On the previous post we discussed the importance of IT Governance for the success of IT—that is, effectively supporting enterprise objectives through the use of IT, by correctly aligning IT goals with business goals.

It is easy to say that IT Governance is the key to a successful IT department, but what does having IT Governance in place really involve? What is behind a sound and comprehensive governance of IT?

In this post and the next ones, I will list and explain the key items required to enable a governance approach in an IT organization. Without these, it will be difficult to ensure that IT meets the expectations (and moreover the needs!) of the business.

1. Accurately identify stakeholders and their needs.

IT organizations serve many customers, both internal and external. There are many services delivered or enabled by IT that customers use, yet many times IT areas never realize some instances of this. How will IT define clear goals if they do not know what goals the business wants to achieve? Or how will they be able to define and meet service level targets if they never understand what customer needs are intended to be met through those services?

The market in all industries is constantly changing and so are regulatory requirements. New market needs arise all the time—hence the need of enterprises to innovate—and if IT ever loses track and visibility of this picture, I’m afraid it will become a reactive organization that barely fulfills their customers’ actual needs.

Be aware of your market and your contextual environment, the drivers that make your customers’ needs to change; this is what will help you define your IT organizational goals, identify the initiatives you need to undertake and prioritize the many projects you have in your portfolio, to deliver first the ones that will give the highest value to your customer: the business.

2. Have goals defined and a strong policy framework in place.

Both organizations and individuals need targets to accomplish and rules on how to accomplish those targets. Without rules there’s no order; and without order, goals will hardly be achieved, and what’s more, sustained. Don’t get me wrong; I’m not talking about a rigid organization that allows no one to laugh while working. No. I’m talking about polices that enforce compliance of individuals’ goals to organizational goals.

It is this simple: Organizational goals are achieved only when individuals’ goals are met. People need to be clearly aware of what is expected from them in the organization, and how their performance will impact the organization’s overall performance.

Define policies aligned to goals, communicate them to all relevant people in the organization, monitor compliance with the policies, and enforce them! Review them regularly to assess whether new policies need to be defined or current ones have to be disposed of. Remember it’s not about making people feel someone’s watching over them, but rather influencing people’s behaviors to meet the target goals.

3. Set the right culture and the desired behavior.

This point is tightly linked to the previous one, yet it has different implications. Policies are the means through which you influence people’s behavior, but they are not the ultimate goal; culture is! Culture is what makes organizations work the way they work; however, it is not the organization itself as an entity what defines its own culture—it is the people working at the organization who build the organizational culture through their collective behavior. We could say that the previous point is the means to achieving this one, but this one is what we want to aim for.

All IT organizations already have their own culture, and it is not that there are good and bad cultures. All cultures are different, and all of them have both good aspects and some vices that are causing issues in the organization. Lack of vision, focus on technology or processes rather than on services, business and IT areas fighting against each other as if they were competing organizations, too many meetings and little action, reactive instead of proactive approaches… do any of these sound familiar? All these are aspects that may be deeply embedded into an organization’s culture and they might need to be changed, because they are leading to unproductive results.

A target culture should be defined that leads to the achievement of the projected goals, and individuals’ behavior needs to be influenced to achieve the desired culture. Many paradigms will need to be broken throughout the IT Governance initiative, and all this is related to work with people’s behavior and organizational change. Again, policies are a good means (though not the only one) to influence the desired behavior.

Set your target culture based on what your business and your market need, study the context, identify your IT organization’s cultural weaknesses and strengths, assess the overall current culture and build a plan to transform it. Work with champions—people who adapt easily to change and who adopt the new culture fast—and influence others through their leadership. Be aware that many people will never change, but don’t get discouraged; keep building on improvements, and eventually those who resist change will no longer be able to cling to their rooted paradigms, because those will no longer be there.