The Infonomics Letter
In October 2013, The Infonomics Letter evolved into its third form
- appearing more frequently, but with each Letter addressing only one
topic. The Infonomics Letter in this form is delivered in its
entirety by email. In time, it will move to a more standard blog
format, with the inbuilt capability for discussion.
In October 2013, The Infonomics Letter evolved into its third form - appearing more frequently, but with each Letter addressing only one topic. The Infonomics Letter in this form is delivered in its entirety by email. In time, it will move to a more standard blog format, with the inbuilt capability for discussion.
Discussion is now also encouraged via a new LinkedIn Group -
unsurprisingly called The Infonomics Letter. Each new edition will
be posted to the group as it is released.
Discussion is now also encouraged via a new LinkedIn Group - unsurprisingly called The Infonomics Letter. Each new edition will be posted to the group as it is released.
Current Edition 10 October 2013
Advice for Government on Governance of IT
Government is a major consumer of information technology, and many governments around the globe have experienced considerable difficulty with delivery of new IT solutions for business requirements. Some also experience unacceptable levels of operational disruption due to unreliable and inadequate IT systems.
Yet every cloud has a silver lining, and in the case of government IT failures, the value comes from the reality that in most nations, government is open to intensive and ongoing scrutiny. Government IT failures are given little mercy in the popular press as the money perceived to have been wasted is compared to social welfare outcomes it might have bought, such as hospital beds and education. But far greater rigour in analysis of government IT misadventure comes from those charged with responsibility to ask hard questions – the government auditors, consultants engaged to find answers, and sometimes, high level investigations headed up by eminent persons such as active or recently retired members of the judiciary.
While every investigation carries its own fascinating stories of who did what, and how things went wrong, it is important to consider the overarching lessons that come from aggregating the findings from a collection of investigations. Look at the 2008 Gershon review into the Australian Government’s use of ICT and the follow-up Reineke Review of 2011, and contrast that with reports from the Victorian Government’s Auditor General and Ombudsman. Add in multiple layers of investigation from the payroll system debacle experienced by Queensland Health, and the parallel failure with the Ministry of Education payroll in New Zealand. Australian Customs’ effort in closing down the national supply chain in October 2005 produced substantial insight, as did one of the globe’s highest profile and most expensive IT failures – the United Kingdom National Health Service Program for IT. South Africa has its cases (as illustrated in its plan for governance of IT) and no doubt do many other nations.
The patterns are clear. When the IT agenda is controlled by the IT specialists, and the people who run the government agencies are not engaged, things often go wrong – sometimes horribly. None of the investigations that I have seen describe a significant government IT failure arising from a situation where the business leaders are firmly in control of the IT agenda. That should not be a surprising result. IT is fundamentally a tool of business. An IT solution on its own doesn’t deliver value or any other outcomes. Results come when the new or changed IT capability is complemented by change in the overall system of business – its design, its processes and its people. And that’s not rocket science – the foundation of knowledge for business change was laid down in the 1960’s by H.J. Leavitt. Successful business change comes from a whole-of-business approach, not a piecemeal one!
Governance of IT is the system by which we direct and control our use of IT. What we should have learned from Leavitt in 1964, and what has been reinforced time and time again through major government IT failures since then, is that we must direct and control our use of IT from a business perspective – not an IT perspective. And that doesn’t mean IT specialists pulling on a cloak that somehow endows them with top flight business skills. It means top flight business leaders coming to terms with what they can achieve by harnessing the capability of IT, and focusing on delivering the most valuable outcomes.
Many say that business leaders cannot govern IT, since they don’t have technology skills. Frankly, that’s rubbish! We make decisions all the time without technical knowledge of the key elements in those decisions. When we dress for the day, we don’t leave that task to a tailor, because only tailors know about clothing. When we drive to the station, or the office, we don’t expect the car manufacturer to organise that journey for us as only they know about how to design and build cars. Let me be absolutely clear here: we do not need to know much at all about how to design, build or operate information technology in order to understand the capability that information technology brings, or to plan new and improved business capability enabled by smarter, more effective and innovative use of IT.
No doubt, years of looking at technology the wrong way – focusing on the technology rather than its use – have enabled development of a culture in government and, most likely, in other fields of endeavour, where business leaders resist the notion that they should be involved in leadership of the IT agenda. This culture is starkly evident in many of the reviews of government IT failure. Government business leaders have found many ways to absent and excuse themselves from what should be core responsibility – to drive the agenda for business performance and capability through effective and integrated use of all available resources, including IT.
The International Standard for Corporate Governance of Information Technology (ISO/IEC 38500) was developed by experts from government and industry who understood at a deep intuitive level the critical importance of resetting the focusing the governance of IT on business issues, without losing sight of the technology issues. While it doesn’t say so explicitly, careful consideration of the guidance in the standard leads to one inescapable, three part conclusion, that business leaders must: take up primary responsibility for setting the agenda for use of IT as an integral aspect of business strategy; business leaders must take primary responsibility for successful delivery of investments in IT-enabled business capability; and business leaders must take up primary responsibility for ongoing successful operational use of IT in the course of routine business activity.
For technology specialists, there is an equally inescapable conclusion. Like finance and HR specialists, their job as stewards of a vital resource is to help business leaders perform their roles of primary responsibility as effectively as possible, without ever over-reaching and exceeding their role. Doing so creates the opportunity for business leaders to avoid and abdicate, with the eventual and seemingly inevitable consequence of disharmony, sub-optimal outcomes and, in the worst cases, major IT failures.
Achieving best practice in governance of IT demands a fundamental and comprehensive rework of the mindset in both business and technology leadership circles. Business leaders must learn and understand new responsibilities and develop the capability to discharge these responsibilities effectively. Technology leaders must relinquish some of what they thought (and in many cases were taught) was their primary responsibility. Both business and technology leaders must build new models for engagement, so that they can work effectively together to the benefit of the organisation and its stakeholders.
Such change takes time and effort, and requires intensive management, from the top. South Africa’s Department of Public Service Administration reports that two prior attempts to overhaul governance of IT across the South African Government failed, with the cause clearly being in failure of the change management program. South Africa’s new initiative for upgrading governance of IT now recognises the importance of first establishing the highest levels of business ownership, at ministerial and department head levels. Australia’s response to the Gershon Review has not delivered all of the intended outcomes because, as identified by follow-up reviewer Ian Reineke: the top level business ownership at pan-government and agency levels has been allowed to drift into a largely disengaged, all care – no responsibility administrative exercise.
What governments must learn from contemporary experience is that transformational change in governance of IT is critical to future performance and success of their investments in IT-enabled business capability, and that transformational change in governance of IT is itself immensely challenging, demanding substantial skill, significant time, and deep commitment. In addition to focusing its own energies, government should also send a message to the consulting sector specialists and to the IT industry overall – that government needs a new level of help, with deep understanding of best practice governance of IT as defined in ISO 38500, if it is to achieve the transformational change that is necessary.
You can help government get this message. Send it to somebody who can help make a difference!
Melbourne, 10 October 2013
To learn more about best practice governance of IT and ISO 38500:
· Melbourne, October 15th: IPAA ICT Communities of Practice Forum - “ICT Game Changers”
· Canberra, October 30th: ACS Canberra Branch Conference – “Digital Leadership”.
· Waltzing with the Elephant: A comprehensive guide to directing and controlling information technology