance perspective?
Marc: The main activities planned by respondents in the next 12 months, relate to major system implementations or upgrades, IT cost reduction initiatives and data or information initiatives. It’s also worth noting that one quarter of respondents are planning green IT or sustainability initiatives. Well what does this now mean from an IT governance perspective, well we heard that most common issues were around increasing IT costs and also insufficient number of IT staff. So these issues point to an area in which IT governance could make a significant impact namely improving the management of IT demands vs. supply. Enterprises should ensure that they have the right enablers to ensure transparency of demands and supply so that decisions on demand and it prioritization can be made involving all the right stakeholders. IT governance can also help to highlight and bring forward synergy between geographic locations or business units, by ensuring an enterprise wide portfolio view is taken across projects and initiatives. When certain respondents were asked to identify the main initiatives planned in the next 12 months, we heard IT cost reduction as one of the top 3 response, which can be seen as a response to the increasing cost issue overall in this crisis situation. This type of initiative is typically characterized by complex business and IT stakeholder environment, and as such is an area where effective governance arrangements can add significant value; for instance by defining and making transparent roles responsibilities and accountabilities for decision making and execution.
Susan: Gert, how can IT governance help organizations that want IT to play a more proactive role?
Gert: Susan indeed there is a lot of organizations that can still improve in that area. So when we ask respondents to rate their role as proactive or reactive, there was a slight majority that rated their role as proactive in the organization, 54% vs. 46%. However, and perhaps unsurprisingly, the heads of IT were more likely to rate their role as proactive compared to the business executives. So IT governance can definitely help here, if organizations want to move to a more proactive role. If we think of mechanisms such as IT governance structures, your steering committees, architecture review boards etc, they all promote more dialogue between the business and IT stakeholders. If we think of roles such as business relationship mangers within the IT function, they can really help IT to maintain a solid understanding of the business environment and context and drive communication of the business on how IT solutions or services can create business opportunities or solve emerging business issues. Also when we looked at cross analysis with one of the other questions on whether the head of IT is a member of the senior management team, we did find that 80% of these respondents who indicated the proactive role for IT also had the head of IT as a member of the senior executive team; and that make sense. As a member of the senior executive team, the head of IT can facilitate better communication and transparency of how IT can enable greater business value and also position IT to play a more proactive role, and he or she will also have earlier insight into some of the business initiatives that will enable IT to prepare better.
Susan: So Marc, what are the critical factors for successfully implementing IT governance?
Marc: Well Susan, I may be start here with putting forth some of the main challenges respondents reported in implementing IT governance, those were; communications, change management and trying to do too much at once. In response to a separate question on factors influencing IT governance implementation, half of the respondents selected the culture of the organization, its way of working and human factors; this confirms the importance of change management and communication during IT governance implementation. So.. In answer to your question, we believe that to be successful IT governance needs to be properly designed. In fact, like any other IT project, objectives should be realistic, scope should be well defined, and we need proper project management of the IT governance and we need to consider and include the people perspective; change management, communication, training and so on. For people wanting some further background on the ways to implement and improve IT governance in an organization we can refer here to ISACAs publications called Implementing and Continually Improving IT Governance, which is available for free for ISACA members through the ISACA website. In fact, Gert was one of the main contributors to this study, so I really recommend it.
Susan: That’s excellent, the results of the survey shows that enterprise architecture could be a specific area of focus for many organizations. Gert... what does this mean form a governance perspective?
Gert: Susan, Yes we asked respondents a series of questions on the current contributions of IT to the business, and we used a couple of sub dimensions such as the value creation of IT investments or the degree to which IT service levels are meeting business needs, and the lowest scoring dimension was IT enabling a rapid business change. Now, that inability to enable rapid business change and lack of agility, often are attributable to issues with enterprise architecture. So because of that rising importance of enterprise architecture, it’s also essential that the enterprise architecture is properly governed and managed. Certainly the right IT governance mechanisms can ensure appropriate steering and direction of an enterprise architecture so that over time agility can improve. So when we delve down a bit and asked respondents how they are currently governing enterprise architecture, we found that measures such as framework for the governance of enterprise architecture and an example there is TOGA (The Open Group Architecture Framework) as well as structures such as an architecture review board or committee, scored lower. So those are potential areas of focus for organization that want to improve the governance of enterprise architecture; especially when we think of structures such as the architecture review boards or review committee it can drive benefits such as improving reuse, synergies between initiative, making sure that total cost of ownership is insured and reducing complexity over time.
Susan: So I see that almost 20% of respondents indicated that they ended a project before it was fully implemented. Marc... how can this figure be improved upon?
Marc: Indeed Susan... well lets first have a look at the findings itself. So indeed one fifth of all respondents noted ending an IT related project before it was fully implemented. This response may be considered high because it pertains only to those projects not completed, so it does not include other projects that had been completed, but were not within time and or budget and did not achieve objectives. We found an interesting observation, by cross referencing this question to the question on the importance of IT to the successful delivery of the business strategy. We see that the premature ending of the IT related project, is more prevalent in those enterprises that do not consider IT important to the achievement of the strategy. Another interesting observation was the difference between IT and business respondents. The top reason mentioned by business respondents is that the project did not deliver as promised, whereas IT respondents, point to the project exceeding budget as the top reason. This we think highlights an opportunity to increase transparency regarding projects, their management and governance, to better align business and IT perceptions. How can this be improved, so how can we have less projects ending prematurely, our recommendations for improvements would go towards two areas; The investment management process, here we believe that more rigor in assessing requests and business cases for new initiatives could significantly lower the number of failed IT projects. Secondly, the level of oversight over projects, increasing the level of oversight by an appropriate committee from both IT and business would again lower the number of failed IT projects. Both of these areas could be positively affected by IT governance initiatives, such as ensuring use of the right gating process and assessments criteria when assessing new requests and enabling an appropriate level of governance and oversight over projects.
Susan: And the last question is for Gert, where should organizations start if they want to improve their IT governance?
Gert: Susan at PwC we usually help organizations to start by looking at the key IT related decisions are that needs to be made in the organization and in different domains. A domain could be strategy where a decision could be the approval of the strategy; enterprise architecture is another domain where an example of a decision could be allowing certain exception to the architecture principles; other domains could include sourcing, security, application and others. What you need to do then is to define the involvement of different business and IT stakeholders in these decisions to arrive at a decision model that brings clarity by identifying who is accountable, who is responsible, who needs to be consulted and who should be informed regarding the various decisions. And when we talk about stakeholders there, it could include both individuals, it could be the CIO, the head of development, the CFO. But, it could also include some of the current governance structure such as the IT steering committee. So once we have this decision model, you can then look at the right IT governance structures and in coming up with that, it might mean changes to the mandate or roles of some of your current structures or it could be the definition of new structures, such as the vendor management office that we mentioned earlier or the architecture review committee. Once you have these governance structures in place, you then need to look at what process do you need and what policies, standards and principles, they will support the governance of enterprise IT structures, and will also guide the execution of decisions made within these structures. So this is an investment that organizations need to make. However, we have seen that it is very much a worthwhile investment and when we link back to some of those outcomes that we mentioned earlier such as the lower cost or increased business competitiveness, we seen that there is an significant return on those investments.
Susan: Gert, Marc, thank you so much for sharing the survey results today. For more information, please visit pwc.com/ca/informationmanagement.
This concludes this episode of Strategy Talks. Thank you for listening, we hope you’ll join us again soon for another episode. To download or subscribe to this podcast series or to find more information, please visit pwc.com/ca/strategytalks.
The information in this podcast is provided with the understanding that the authors and publishers are not herein engaged in rendering legal accounting, tax or other professional advice or services. The audience should discuss with their professional advisors how the information may apply to their specific situation.
Copyright 2012 PricewaterhouseCoopers LLP. All rights reserved. PricewaterhouseCoopers refers to PricewaterhouseCoopers LLP an Ontario Limited Liability Partnership or as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity.
Of further interest