• United States



by No Analyst or Consultant

Is There a Smarter Way to Approach IT Governance?

May 03, 200512 mins
CSO and CISOData and Information Security

By Richard M. Melnicoff,

Sandy G. Shearer

and Deepak K. Goyal

Ask most C-level executives about IT governance and chances are they’ll respond with a frustrated roll of their eyes. Although a few organizations have had success in this area-creating effective programs for determining IT priorities, establishing reliable procedures for oversight and defining meaningful metrics to hold IT accountable for its performance-they appear to be in the minority these days.

The reasons for the frustration are legion. Some executives report that they have made huge investments in IT governance, in both time and money, only to discover that they ended up pulling the wrong levers: They often focused on curtailing projects rather than on creating competitive advantage through IT, thus failing to achieve their desired business and IT effectiveness goals. Some say they opted to simulate another company’s solution, only to be disappointed when the solution didn’t fit their particular problem. Others persevered with an existing IT governance model, but they eventually discovered that the business was moving in another direction.

Still other executives, overwhelmed by the abundance of technology alternatives, admit they may have over delegated the IT governance challenge, letting operating managers make decisions themselves, often without a strong fact base, because they assumed that the best technology solutions would emerge. One symptom of over delegation is that in some cases, business unit leaders choose to opt out; C-level leadership finds out later (or never) that all or part of an IT development or operation was handled outside the “system” through third parties.

Many executives say that yet another big challenge to creating effective IT governance comes when they find themselves separated from their technology executives by a language barrier. Finally, instead of grappling with such key decisions as centralized IT versus decentralized IT, outsourcing versus internal sourcing and how much oversight is necessary, some top executives simply choose to steer clear of IT governance issues altogether.

Sound familiar?

In fact, IT governance can be less complex than many executives realize-and it is surely far too important to ignore. Depending on the industry, IT budgets can account for 10 percent of total revenues-or more. Clearly, if that money is not well spent, the impact on the bottom line, both direct and indirect, can be dramatic. Indeed, one study1 shows that companies that tightly manage IT spending have higher earnings than those that overspend. Without effective governance, IT investments could be wasted in a variety of ways-and companies could end up with systems that degrade their competitive capabilities instead of enhancing them.

Unique environment

Moreover, it is possible (and desirable) for C-level executives to play a meaningful role in defining and determining IT governance, to establish clear objectives with the right amount of oversight and accounting-and to feel confident about the effort. Most important, perhaps, effective IT governance increasingly represents an investment that contributes directly to high business performance.

Accenture’s research and experience with hundreds of clients across a range of industries have demonstrated that IT governance policies are most successful when they are crafted to suit a company’s unique business environment. That said, one does not need to consider hundreds of IT governance models to find the one best suited for a particular company or business division. We have created a method for determining the right IT governance model for individual companies based on their specific business characteristics.

The Accenture IT Governance Model helps companies understand how their business environment determines the focus of their organization’s IT environment-and the critical role the company’s unique attributes play in designing an effective IT governance program. Using the model, executives can first measure the effectiveness of existing IT governance policies and then create a new program that addresses the priorities needed to nourish an IT organization and ensure the continued delivery of measurable business value.

In short, the right model provides a clear road map for IT governance decision making and a guide for assigning accountability and responsibility among C-level executives, business unit executives and the chief information officer. A major goal is to ensure that senior executives spend the appropriate amount of time and effort working on setting and managing the IT agenda-but no more.

Adding value

The first stage of creating an IT governance policy involves a basic review of the organization’s business environment according to two distinct criteria.

Rate of change. Certain companies operate in industries defined by a relatively high rate of change-semiconductors and telecommunications, for example. That pace is driven by such factors as rapid shifts in customer needs or preferences; disruptive changes caused by competition or government regulation; or new technologies that change the industry value chain, economics or product/service offerings. On the other hand, organizations in lower-rate-of-change industries- airlines, for instance-are characterized by a more gradual evolution of customer needs, the competitive landscape, government regulation, technologies and suppliers.

Basis for competitive advantage. Companies tend to be divided into two basic kinds of competitors. Companies in one group compete on the basis of operational efficiency. For these organizations, the emphasis is on minimizing costs across the enterprise and optimizing an existing business model to respond to marketplace changes. The other group of companies competes through product or service differentiation. These companies strive to create new business capabilities ahead of the competition or focus on developing new business models to capture emerging opportunities.

By considering both the rate of change and the basis for competitive advantage, executives can understand how the organization’s IT function adds value. The Accenture IT Governance Model uses these two criteria to assign companies to one of four categories.

  • Efficient, Predictable Operators are lower-rate-of-change organizations that compete on the basis of operational efficiency.
  • Information Integrators are lower-change organizations that compete on the basis of product/service differentiation.
  • Responsive Solution Providers are higher-change organizations that compete on operational efficiency.
  • New Capability Enablers are higher-change organizations that compete on product/service differentiation.

An organization’s particular basis for IT value-added determines what C-level executives should expect from their IT operations; this will ultimately have a direct impact on the choice of an appropriate IT governance model. The model chosen will also determine the required degree of C-level involvement.

For example, Efficient, Predictable Operators-companies with low rates of change and an emphasis on operational efficiency-focus on meeting business needs while tightly controlling costs. These companies depend on IT to keep costs low and to provide mature capabilities through such cost-saving devices as shared services, co-sourcing and outsourcing. Management expects IT to be a solid enabler of business-critical capabilities over the long haul.

Responsive Solution Providers, on the other hand, develop prioritized IT investment plans and longer-term-capability road maps. They use IT to deliver planned new capabilities that meet time-to-market windows in accordance with the road map while managing costs effectively.

The C-level executives at Information Integrators might expect information to be used to improve decision making and to develop new products and services. Another emphasis: offsetting increases in IT spending by generating higher revenues that deliver bottom-line results.

Top executives at New Capability Enablers can expect to imbue their IT organizations with the flexibility to meet rapidly changing business strategies and requirements. These companies tend to deliver innovative IT solutions to produce first-mover advantages, focusing their IT investments on flexible capabilities that deliver bottom-line results.

Areas for decision

Once top management determines the company’s unique expectations for IT, the next stage is to understand each of the decision areas for IT governance. The Accenture model considers five basic decision areas-the “what” of IT governance-and poses some fundamental questions for each.

  • Organizing model. Should the company adopt a centralized, decentralized or hybrid approach?
  • Investment. What should the company invest in, and how much should it invest?
  • Architecture. Should the company emphasize stability or flexibility? To what degree? Should applications be externally purchased or internally developed? Should there be a single, comprehensive ERP application, or multiple applications?
  • Standards. Which components of technology should the organization standardize, and which standards should it adopt?
  • Resources. What types of resources should the IT organization utilize, and what should be the sourcing of those resources?

A company’s primary basis of IT value-added will determine the specific objectives for each of these decision areas. Consider the decisions facing a company designated as an Efficient, Predictable Operator. The preferred organizing model for such a company is centralized governance, with IT accountable for budgets and decisions. It’s an approach taken by Canada Post Corporation, which adheres to a simplified organizing model, with a central coordinating body that prioritizes actions and executes through a single IT source.

When it comes to decisions about standards, organizations in this category should enforce companywide architecture, technology and vendor standards, allowing deviations only on an exception-justified basis. Groupama, a large French insurance company, is an example of an Efficient, Predictable Operator. The company standardized a groupwide IT structure so it could optimize core IT processes, integrate systems supporting its non-life business, migrate data, deploy a new system to support its health business and implement a work-space infrastructure. The initiative was part of an effort that is expected to generate close to $190 million annually in IT cost savings.

In the area of resources decisions, Efficient, Predictable Operators use a combination of internal and external resources but enter into corporate contracts with a small set of preferred service providers. When one global chemicals company determined that IT was not a core business, it outsourced the entire operation, including the worldwide implementation and support of an enterprise resource planning system the company itself had started.

Meanwhile, the experiences of a large North American bank illustrate the IT governance challenges facing a Responsive Solution Provider. The financial services company operates in a rapidly changing market and competes on the basis of operational efficiency. Responsive Solution Providers like this bank should consider adopting a hybrid governance model, with business units accountable for investment decisions and IT accountable for solution delivery. At the bank, individual business units establish IT priorities committees, with the allocation of budget and resources going to key business unit projects.

Responsive Solution Providers should define technology standards and select reliable IT vendors for mature components of the architecture, and provide directional guidance for evolving components. An underlying technology architecture standard at the bank, for example, creates a consistent, low-cost, reliable and secure operations environment.

Certain airlines, with their focus on simplification, could be characterized as Information Integrators. When it comes to architecture decisions, these companies strive to develop an enterprisewide information architecture that integrates internal and external stakeholders, and offers a standard interface for rapid application development.

It’s a move one airline made when it brought together its decentralized IT investments to create a unified information architecture, creating an integrated infrastructure that linked core legacy applications. The IT governance architecture allowed the company to add new technology in a simpler and less risky manner.


And what about the “who” of IT governance? An effective IT governance model takes the to-do list one step higher: It provides guidelines for accountability and responsibility among C-level executives, business unit executives and the CIO.

For example, at a New Capability Enabler, the IT-related responsibilities for a C-level executive include evaluating new business model ideas and approving business unit strategies; authorizing the additional IT budget required to enable new ideas; monitoring progress; and, if necessary, taking corrective action.

At the same company, the business unit executive would be responsible for developing technology-enabled new business model/capability ideas and formulating business strategies around them, and then realizing those ideas with assistance from IT. Meanwhile, the CIO at a New Capability Enabler would identify new business capabilities enabled through a combination of existing and emerging technologies, and develop internal and external resource pools to help business units quickly realize the value of new ideas. This is the road taken by one global provider of transportation, e-commerce and business services. The company developed and launched one IT-enabled innovation after another, from point-of-presence package-scanning devices to its online transaction capability.

Conversely, the C-level executive at an Efficient, Predictable Operator sets the IT budget, approves contracts and reviews IT investment decisions that exceed predefined limits; at the same time, business unit executives focus on communicating their business requirements to IT and on establishing service-level agreements. This frees the CIO to focus on IT investment decisions that help maintain the stability of applications and architectures and to recommend preferred service providers.

Case in point: Canada Post. The CIO is responsible for technology architecture decisions related to computing and communications, while the management executive committee, which includes the CIO as well as other C-level and business executives, makes business decisions related to IT, such as application deployment, IT investments and project priorities.

As IT’s contribution to business performance continues to grow in importance, so will the need for top management to stay ahead of the learning curve-and to treat IT governance as a capability that cannot be ignored, downplayed or over-delegated. The right IT decisions at the right times often spell the difference between keeping up with your competitors or consistently outperforming them.

An effective, business-specific IT governance model is an essential tool for executives wrestling with the challenge of leveraging the full potential of IT as a generator of sustainable business value. It allows top managers to readily evaluate their company’s existing governance structure and determine if the IT environment needs to be altered. And if they see the need, C-level executives can determine the changes necessary for improving their company’s IT operations-and, as a likely result, their company’s performance.

This article originally appeared in Outlook, Vol. XVII, No. 1, February 2005, an Accenture publication. Copyright 2005 Accenture. All rights reserved. Reprinted by permission.

1 “Business Value Creation Through IT,” Accenture 2002

About the Authors

Richard M. Melnicoff, a partner in the Accenture Strategy service line, leads the company’s Strategic Information Technology Effectiveness (SITE) group in North America. He can be reached at

Sandy G. Shearer and Deepak K. Goyal, are associate partners in Accenture’s SITE group.

Ronald Babin, a Toronto-based SITE associate partner, David Quinney, a London-based SITE associate partner, and Thomas H. Hofbauer, a Frankfurt-based SITE partner, contributed to this article.