Herein lie some very important messages for all board members and non-IT executives who are involved with governing the use IT in any sort of organization, commercial or otherwise, from the very largest to the very smallest.
Mark Toomey is managing director of Infonomics, which focuses on helping organizations ensure that their use of information technology is efficient and acceptable. "That's what you get when you have effective governance of IT," he says.
"Our specialty is corporate governance of IT, helping the people who own and run the company make sure that IT is doing for them what they need."
I hope that my efforts in producing this podcast are not in vain, and that you to pass it on to the non-IT top executives and directors of your organization responsible for running your organization. Of course, CIOs and other IT technology-oriented people also will do well to heed the underlying messages, but it is not primarily directed at IT practitioners.
The essence of corporate governance of IT was summed up by Mark's statement that "A lot of the problems that exist in the use of IT today come not from technology issues but from organizational and management issues."
"That has enabled me to focus on this question of what are the governance issues for organizations around making sure that IT actually works properly."
"I became involved in governance of IT around the year 2000, and it was pretty much a follow-though of experiences of the previous years, where I had encountered a number of situations where the technology itself was just fine but the organization that were using the technology were treating it as a black box rather than as a tool of business."
"Through looking at organizations that were having problems with projects and with operational systems, it became fairly clear to me that there was a big gap between the Chief Information Officer and the chairman of the board, where the conversations weren't able to happen effectively because pretty much people were talking different languages."
"The board thought that it needed to ask questions about technology, when in fact what the board needed to do was ask questions about how the technology was being used. That's quite a different set of questions."
PLEASE READ ON...
"But if were doing that in the way that we talk about IT we'd be talking about very, very technical details of things like how the transmission operates, how the suspension is designed, and so on. Things that are not really relevant at all to the person who is wanting to know whether the car is going to suit their needs."
Marks says that a culture originally developed where, due to high cost in the early days, you talked about the very technical elements of the technology. In the last twenty years, information technology has come out of the laboratory, onto the street, onto the desktop, and the discussion that we need to have about it today is vastly different."
"It's not a question of which technology is better, which processor chip is faster, how much memory you have."
"It's a question of what can I do with this thing to effectively run my business, and how do I make sure that when I invest in technology I actually get a return on that investment."
I asked about the ever-decreasing cost of technology. "Not too many years ago," responded Mark Toomey, "you used to talk of the rule of thumb that said that any investment in information technology was fifty percent the technology and fifty percent the change effort."
"I think — and this is purely anecdotal — that that figure has moved to somewhere around 20/80, or maybe 25/75 now, but only a minor portion of the cost of a new business capability is in the IT components and that a much greater portion of the cost in in developing the organizational capability to use the new technology component."
"It astounds me," he continued, "that, even though that reality is becoming more and more obvious, we see organizations still running IT projects rather than business change projects where they have estimated the cost as being just the IT component. And then they're surprised when it comes in late and over budget because they hadn't planned for all the other activities."
We covered many other aspects of governance in our discussion. The theme that kept coming through, whether for very large-scale multi-organization projects or for single organizations and even down to the smallest of organizations, is as Mark Toomey put it: "It's still vitally important to recognize that when you're using information technology to drive some change, what you are doing is actually changing the way that your business operates."
"You're changing jobs that people do, you're changing the way that your customers and your suppliers interact with your company, and all of those factors combine with the fact that you're building some new technology or you've bought some new technology and you're implementing it to make the project that you're undertaking somewhat more significant than merely installing a piece of software."
Mark makes the point that the ease of buying a computer game and installing it on your home computer has somehow given some people the idea that you can do the same with a piece of business software: you buy it, hand it over to your IT people, they install it, and everybody can just start using it.
"That cargo cult mentality of course completely forgets about the fact that the majority of the people who work in an organization (a) they're busy, and (b) they're pretty averse to change. And organizations that have done things like that have found out to their regret that generally their new software doesn't get used, and that things don't change."
PLEASE READ ON...
"We focus on all the other things: helping the leaders of the organization, particularly the top-level executives and the board, understand the part that they have to play in making sure that all of the activities are actually done to produce a result with information technology. And that set of activities we call collectively corporate governance of information technology."
He explained that in about 2003 he became involved in the development of an Australian standard for corporate governance of information technology. That standard is known as AS 8015."
"It was published in early 2005, and during 2006 it started a journey to adoption as an international standard. That journey reached its final climax in June 2008, when international standard ISO/IEC 38500 was finally published."
"That standard is very consistent with the Australian standard that was its forerunner, and it is written for the board of directors and the top executives of an organization to explain to them the fact that they have a responsibility to govern the use of IT and to provide the m with a very simple framework that they can use to perform that role of governing IT."
"One of the key elements in that standard is the recognition that, to govern the use of IT, no director and no top executive actually needs to even be able to turn on a computer let alone understand how computers are programmed!"
"Instead of asking the IT Manager or the Chief Information Officer or the Project Director technical questions about the project, and when all the problems are going to be solved, all the board needs to ask is: What's the business case for continuing?"
PLEASE READ ON...
Whether you are running a large organization of a tiny one, you are duty bound — legally, that is — to do a proper job as a top executive or director.
You most definitely should listen to the remainder of this interview with Mark Toomey. You will collect extra pearls of wisdom about IT governance that will be of great assistance in meeting your obligations.
"It's a challenging concept," he says, "for a director or a top executive who's never had to deal with computers to actually stand up and ask questions about information technology. But as you start to learn from the standard there are some very, very straightforward questions that can be asked."
"One of my favorites — it's not actually written in the standard this way —but if the board has approved an IT project some time in the past, and that IT project is chugging along."
"We all know that IT projects eventually get into trouble: they run into budget problems, they run into time problems." Listen to the podcast to discover the key governance question that needs to be asked under such circumstances.
Also listen for the example Mark gives of how IT governance might be applied even to a single-person organization, and how the business principles behind effective IT governance can help organizations in difficult times.
You may enrol for the Infonomics newsletter and view other useful resources there too, things that we didn't have time to cover during the interview including presentations and brief slides (such as The Gershon Review and IT Governance).
Download the Infonomics corporate governance of IT podcast from here (MP3 format, file size 11.9 MB, duration 31:03).
I have gone to considerable lengths to arrange, record and prepare this podcast for publication (as with my previous and imminent podcasts). Has it been of interest and relevance to you?
See all my articles, including
some fun and test your grey matter at the same time!