State CIO shares insights on the importance of strategic IT governance
Alex Pettit, a veteran CIO of state and municipal government, discusses strategic IT governance and process.
Innovating citizen services is moving to the top of every state CIO’s agenda. Why? Because citizen wants to engage with state agencies services as easily as they navigate purchases on their Amazon prime account. So, the challenge is how to improve citizen engagement, the supporting processes and the value of these services. Ensuring that these strategic projects are implemented successfully depends on the governance process that minimizes risk, reduces cost, manages resources and monitors schedule. A strategic IT governance process can achieve these key metrics. CIOs who understand the importance of governance will succeed as these strategic projects are developed and implemented. Alex Pettit is one of these CIOs who served in this capacity for the State of Oregon and Oklahoma. Pettit has received the Best of Texas Award for IT Leadership, the Public Technology Institute IT Leadership Award and the Society for Information Management IT Executive of the Year Award for his leadership. Alex was named in the 2012 Top 25 Information Managers list at Information-Management.com for being a successful and engaging role model and example of leadership. I heard about Pettit from a colleague and we connected via phone for an interview on governance. Following is an excerpt from that interview.
Phil Weinzimer: The need for an IT governance model is more essential than ever before as more states ramp up initiatives to improve citizen services by leveraging technology. How important is the role of IT governance to ensure that these strategic projects are successfully implemented?
Alex Pettit: The goal of governance is to reduce project risk. The role of governance cannot be understated, particularly in state government. The struggle with governance is always how to keep them on the policy and out of the day to day management of IT projects. In the end, the projects are not what needs the attention of governance groups, it is the policies and supporting processes which need their participation.
Governance at the highest level must focus on the definition and adherence to IT investment prioritization (return on investment, total cost of ownership, what benefits will be realized for which people at who’s cost), project reporting, metrics or key performance indicators, and fidelity to those metrics. This is hard work, and often not what interests people in participating in IT governance.
Phil Weinzimer: Could you provide an example of what you mean by that?
Alex Pettit: I’m reminded of a story from my days as CIO for the City of Denton, Texas. The city manager worked diligently with the city council to focus on overall governance and policy and not upon the specific actions of city staff in fulfillment of city policy. The council then undertook the task of rewriting the building codes for the city in a very engaging and community-oriented manor. Multiple town hall meetings, small interest group meetings, one on one meetings with staff and citizens and property owners and builders were held. After nearly a year, a revised building code was published.
One aspect of the code was that home and business owners needed to keep grass in their front yard lower than 4 feet in height. The policy was that the owner would receive a verbal warning from a code officer, and then a second warning, then a police officer would write a ticket, and then the parks department would mow the grass and they would get a bill for having it mowed. The entire process would take between 3 to 4 weeks.
A month after the adoption of the new code, an elderly resident of the city came to ask the council forgive her ticket and the parks fee for cutting her lawn, saying she had been in the hospital, her mower was stolen, her sons were away, and she had no one to help her. The manager kept trying to keep the council at the level of policy, asking them if it should be 5 feet of grass instead of 4, or four warnings instead of two. But the council just wanted to have her ticket and fees forgiven, regardless of the policy.
This trap exists today in both the private and public sector, with governance members not wanting to talk about policies or technology reference models or enterprise architecture or IT investment criteria, they want to talk about using a new application they had demonstrated for them to better perform some business function.
PW: You talk about the role of process in governance. Can you elaborate on the importance of process as part of an effective IT governance model?
AP: Process is an extremely important part of an effective IT governance model, and not just for defining what is measured or discussed but also what is not to be measured nor discussed. This is most apparent when a project is in difficulty. Everyone has an opinion what to do to fix a broken project: bring in consultants; pay the staff more overtime; reduce the scope; extend the schedule or start over. The problem is that this is not the domain of IT governance. IT governance should be involved in the go-no go decisions to continue to fund a project or to kill it and to ensure the investments made are responsible and reasonable, not to exercise control over the management of the projects.
For over 30 years, the Society of Information Management has found that alignment of IT and the business is the number one concern for both CEOs and CIOs. This alignment begins with IT governance, which without a process will devolve into the discussions of the IT budget, funding models, or department management. A well-defined governance process, beginning with the governance committee charter defines the boundaries of responsibility. Good governance process should ensure the time spent on governance is time well spent assuring alignment between what the business is trying to achieve and what the IT team is needing to deliver.
PW: Where do metrics come into play in measuring a successful IT governance process?
AP: Well-structured IT governance success factors vary depending upon how the organization functions and what is most greatly valued. A governance structure that runs counter to the business culture will struggle to succeed regardless the quality of the governance model. I’d like to share three different organization models that function differently and require different types of metrics.
Organizations which value consensus focus on achieving and maintaining consensus metrics that are defined, measured and reported. Consensus is not a goal once achieved and then never revisited, it is a continuous process of defining and refining the outcome sought for a project, which will change over time with technology, environmental, and personnel changes. Metrics for consensus driven organizations will include perceived input into project charters, business cases, articulation and open discussions on issues, changes and the agreed upon adjustments made to continue work on a project.
For organizations which are more consultative (where different executives are responsible for different aspects of the of the defined outcome), measures focus on how well governance members feel they understand issues and challenges, how well justified changes to projects are perceived to have been made, how well they feel they have an understanding of the impacts of these changes to the project will make upon them or their departments, and how well they feel they and their peers make the necessary changes within their individual areas of responsibility to accommodate the changes are all metrics in this model of governance.
In an advisory model of governance (also referred to as a federated model of governance, which is commonly used by state governments for inter-agency IT projects), measures around project progress, issues tracking, assignment, and resolution, measuring how confident they feel in their assessment of the project impact upon their own agency or business unit, and how well they feel informed on the project for them to report back to their own agency leadership on the decisions and changes to the project as it progresses are relevant and will provide meaningful measurements and early warnings of trouble.
The easiest way to measure these is with a survey at the end of each governance board meeting, with the relevant questions asked and answered and if possible reported at the time of collection for all members to see and compared over time with previous responses. This provides the governance chair the insight into what is or is not working and where future meetings should focus.
PW: Implementing IT governance models is not an easy task and I’m sure in your experience you’ve seen some pitfalls. What are some of the key mistakes that IT organizations make in developing an IT governance model?
I’ve seen many stumbles in my career but I’d like to focus on three key areas. The first key mistake is in misreading what kind of organizational structure they are working. In state government, it is often stated that we are collaborative in our pursuit of citizen outcomes. That is not applicable in IT governance modeling, and a consensus-based approach to an inter-agency IT project produces a “committee of no,” which can never assist an IT project in peril as it does not map to how the organization works. Discussions break down into disagreements over definition of the issues faced, assignment of responsibility, and progress made (or not made). In a collaborative environment, the governance players get into a mode where a tie-breaking vote is necessary to proceed, which can fall to the IT organization itself, making it unpopular with its own IT governing group. So “know thyself” is applicable advice when setting up IT governance.
The second key mistake is in not defining and staying faithful to measurements and metrics. Fidelity in the routine measurement and reporting of perceptions is sometimes not accomplished early enough in a launch of a governance process, deemed unnecessary when projects are all on time and on budget, and avoided when there are projects in trouble. This is particularly true when consensus models of governance are employed, as the underlying assumption is that if we did not have consensus we would stop the process. Nothing could be farther from the truth. Regardless of what governance model is adopted, measurement and reporting against metrics are necessary to address risks before they become issues.
The third common mistake is in allowing the discussions of the governance board to devolve into project management activities and resolutions. Governance discussion topics are predicated by which model of governance is applicable (advisory, consultative or collaborative), and what the key performance indicator measurements show a need for attention. Boundaries need to be established and revisited routinely, and rules for the governance body need to be in alignment with the model adopted. For example, if a collaborative model is adopted, meeting attendance is going to be important and may require the identification of alternate members with the ability to commit their primary member to the path agreed upon.
PW: What advice would you provide to State CIOs who need to develop/improve their IT Governance model to ensure successful execution of projects?
AP: I would advise any state CIO to make sure that they do not neglect IT governance in the pursuit of excellence in project execution. IT governance needs to be on top of every CIO’s agenda. A successful IT governance model will reduce risk, lower costs, and improve project outcomes. Critical to the success of any IT governance model is establishing success metrics and measure and report on these immediately and routinely. This provides the early warning indicator necessary to identify risks before they become issues. I’d like to share an experience that reflects strategic project governance
Shortly after I came to Oregon, I was asked to assume the responsibility for the health insurance enrollment system development being performed by Cover Oregon. I quickly realized that there was no IT governance process nor any discipline for application development. Both of these needed to be addressed simultaneously. I formed a governance board made up of internal and external stakeholders who adopted a 100-day plan with defined milestones each with a “go/no-go” vote requirement to proceed. Internally, adoption of an agile development methodology with a comprehensive clean-up of our issues and requirements was established, with the supporting metrics necessary to measure progress. This brought more rigor to the requirements documents and the application updates. It also was reflected in the reduction of fixes that failed, issues needing rework, rollouts which were incompletely tested before moving to production, and improved end user support for our efforts and satisfaction with our tools. It was the governance process, however, that determined that we needed to end funding of the project and migrate to the federal government website Healthcare.gov.