At the annual itSMF Finland conference in Helsinki on October 2nd, I asked the opening keynote speaker, Frans Westerlund, CIO at Fiskars Corporation, about the attitude of the Fiskars board members with respect to IT. He said that he considered himself very lucky because the board members had a good understanding of IT and how to deal with it. He explained that many of them had learnt the hard way that you need to treat IT seriously in order to prevent disasters and ensure a good return on investment. He also mentioned being fortunate to be a permanent board member, instead of being invited to a board meeting just to report about IT, and often being the last and least important item on the agenda. I believe that it’s useful to distinguish between three scenarios:
Board on board
The Fiskars scenario is pretty much ideal, in which the board is conscious of the need to take ownership and is competent to govern IT. Unfortunately this is not often the case, as Frans intimated with his remarks about being lucky.
Lost at sea
The doom scenario at the other end of the spectrum is of course the unconscious/incompetent combination. Attempts by the CIO to ‘sell’ the governance role to the board have fallen on deaf ears, and only a (near) disaster will get the message across. The CIO and his or her team will just have to play a defensive game in damage control mode until the climate changes.
Waving, not drowning
A more promising scenario is when the board is conscious of the importance of IT and is managing but struggling with their governance capabilities. This is probably the ideal situation to play the BRM card. Not that you shouldn’t deploy Business Relationship Management in the other two scenarios, but you’ll probably get the most return in terms of capability growth.
According to the BRM Institute, Business Relationship Management is not only a role ‘Business Relationship Manager’ but also an organizational capability in the sense that many roles contribute to BRM, particularly the customer-facing ones such as those tasked with service desk and service level management. The Business Relationship Manager fulfils the role of an expert trusted advisor who has sufficient expertise in key business domains to be able to communicate the costs, the business value, and the risks of services in clear, specific, and meaningful terms using the language the business partner understands. The Business Relationship Manager is completely transparent about the costs, benefits (business value and ROI), and risks of a service. It is the Business Relationship Manager’s job to make sure that both the business partner and the service provider have complete clarity. Finally the Business Relationship Manager practices informed leadership, engaging from the moment the business strategy is formulated to shape its implications on the IT service delivery, overseeing its execution, and planning the next improved iteration. The Business Relationship Manager understands the business and service dynamics well enough to foresee and guide rather than be pushed around by changes.
CIO’s who recognize this opportunity to demonstrate their collaborative value are well-advised to invest in this strategic role. An important precondition is that ‘IT-as-usual’ is under control before you start talking about the strategic use of IT. If so, carefully select somebody who will serve as the strategic interface between the provider and one or more business partners to stimulate, surface, and shape demand for the provider’s products and services and ensure that the potential business value from those products and services is defined, realized, optimized, and recognized. Consider not only the technical proficiencies but in particular the relational competences and personal fit with the business partners.
Various standards and frameworks provide board level guidance, amongst which:
The international standard for Governance of IT sets the scene for the board’s role by providing a principles for evaluating, directing and monitoring the use of IT in their organization. ISO 38500 assures stakeholders (including consumers, shareholders, and employees) that, if the standard is followed, they can have confidence in the organization’s corporate governance of IT. It also informs and guides directors in governing the use of IT in their organization and provides a basis for objective evaluation of the corporate governance of IT.
The COBIT framework helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use. In particular, COBIT’s Goals Cascade is useful in translating strategic business goals into concrete goals for IT-related enablers.
The ITIL framework is referred to by COBIT for more detailed guidance for the supplier of IT services. This guidance spans service operations to service strategy, and at the strategic level, the service portfolio represents the commitments and investments made, and the related value, outcomes, costs and risks.
Similarly, COBIT also refers to BiSL. This framework provides guidance from operations to strategy for both information management and demand and use of IT services, complementing ITIL’s supply-oriented guidance. At the strategic level, policies regarding data ownership and strategic use of information – e.g. Big Data and Social Media – are board level topics.
With the exception of ISO 38500, board members are not expected to understand these frameworks but the BIO and the Business Relationship Manager will make use of this guidance in their board level interactions. The board should foster a culture in which business and IT share the same table and have a joint vision. The board should also encourage effective behaviour. Examples of effective behaviour are that the business takes the lead by specifying and prioritizing desired outcomes from IT investments, and trusts IT to propose options for solutions. IT then communicates the various solutions in terms of the associated benefits, costs and risks, in order that the business can take well-informed decisions.
COBIT is a registered trademark of ISACA.
ITIL is a registered trademark of AXELOS Ltd.
BiSL is a registered trademark of the ASL BiSL Foundation.