In Part 2 of our IT Governance for Higher Education series, we discussed various approaches that leading institutions have put in place for organizing their IT Governance function. Part 3 takes a look at the common pitfalls with the traditionally organized governance advisory role, and provides a framework for a fresh approach that focuses on providing meaningful work and responsibilities to your governance committees.
What are the 2 Common Pitfalls with Traditional Governance Organizations?
Active and shared governance must engage stakeholders, support users and ultimately generate positive benefits to the university. Governance must also be organized in a way that committees have a purpose to meet and have engaging work to do.
One common pitfall in traditional governance is to limit the committee’s involvement to an advisory role in which they only meet sporadically to consider plans and projects from the IT units. In many cases, IT groups fall into this trap because they are wary of giving up control to their stakeholders. Under this outdated governance structure, the governance committees have the responsibility to receive and comment on IT plans and direction but no real ability to initiate plans on their own. When committees don’t have their own work to do or lack control over decisions, the level of disengagement increases and becomes the norm while the technology leadership struggles to keep the campus stakeholders involved. A very real risk in this scenario is that individual groups will do an end run around the IT group and make their own technology decisions.
On the other end of the pendulum, another risk we see in some traditional governance models is to bring all technology conversations to multiple faculty, staff and student groups regardless of their specific technology interests. In these situations, the governance teams find it hard to focus on the technology decisions that are truly important from among the many issues presented to them. This lack of focus leads to a bureaucratic and cumbersome process that stifles innovation and inhibits timely decision-making.
Focused and shared governance in higher education does not mean giving up all control over the selection and management of technology. Rather, it means setting up a sustainable and collaborative process that gains the respect of stakeholders, gives them a voice and benefits the institution.
Focusing Shared Governance on Areas of Responsibility
How do you avoid the common problems with traditional governance organizations?
The solution to both issues is to create governance committees organized around responsibilities which will empower stakeholders to be more intentional in their involvement and focused on the technology projects and decisions that they care about and understand.
The key responsibilities or suggested duty sets for shared governance can be categorized into:
- Portfolio Management
- Resource Management
- Policies and Standards
- Risk Management and Compliance
Our approach is that you use these responsibility areas and the underlying tasks as suggestions for enhancing the committee duties for the governance committees at your institution. In other words, view them as a menu of possible options and then select the tasks in each area that will be most useful to your institution and current situation, and best fits the culture of your organization.
The specifics of your governance model and organization will also depend on the size or complexity of the IT landscape at your institution. A small university or college may just create a couple of governance groups based on one or two IT service areas, and then choose a limited list of assigned tasks – perhaps, pulling a couple of tasks from several of the responsibility areas. Larger schools with more complex IT situations and budgets will need comprehensive governance groups and can likely deploy more of the tasks and responsibility areas as they enhance duties for their governance committees.
Choosing to enhance committee duties with these responsibility areas will foster increased dialogue with your stakeholders and enable collaborative decisions that meet university and stakeholder needs while providing a solid framework for broad campus involvement and buy-in with technology decisions.
Governance committees often begin with project portfolio management as their main work. When done well, project portfolio management oversight ensures that new services and technologies are not implemented without the direct involvement of the appropriate IT governance committees.
Meaningful and engaging responsibilities under Portfolio Management could include:
- Creating holistic view of requests
- Balancing and prioritizing projects based on the institutional strategic plan
- Ensuring strategic use of technology resources and accounting for total cost of ownership for new services
- Ensuring alignment for security, compliance and infrastructure
- Planning the timing and rate of change impacting users
- Helping projects achieve results by strengthening businesses cases, alignment and collaboration needed for success
Resource management is the efficient and effective utilization and prioritization of an organization’s resources to support institutional goals.
Meaningful and engaging responsibilities under Resource Management may include:
- Providing shared governance involvement in technology financial decisions affecting campus and providing governance groups a voice to advocate for campus technology funding needs.
- Providing advice on cost structures.
- Organizing cost sharing for services or projects and/or chargeback models.
- Determining where applications and services need support resources attached to them.
Policies and Standards
Policies are formal, brief, and high-level statements that document an organization’s beliefs, objectives, and business rules for a specified subject area. Policies always state required actions and may include pointers to standards. Standards state acceptable levels of conformity to a policy.
Meaningful and engaging responsibilities for Policies and Standards may include:
- Addressing data stewardship and data management goals.
- Supporting a data strategy and shared governance for data management.
- Determining a preference for buy/build and cloud/on-premise solutions, as well as standard/customized applications, in alignment with the strategic plan.
- Supporting infrastructure and security standards (i.e., data center standards, federated identity management for application access, security standards, etc.).
Risk Management and Compliance
Risk management is the set of processes which management follows to identify, analyze and respond appropriately to risks that may adversely impact an organization. Compliance is the assessment of how an organization is conforming with stated requirements and measures the risks and costs of non-compliance versus the projected expense of achieving compliance.
Meaningful and engaging responsibilities under Risk Management and Compliance could include:
- Helping guide IT risk management.
- Uncovering technology risks and opportunity that could impact institutional goals.
- Supporting security and compliance considerations in technology services and solutions
Recommendations for Setting Up Successful Shared IT Governance
After deciding on the structure of your governance function, follow these recommendations to set your institution on a path to success:
- Start with a scope that is achievable
- Limiting the initial scope will help to build your teams’ knowledge and confidence with the governance process
- Focus committees to specific areas of responsibility
- Focusing on technology responsibility areas empowers stakeholders to be more intentional with their involvement and participate in decisions for the types of technology that they care about
- Ensure that there is real work for the committees to perform and that the work is meaningful
- Governance groups need to know that their involvement is making a difference at the institution
- Grant committees the power to initiate plans rather than just act as passive advisors
- Giving committees their own work will serve to build engagement and maintain active involvement
- Review your model on a regular basis and make changes to meet the changing needs of your campus as necessary
- Benchmarking governance with the EDUCAUSE Core Data Service (CDS) data will give you a way to measure how you match up with your peers and provide ideas for updating your model as needs change
Cathy Bates, a Senior Consultant with Vantage Technology Consulting Group, has over 30 years’ experience in higher education focused on strategic planning, information security and IT governance. The IT Governance series of blog posts is based on the IT Governance Toolkit that Cathy developed for EDUCAUSE.