“After all is said and done, there is more said than done”
This material was originally posted ~10 years ago. I lost it when my website imploded a few weeks ago. A colleague sent me a copy of this post, saying that it was still really relevant today. Having read through it, I agree with him – in fact I believe it’s even more relevant than when I first wrote it. It is quite long, so I have structured it into 3 parts: The Problem; Underlying Causes; and Time for Action.
Part 1: The Problem
The body of knowledge around Enterprise Governance of IT, specifically as related to the realization of business value from today’s increasingly significant and complex investments in information technology has been growing for a number of decades. However, it could be argued that while every addition makes a positive contribution, the basic fundamentals have not changed for some time. Many current writings present these fundamentals as new ideas, often using slightly different language or models to describe what are essentially the same fundamentals. At the same time, the take up of these fundamentals continues to move at little more than a snail’s pace. As Craig Symons of Forrester once commented to me, “One of the things that never ceases to surprise me is that IT investment management (portfolio management) as a management process has been around since 1981 yet remains very immature in many organizations.” He went on to add that “Another issue is [my IT clients’] inability to get the business leadership interested in IT governance and engaging more actively with IT.” These comments certainly support my own experience and are in line with discussions that I have had with others including the Butler Group, Cranfield University’s School of Management, Gartner, and the University of Antwerp Management School (UAMS) – ITAG Research Institute, to name just a few. Whilst we should certainly continue adding to and improving the body of knowledge around this topic, we will not turn words into action until we put much more focus on understanding the constraints to adopting proven solutions that already exist and identifying and implementing approaches to overcoming those constraints.
In The Information Paradox, we identified that the challenge facing enterprises today is not implementing technology, although this is certainly not becoming any easier, but implementing IT-enabled organizational change. While the focus in the book was managing programs of IT-enabled change, we also pointed out that implementing what we then described as the Benefits Realization Approach, now more often described as Enterprise Governance of IT or Enterprise Value Management, is also a major change program, and should be managed as such. At a high level, we identified three stages of managing change:
- Awareness that there is a problem and of the need to do something;
- Understanding of the problem, what needs to be done, and commitment to act; and
- Action to develop and/or acquire the necessary capabilities to implement and sustain change.
While, as described above, much of the focus up to now has been on developing capabilities, i.e., solutions, the real challenge as it relates to managing the organizational change required is getting awareness and understanding of the problem by those who need to commit to the solution. In the more than twenty years that I have been speaking around the world on this topic, a comment that I invariably get at the end of any presentation is “My boss should have been here!” Middle managers and practitioners, including consultants, are generally aware of and in many cases understand the problem – they often recognize what needs to be done but are not usually the decision makers – in most cases they do not have the authority or resources do it. Most executives, those that do have the authority and the ability to deploy resources to do something about it, are not always aware of the need, rarely understand the nature of the problem, and, as a result, have little interest, let alone commitment, to do anything about it.
Awareness of the problem
It is hard to believe, given the amount of press that has been given to the problems associated with getting value from IT, that any board member or executive would not be aware of the problem of realizing demonstrable value from IT investments. In all too many cases however, it is seen as a problem other organizations have – “We do a pretty good job of this!” is a common response. This reflects one or a combination of lack of information, over-confidence in executive abilities, the so-called “confirmation bias” – seeking or interpreting evidence in ways that support pre-existing beliefs, or straight denial. Another common response is “We’re no worse than anyone else!” – hardly an inspiring rallying cry. The responses also reflect that, while governance is important, it is not exciting – it doesn’t grab headlines and does little for the ego or, sadly, the CV.
Understanding the problem
Where there is awareness of a problem, it is generally seen as an IT problem and the responsibility to fix it, along with the blame that comes when it is not fixed, is abdicated to the IT function. I say abdicated because the reality is that value does not come from technology itself – it comes from how organizations use the technology. This today often involves rethinking the nature of the business, the business model, business processes, people skills and competencies, organization structure, physical facilities etc. Even if the IT function had the ability to do this, which is rare, they do not have the span of control or authority to implement the necessary changes – this is and must be the responsibility of the business and the business must be held accountable for the realization of value from their use of technology. Unfortunately, our understanding of the nature of change and how to manage it has not kept pace with the rate of technology innovation. As Geoff Codd says in The Drowning Director ,”…many top people speak the language of change but have little understanding of what it all really means in practical terms.”
An even more fundamental problem in many enterprises is that there is limited understanding of what constitutes “value” for the enterprise, or how value is created. Strategies to create and sustain value are often poorly defined and even more poorly communicated. In a recent Harvard Business Review article, the authors suggest that most executives cannot articulate the basic elements of strategy of their business – objective, scope and advantage – in a simple statement of 35 words or less – and that if they can’t, neither can anyone else. Research at the IT Leadership Academy suggests that the main reason for over 60% of IT projects that were deemed to be “underperforming” or”disappointing” was not the technology or project management – it was bad business strategy. It would appear ironic that executives who cannot adequately define what is of value to their enterprise are frustrated that they cannot measure the value received from their IT investments.
Another common response at this point is “You’re making this much too complex!” There is indeed some truth to this given that the IT industry appears to have single-handedly invented English as a second language, i.e., talking in “techno-speak”. There are also a growing number of what are perceived to be competing frameworks in the marketplace. “Should we use CoBIT™ or ITIL™? How do they relate to Val IT™?” How does the new ISO 38500 standard fit?” are among the many questions asked at this stage . This is certainly an area where there is an opportunity to both simplify terminology – a common taxonomy would be a start – and to better communicate the relationship between what are often seen as competing frameworks. A former colleague of mine used to talk about the “tyranny of or versus the beauty of and“. The question shouldn’t be “Do I use Val IT, CoBIT or ITIL?” but rather “How do I use Val IT, CoBIT and ITIL?”
Again, however, the reality is that the way technology is being used today, and the business changes required to use it effectively to drive business value are increasingly complex. Enterprise Resource Planning, Customer Relationship Management, Supply Chain Management, Business Intelligence, Social Networking, etc. are extremely complex programs of business change. Denying complexity – taking a simplistic view of change – only increases complexity. Only when complexity is understood can it be simplified, and then only so far. As Albert Einstein once said, “Everything should be as simple as possible but no simpler.” Implementing organizational change requires changing our “traditional” approaches to governance – it requires that we “change how we change”! Again, as Geoff Codd suggested in The Drowning Director, the way forward includes “The introduction of an IT management and governance framework that explicitly stimulates and facilitates collaboration and knowledge exchange across the business/IT divide from the Board downwards.”
However, there is today no shortage of such frameworks. While they are a useful resource, they are not the answer. If we are move forward, we need to identify and address the underlying causes of the problem. In Part 2 of this series, I discuss the underlying causes.
 COBIT, ISACA, USA
 ITIL, AXELOS, UK
 The Val IT Framework: Enterprise Value: Governance of IT Investments, ISACA (2006, V2.0 20008), USA (Note that ISACA attempted to integrate Val IT with COBIT as described here. Until recently it was still available separately, but now only appears to be available to ISACA Academic Advocate Members.
 ISO/IEC 38500:2015), Information technology – Governance of IT for the organization
 Collis, D.J., and Rukstad, M.G. (2008). Can You Say What Your Strategy Is?, Harvard Business Review, 86(4), 82-90
 May, T. Opinion (2008): Why enterprise strategy matters to IT, IT Governance Institute (ITGI), USA
 Codd, G. (2008). The Drowning Director, Pen Press Publishers, UK
 Thorp, J (1998, 2nd Edition 2003). The Information Paradox: Realizing the Business Benefits of Information Technoloogy, McGraw-Hill, Canada