Thursday, November 21, 2013

Governance: where's the beef?

Alas, I betray my age by referring to a TV commercial that in its day everybody recognized instantly.

Most people in the IT consulting business know about Gartner and Forrester, the largest IT advisory services that I know of. When I worked at Gartner, I was always amazed at the volume and quality of the material and analysis that was available. Indeed, my role was to make it more accessible to clients so they would appreciate the value of their subscription, and a full-time role it was to ferret out all the nuggets that were sitting right there. My particular role was in the area of enterprise architecture (EA), which usually evolved quickly into other governance areas as well.

What struck me was how few successful companies are actually using that advice. I don't mean adopting blindly and wholesale, but at least taking at least some significant aspect of it and tailoring it to their situation. Gartner's maturity model, mapping to SEI-CMM practice, established a 5-point range where 1 is a freebie (i.e. "clueless") and specifically means the organization has nothing is place but has decided to conduct an assessment. So really 2 is the lowest score you can get. Their practice indicated (then, anyway) that in each sector of the governance business, their clients consistently average a score in the 2.x range out of 5, and their respondents seldom get above 3.x. And these are the larger and more successful companies on the planet.

If this governance business is all it is cracked up to be, surely an organization not using it would fall into chaos immediately?  Conversely, if hardly anyone is doing it, surely the company that decided to actually do it would shoot rapidly to the top of their pyramid?  If each of these governance disciplines is truly capable of generating meaningful bottom-line impacts, either by enabling new capabilities or at least making a dent in operating costs, how high could profits go?

Yet this is not done. I venture to suggest with some degree of inside knowledge of several august organizations, even by the very companies that sell these processes to others. Are these processes really engines of productivity, or just a consultant-industry self-employment scam?

If your company is one of those that does not, I imagine you'll be unwilling to say so in public, in which case you're welcome to tell me off-line why not, and we can add it in to this topic. Otherwise feel free to comment here starting with "Some organizations find that ..." :-)

If your company is one of those that has instituted on or more governance functions and sees it as a success factor, please let us know which ones and how they are working.

** Caveat: IT security is undoubtedly being practiced in most places, at least after some fashion, but even so it would not be wise to say what you are or are not doing. Organizations frown on this because attackers would love to read about what your security protections are and are not. So please stay away from that! **

No comments:

Post a Comment