What’s IT governance?

I want it all, I want it all, I want it all, and I want it now.
-Queen, “I Want It All”

Information Technology (IT) is in a tough spot on many campuses. Service quality is expected to be very high: people don’t want to have to call the Help Desk; things should just work. At the same time, many areas of campus want new IT services that enable them to be more effective: for example e-procurement tools that eliminate manual purchase order creation. Finally, providing new services and existing services at high quality costs money, but the money has to come from somewhere–and the big IT budgets are often a target for budget cuts, not increases.

Triangle with the words "value," "cost," and "risk" at the three points.
The three core factors for IT governance: value, cost, and risk. IT providers are experts on cost and risk. IT consumers/customers are experts on value and risk.

IT governance pulls the right people together who represent both IT “suppliers” (groups providing IT service to campus) and IT “consumers” (groups receiving value from IT service) to have conversations about balancing IT value, cost, and risk.

IT governance is not about IT defending itself. Good IT governance thinks of IT as an institutional asset that should be applied where it’s most needed. This is in stark contrast to thinking of IT as an “ivory tower,” where IT makes its own decisions about what’s best for campus and you just have to live with it. IT governance puts the people receiving value from IT in the driver’s seat for high-level IT decisions.

As such, IT departments can perceive IT governance as a threat: what is IT’s job, if it isn’t deciding what the next technology is to pursue? what if IT governance makes bad decisions? However, if you’ve lived without IT governance, you know the flip side of IT making all the decisions: IT is blamed for everything. IT never does enough.

The “Big 3” Higher Education IT Committees

3 boxes: "cabinet-level IT governance" box with two boxes "academic IT governance" and "administrative IT governance" drawn underneath it
The simplest set of higher education governance: academic and administrative governance committees reporting to a cabinet-level IT governance committee.

I consider the below three committees to be the minimum for a campus of any size. These committees could further create other ad hoc or standing committees as needed to help them make decisions.

Your big question here may be–is it worth it? Is it worth spending ~50 hours/month just to talk about IT?

For one, IT governance should talk about IT as an enabling asset, rather than IT for IT’s sake. For example conversations should look less like “Should we roll-out 802.11n for campus?” and more like “Is our network fast enough that a class of 200 students can simultaneously search for videos about exothermic reactions?”

The answer to whether IT governance is worth the time certainly depends on your situation. Some questions I’d ask to help you think about whether to pursue IT governance:

  • how many hours a month would these people otherwise talk about IT? (Include hours spent meeting directly with the CIO &/or CIO’s boss)
  • how valuable is it for campus to have a better sense of IT’s direction? or to set IT’s direction?
  • how much better can IT understand and deliver what’s actually valuable to campus through these meetings?
  • how else can campus see (and influence) what they’re getting from the IT budget?

Cabinet-level IT governance committee

The highest level of IT governance. This group includes the senior “power players” on campus and can make big decisions. It would be good practice for this group to be a Board-level committee, but more often I have seen this at the President+VP+AVP levels.

Irrespective of what this committee does, by its very existence any IT disagreements can be escalated to this group. For example, if one department is about to purchase a $100,000 IT tool but the tool won’t work with other tools, that potential purchase can be escalated to this group.

This group can help align the capital budgeting process to the IT portfolio, set the high-level IT strategy, policies, and principles, review IT services or ensure they are reviewed, and more depending on the institution’s current pain points.

Administrative IT governance committee

A committee responsible for all administrative IT services, e.g. the ERP system. This group includes the “power players” for administrative computing–the people who would sponsor any big projects related to administrative IT.

Any administrative IT-related disagreements can be escalated to this group, for example whether to have an extra ERP system upgrade. This group reports to/advises the cabinet-level IT governance committee and can escalate things to them.

Academic IT governance committee

A committee responsible for all academic services, e.g. learning management systems and classroom technology. This group includes strong faculty representation and could be a faculty committee.

Any academic IT-related disagreements can escalate here, e.g. whether to switch learning management tools. This group reports to/advises the cabinet-level IT governance committee and can escalate things to them.

Good IT governance depends on other IT management capabilities

For IT governance to be effective, it has to be presented with substantial questions to answer. These questions often come from other IT management capabilities, such as IT service management (e.g. what service levels are expected?). (Aside: if you want to know more about which processes most support IT governance, COBIT does a particularly good job of illustrating process dependencies and showing how the outputs of one process can be inputs to another.)

For example, if there is effective IT project portfolio management, governance groups can see the academic, administrative, or overall project portfolios and governance input can help authorize and schedule future projects. If there isn’t IT portfolio management, governance might just get a list of what’s currently being worked on–which is much less useful.

That said, it takes time and energy to develop your IT governance, and an attention to opportunities that may present themselves for introducing IT governance concepts. Building the relationships and knowledge of the IT governance stakeholders will take patience. You can certainly proceed “in parallel” with developing IT governance as you work on your other IT management processes.