This series of three articles dedicated to IS governance aims to highlight the importance of technology and data governance at the highest corporate level, operating in a model that is both agile and adaptive. These articles are written through iQo's collaboration with Isabelle SIPMATransition Manager.
The need for resilience in the face of competition and new threats
In a VUCA (Vulnerable, Uncertain, Complex and Ambiguous) world, the key challenge for companies is to be agile. They must be able to react quickly to competitive pressures and systemic risks (pandemics, climatic events, wars, etc.). Today, no company can remain inert: acquired competitive advantages are ephemeral, and acquired positions can be undermined by unpredictable events.
Technologies are the main factor in a company's ability to adapt to its environment, and they are also a powerful factor in competitive differentiation.
- They can help make the company more resilient in the face of crisis situations (e.g. the development of remote working capabilities during the COVID crisis).
- They have enabled new entrants to produce high value-added, low-cost customer services, putting pressure on incumbent players (Amazon and the development of e-commerce versus traditional distribution, fintechs versus banks, etc.).
- Artificial intelligence (in particular ChatGPT) is opening up a new phase of acceleration that will particularly affect the services sector.
Against this backdrop, companies are finding it increasingly difficult to manage the evolution of their Information Systems (technologies and their use to process information), given the complexity of existing systems, accumulated technical liabilities, and the need for rapid adaptation. The question of setting up IS governance involving all stakeholders, providing both a common framework and flexibility, is once again a fundamental challenge for general management.
An archipelago of objects and issues to govern in the face of the development of new technologies
Corporate governance, IS governance: what are we talking about?
The first question is to define the notion of governance. The aim of corporate governance is to create sustainable value for stakeholders.
- Technologies (IT stands for Information Technology in the English-speaking world) must be put at the service of this corporate purpose. By its very nature, the question of governance cuts across the various structures that all use or even manage technological building blocks. Shadow IT" has developed within companies, and the IT Department is no longer the sole manager of the information system.
- Governance also covers relations with the company's external partners, who manage a growing share of value chains with high technological intensity. It must therefore be on the agenda of senior management, who alone can define a management system that integrates all the issues and stakeholders involved.
It is then a matter of organizing the decisions that will enable :
- ensure that technologies help deliver the company's strategy (strategic alignment);
- use technologies efficiently (3P triple bottom line vision: "People, Planet, Profit").
What is the scope of this governance?
Then there's the question of the scope of this governance, and the objects it covers. The terminology is confusing, and the perimeter difficult to define.
- IS Governance, or ITGovernance ( the term most commonly used in English-language literature);
- Information Governance.
So we need to govern the System AND the Information, and the two are linked. Indeed, it is difficult to make decisions about information without understanding how it is used, or may be used in the future, in the company's processes. Similarly, it's impossible to analyze the performance of technologies without understanding how they are used. The question of usage is therefore at the heart of governance, as data and processing are linked, and the notion of the Information System seems to us more than ever to be the right object of governance.
Strong, flexible IS governance, based on a shared vision of the future
What reference frameworks for IS governance?
IS governance is a mature discipline, based on reference frameworks that describe best practices and serve as a basis for auditing, quality certification and risk assessment. They all date back to the 1980s and 1990s:
- CMMI (Capability Maturity Model Integration - 1987) is designed to help engineering companies understand, evaluate and improve their activities. It has been used mainly in software development and IT project management.
- ITIL (Information Technology Infrastructure Library - 1988) focuses on IT services in terms of efficiency and quality, with a "service center" approach. It is mainly used for IT production activities. Its latest version is V4, published in 2019.
- COBIT (Control Objectives for Business & Related Technology - 1996) is the repository truly dedicated to IS governance, which was further enriched in the 2000s with a repository focused on value creation, called VAL IT. It is interesting to note that the latest version, COBIT 2019, is presented as offering greater flexibility and openness to improve COBIT's relevance over time.
IS governance guidelines based on the same vision
However, these standards are based ona centralized, unified vision of IS management. They do little to put the practices they recommend into perspective in relation to the specific context of each company's size, businesses and competitive situation. They have been enriched over time, but have become increasingly complex.
They can therefore serve as a toolbox, but their use must be preceded by a definition of the right level of centralization and standardization needed to guarantee unity and coherence, without hampering innovation and creativity (which presuppose delegation and deconcentration).
Several IS governance models must also be able to coexist within the enterprise
Agile methods(Scrum, SAFe, etc.) have their own governance, which must be coordinated with the company's overall IS governance, without the latter becoming a hindrance or a costly administrative overlay.
Finally, the cement of an IS governance model that gives pride of place to team autonomy remains the strength of a shared vision, of the meaning given to each person's actions: renewed IS governance, adapted to the challenges of corporate resilience, therefore requires taking the time to acquire an understanding of what we are going to build together.
More than ever, effective IS governance requires commitment from top management and clear choices about how to extract value from technologies. These choices can then be implemented and orchestrated using agile approaches (a theme developed in our next article).
Further information
Towards agile IS governance (Episode 3 / 3)
The final installment in our series of three articles on IS governance. These articles are written through iQo's collaboration with Isabelle SIPMA,
Towards agile IS governance (Episode 2 / 3)
This series of three articles on IS governance aims to underline the importance of technology and data governance at its best.
Data governance: definition and key principles
Data governance is a major lever for improving performance and accelerating business transformation. Indeed, today, data is an essential
