While the popular less is more philosophy has its merits, italso has its dangers. Achieving the former and avoiding the latterdepends on good IT governance.

BY MAREK JAKUBIK

Recent years have been heavily marked by various technologymisfortunes. Consequently, an overall regressive attitude towardtechnology investments has developed in most industries. In someinstances, this attitude extended all the way to questioning thevery role technology can play in a companys strategies. Witness thedebate that followed Nicholas Carrs 2003 Harvard Business Reviewarticle famously titled IT Doesnt Matter.

In the continuing sluggish economy, adoption of moreconservative approaches to technology spending is entirelyunderstandable. Hype-driven overspending indeed needed to bechecked, and checked it was. It was a period of noticeable reversalfrom the previous era. Simplicity, clarity, focus were the newvalues. Such thinking produced many positive effects: reduction ofcomplexity, paring down of the cost structures, and focus onimprovements in execution.

However, together with the good stuff, the less is more thinkingis producing a host of dangerous practices and attitudes in someorganizations. Theyre dangerous because, instead of beingrecognized as simply tactical responses, these ideas are acquiringthe almost-noble status of accepted business practices, eventheories. Very soon they will start producing pain in theorganizations that are becoming addicted to them.
The first affliction is an attitude expressed as, We dont need astrategy; well respond when we need to . . .

Just-in-Time Strategy = No StrategicCapability

To be sure, the problem is not new. Years ago, I watched a CEOwhose strategic motto was, Hang loose and be ready. For quite a fewyears, all was (relatively) welluntil the day when the companyfound itself in circumstances forcing it to make a major strategicchange. Loose it was indeed, but what really stood out was howtotally unprepared it was to respond.

The lesson: Even the best strategy that works today needs to betested, retested, and most importantly, subjected to what-ifscenarios. This has nothing to do with the assumption that apredictable path to the future can be extrapolated from theexperience of the past or that strategic outcomes always can bepredetermined. It is all about a steady practicing of strategicthinking that develops a human and organizational capacity, whichin turn, becomes invaluable in times that call for a change. Ourhang loose company sorely lacked such capacity when it was mostneeded.

The same is true of IT. While just-in-time thinking certainly iseasier, fitting the current anti-technology mood and typicallyinvoking less risk (at least in the short term), it also is aformula that drains IT of high-level skills to analyze, plan,adjust, and respond strategically.

Incrementalism

Another accepted approach that crept into many organizations isinsistence that no project can last more than six months. A finetactic to limit risk, I admit. However, in too many instances, ithas developed into a limiting, even paralyzing device. It is onething to embrace a strategy of radical incrementalism built on anotion of rapid waves of near-term initiatives linked by a sharedview of strategic direction. It is quite another, as often happens,to limit ones view to six, or a maximum 12, months.

Properly used, incrementalism works, but some things, andespecially the important ones, only can be done through largeeffort. Com-panies that do not practice large effort are unpreparedmethodically and mentally. As a result, they tend simply to shyaway from anything that does not fit their smallish image.

That, for example, is the key reason so few carriers are readyto execute a major attack on replacing their legacy applications.They know they need to do it, but the risk associated with size andcomplexity of the task overwhelms and paralyzes them.
CIOs need to have a plan for conquering various phenomenaassociated with down cycles. That is absolutely essential so that,while moving temporarily at a slower pace, their organizations donot lose their ability to think and act strategically and do notsuccumb to small-scale and constrained thinking. Smart CIOs achievethat by persistently investing in a process that allows them notjust to lead but govern.

The CIOs Weapon:
Good IT Governance

Of course, good IT governance is an effective tool to manage andcontrol the IT risks that are so much more pronounced in times oflow economic prosperity. But good governing is not just abouteffective controls but also, and foremost, about moving thingsforward. That is the context and scope of IT governance discussedhere.

Management of IT assets is more and more important to theperformance of most enterprises. A reliable, cost-effective,regulation-compliant, secure, and strategic IT portfolio is morecritical today than ever before. The person or group owning ITgovernance must understand what the technology is and is notcapable of. It is not the technical details that are critical but afeel for the two-way connection between strategy and IT.
Hence, IT governance must be looked upon as a vehicle that enforcesenterprisewide communication and accountability. It must encourageand leverage the creativity of the entire enterprises brainpowerwhile ensuring alignment with its vision and principles.

There is a growing acceptance of the critical role IT governanceplays in delivering high performance in IT. In a 2003 surveyconducted by ITGI and CobiT, more than 80 percent of IT managersrecognized IT governance or some part thereof was required toresolve IT issues they were facing.

The stock market already assigns premium to companies withexcellent corporate governance. There is little doubt a similarpremium should be assigned for good IT governance. One MIT studyestimates companies with good IT governance receive up to 40percent greater return for the same IT investment.

IT Governance Defined

First and foremost, IT governance defines a framework for rightsand accountabilities related to making IT decisions. Second, itdictates desirable behaviors in the context of using ITresources.
Within such a framework, good IT governance addresses at least fourkey areas of IT decisions:

IT principles
IT investments
IT architecture
Business solutions

Within each area of IT governance, a set of guiding rules forcollaborative decision-making among corporate, the business unit,and IT management needs to be agreed upon. Although the rulepatterns vary from company to company, there usually is onepredominant variant that fits each area best.

IT principles set the strategic role for IT, including issuessuch as structure, strategy alignment, culture, mission, values,norms, and balance of business-unit autonomy vs. commonality. Theprinciples provide a practical guidance on how to use IT. Some maybe non-negotiable, e.g., The corporate interests and needs comefirst when introducing and exploiting technology or whencontracting with suppliers. Developing these principles is bestdone by a relatively intimate, small group of business and ITsenior executives, for example, the CEO and CIO.

Decisions concerning IT investments and priorities require alarger forum. This is an area where the CIO has to interact withmost, if not all, senior business executives. Some decisions, asfor example, How much to spend on IT? crucially require not justinput but a leading role from the very top (see CIO Chronicles: IfI Were a CEO, July 2004, for a more detailed discussion of thistopic).

IT architecture is the most difficult nut to crack. Most CIOsunderstand well the critical role IT architecture plays in creatinga cost-effective technology environment able to respond rapidly tobusiness changes. Very few, however, know how to communicate thatcriticality to their CXOs. Even when they do, the arcane languageused to describe architectural issues guarantees to make the eyesof chief executives glaze over. Unfortunately, I can offer nomagical solution. Still, I do encourage CIOs to keep placing theissues of IT architectures on the executive meetings agendas. Thekey reasons are twofold. First, to fight a widespread unawarenessof the fact the endemic inflexibility and slow response of ITchiefly is caused by the rigidity of current technologyarchitectures (and not laziness or ineptitude of programmers, forexample). Second, to increase awareness that such a poor state ofaffairs only can be improved through a planned, strategic (i.e.,not business-case-driven) investment in architectural upgrades. Thegoal is to instill a high degree of confidence and trust amongbusiness managers that IT can and should take an unqualified leadin making architecture (including infrastructure) decisions.Per-sonal leadership of CIOs on this issue is absolutelyessential.

In contrast, decisions concerning business solutions usuallyshould be governed collectively by business and IT units. The onlyvariation is the degree of weight each group carries. It should benoted recent years brought a strong and visible shift towardplacing responsibility for business applications in the hands ofbusiness people.

Contrarily, in a recent survey conducted by the InsuranceTechnology Group among midsize P&C carriers, only one companyreported an operating model where business was chiefly responsiblefor business applications. In more than 85 percent of situations,the responsibility remained primarily in the hands of IT. Eitherthe P&C industry knows better, or it needs to pull up itssocks.

, a former CIO of Zurich Financial and Pitney Bowes, is aco-founder and managing director of the Insurance Technology Group(www.insurancetg.com). Hecan be reached at 416-214-3445 or [email protected].

CIO Chronicles is a regular feature in Tech Decisions andfocuses on issues of concern to midmarket insurers. Its content isthe responsibility of the author. Views and opinions in thisarticle are those of the author and do not necessarily representthose of Tech Decisions.