CENTER FOR Massachusetts INFORMATION Institute of SYSTEMS Technology RESEARCH Sloan School Cambridge of Management MassachusettsIT Governance on One PagePeter WeillJeanne W. RossNovember 2004CISR WP No. 349 and Sloan WP No. 4516-04 2004 Massachusetts Institute of Technology. All rights reserved. Research Article: a completed research article drawing on one or more CISR research projects that presents management frameworks, findings and recommendations. Research Summary: a summary of a research project with preliminary findings. Research Briefings: a collection of short executive summaries of key findings from research projects. Case Study: an in-depth description of a firm’s approach to an IT management issue (intended for MBA and executive education). Technical Research Report: a traditional academically rigorous research paper with detailed methodology, analysis, findings and references.
About the Center for Information Systems ResearchCISR MISSION CISR RESEARCH PATRONSCISR was founded in 1974 and has a strong track BT Grouprecord of practice based research on the managementof information technology. As we enter the twenty- DiamondCluster International, Inc.first century, CISR’s mission is to perform practical Gartnerempirical research on how firms generate business Hewlett-Packard Companyvalue from IT. CISR disseminates this research via Microsoft Corporationelectronic research briefings, working papers,research workshops and executive education. Recent Tata Consultancy Services—Americaand current research topics include: CISR SPONSORS2003 PROJECTS Business Models and IT Investments Aetna Inc. Governing IT for Different Performance Goals Allstate Insurance Co. Assessing Architecture Outcomes AstraZeneca Pharmaceuticals, LP Infrastructure as Variable Cost Banknorth, NA Managing IT Related Risks Biogen Idec, Inc.2004 PROJECTS Campbell Soup Company Assessing the Performance of Alternative Care USA Business Models Celanese Managing the Next Wave of Outsourcing Managing IT Architecture for Business Value ChevronTexaco Corporation Measuring IT-driven Risk Det Norske Veritas (Norway) Exploring the Role of the IT Unit in Leading eFunds Corporation IT-enabled Change EMC CorporationSince July 2000, CISR has been directed by Peter Weill, The Gillette Companyformerly of the Melbourne Business School. Drs. Jeanne The Guardian Life Insurance Company of AmericaRoss, George Westerman and Nils Fonstad are full timeCISR researchers. CISR is co-located with MIT Sloan’s Intel CorporationCenter for e-Business and Center for Coordination International Finance Corp.Science to facilitate collaboration between faculty and Merck and Companyresearchers. Merrill Lynch & Co., Inc.CISR is funded in part by Research Patrons and Sponsorsand we gratefully acknowledge the support and MetLifecontributions of its current Research Patrons and Mohegan SunSponsors. Motorola, Inc.CONTACT INFORMATION National Kidney Foundation, SingaporeCenter for Information Systems Research Nomura Research Institute, Ltd.MIT Sloan School of Management3 Cambridge Center, NE20-336 Pasco County, FloridaCambridge, MA 02142 Pfizer, Inc.Telephone: 617/253-2348 PFPC, Inc.Facsimile: 617/253-4424http://web.mit.edu/cisr/www Qwest Communications Raytheon CompanyPeter Weill, Director email@example.com State Street CorporationDavid Fitzgerald, Asst. to the Director firstname.lastname@example.orgJeanne Ross, Principal Res. Scientist email@example.com Telenor ASAGeorge Westerman, Res. Scientist firstname.lastname@example.org TRW Automotive, Inc.Nils Fonstad, Research Scientist email@example.comJack Rockart, Sr. Lecturer Emeritus firstname.lastname@example.orgChuck Gibson, Sr. Lecturer email@example.comChris Foglia, Center Manager firstname.lastname@example.orgJulie Coiro, Admin. Assistant email@example.com
CISR Working Paper No. 349Title: IT Governance on One PageAuthor: Peter Weill and Jeanne W. RossDate: November 2004Abstract: As firms strive to generate value from information technology (IT), managers areincreasingly aware that IT-related decisions and behaviors must be aligned with organizationalperformance goals. But many individuals throughout organizations make daily decisionsinfluencing the value received from IT. IT governance is the process by which firms align ITactions with their performance goals and assign accountability for those actions and theiroutcomes. To be effective, IT governance must be actively designed, not the result of isolatedmechanisms (e.g. steering committee, office of IT architecture, service level agreements)implemented at different times to address the challenge of the moment. Based on the bestpractices of 300 enterprises in 23 countries this paper offers an assessment and a one-pageframework to help firms design and communicate IT governance.Keywords: IT governance, governance framework15 Pages
IT GOVERNANCE ON ONE PAGE Peter Weill, Senior Research Scientist and Director, CISR, Jeanne W. Ross, Principal Research Scientist, CISR, MIT Sloan School of ManagementCompanies with effective IT governance have profits that are 20% higher than other companiespursuing similar strategies.1 One viable explanation for this differential is that IT governancespecifies accountabilities for IT-related business outcomes and helps companies align their ITinvestments with their business priorities. But IT governance is a mystery to key decision makersat most companies. Our research indicates that, on average, only 38% of senior managers in acompany know how IT is governed. Ignorance is not bliss. In our research senior managementawareness of IT governance processes proved to be the single best indicator of governanceeffectiveness with top performing firms having 60, 70 or 80% of senior executives aware of howIT is governed. Taking the time at senior management levels to design, implement, andcommunicate IT governance processes is worth the trouble—it pays off.In our study of almost 300 enterprises around the world, we did not identify a single best formulafor governing IT. However, one thing is clear: effective IT governance doesn’t happen byaccident. Top performing enterprises carefully design governance. Managers throughout theenterprise make daily decisions putting that design into practice.IT governance is the decision rights and accountability framework for encouraging desirablebehaviors in the use of IT. IT governance reflects broader corporate governance principles whilefocusing on the management and use of IT to achieve corporate performance goals. Because IToutcomes are often hard to measure, firms must assign responsibility for desired outcomes andassess how well they achieve them. IT governance shouldn’t be considered in isolation becauseIT is linked to other key enterprise assets (i.e. financial, human, intellectual property, physicaland relationships). Thus, IT governance might share mechanisms (such as executive committeesand budget processes) with other asset governance processes, thereby coordinating enterprise-wide decision making processes.Every enterprise engages in IT decision making, but firms differ considerably in howthoughtfully they define accountability and how rigorously they formalize and communicatedecision making processes. Without formal IT governance individual managers are left to1 Weill, P. and Ross, J. How Top Performers Manage IT Decision Rights for Superior Results, Harvard BusinessSchool Press, 2004.The authors would like to gratefully acknowledge all the managers who participated in the research as well as MarianneBroadbent, Mark McDonald and their Gartner colleagues. We also would like to acknowledge the MIT Sloan CISR Patrons andSponsors for supporting this research.This paper is based on two studies led by the authors. The first, a survey of CIOs at 256 enterprises in the Americas, Europe, andAsia Pacific on how enterprises govern IT, was developed by MIT Sloan’s Center for Information Systems Research in 2001 anddistributed throughout 2002 electronically and on paper by Gartner to members of its EXP group and by CISR to participants inexecutive courses. Gartner additionally contributed to the research by conducting ten case studies on IT governance. The secondwas a set of 40 interview based case studies examining IT governance in the context of organizational changes such as ERPimplementations, e-business initiatives, enterprise architecture development, and IT-enabled organizational transformations.These cases were developed by CISR researchers between 1995–2004. To understand how top performing enterprises governedIT, MIT CISR researchers analyzed the data using both statistical and qualitative analysis. The paper draws on and then extendsthe material in IT Governance: How Top Performers Manage IT Decision Rights for Superior Results,, P. Weill & J. Ross,Harvard Business School Press, 2004.