Enterprise IT Governance, Part 1 — Obtaining a

Mandate and Establishing the Scope

Published: 31 October 2018 ID: G00374554

Analyst(s): Remi Gulzar

As custodians of I&T, CIOs are often tasked to implement IT governance

frameworks in their enterprises and are challenged by selecting and
configuring the appropriate framework. This note, Part 1 of two, will help
CIOs design the right IT governance framework and move toward
implementation.

Key Challenges
■ Existing IT governance market best practices are primarily focused on parts of the IT function.
They don’t account for the shifts happening at an enterprise level in information and technology
(I&T) in terms of business-led IT or the decision-making powers required for digitalization.
■ Choosing the wrong IT governance champion (someone other than a board member or
mandated executive) severely impedes the urgency, recognition and implementation of IT
governance.
■ The value of IT governance is determined by the maturity of the enterprise with regard to IT.
Enterprises with a high maturity toward IT recognize IT as a contributor to enterprise goals,
while enterprises with low maturity need to overcome initial resistance to IT governance.

Recommendations
CIOs addressing leadership in governance, strategic execution and operational performance:

■ Take a best-of-breed approach when evaluating industry best practice frameworks for your IT
governance capability by using what fits best from the various frameworks to create your own
framework. There is no such thing as an out-of-the-box IT governance framework.
■ Use business transformation and disruptions as an onramp for IT governance implementation or
validation by never wasting enterprisewide transformation projects that might “stress-test” your
IT governance capability. These changes test the enterprise’s ability to set direction, solidify
ownership/decision rights, and execute on its goals and objectives.
 ■ Validate the IT governance design with the primary and tertiary decision groups in the enterprise
by taking a lead-by-example approach. Show the examples in the organization that have
benefited or suffered from the lack of IT governance.

Introduction
This research will help CIOs and project teams tasked with implementation of IT governance
navigate the complexities of implementing a sustainable IT governance framework in their
enterprises. IT governance is considered one of the most critical leadership disciplines required to
enable organizations to execute on their operational and strategic goals.

A consistent, well-defined approach to IT governance does two things:

■ Guides shareholders and other stakeholders in decision making to ensure organizations

accomplish their desired business outcomes.
■ Determines the manner in which those goals and objectives are accomplished.

The rationale for having enterprise IT governance (EITG) is well-understood, albeit from a regulatory
or performance perspective, but going from intent to implementation is often challenged. The
challenge is twofold:

1. Designing the right IT governance framework (matching your enterprise maturity and ambitions)
2. Implementing the configured IT governance framework to operate IT governance as a
recognized enterprise capability (integrated and recognized as part of your corporate
governance)

The implications of IT governance are far-reaching and may include adjustments to your business
operating model and the I&T operating model, and could subsequently influence the delivery of
services inside and outside the enterprise.

As custodians of I&T assets in the enterprise, CIOs are often tasked by their leadership to
implement an IT governance capability in their enterprises. CIOs will leverage enterprisewide
changes, such as ERP implementation or digital disruption, to ignite the importance of IT
governance across the enterprise.

It is important, however, for CIOs to understand that their role will be to establish the IT governance
capability through leadership, decision rights and structures, rather than owning it. The champion
and owner for IT governance ideally is the board. CIOs reporting to a member of the executive team
must validate that the delegated executive champion for IT governance has a mandate from the
board to implement IT governance.

CIOs might be tasked to implement a governance capability,

but do not own IT governance in the enterprise.

Page 2 of 8 Gartner, Inc. | G00374554

 IT governance is operated across the enterprise through key enablers (culture, leadership, decision
rights, mechanisms and maturity) and processes (evaluate, direct and monitor) to support decision
making across governance focus areas (strategy, investments and value), as shown in Figure 1.

Figure 1. IT Governance Enablers and Processes

Source: Gartner (October 2018)

As Part 1 of this two-part series, this research focuses on designing the right IT governance
framework (matching your enterprise maturity and ambitions). Part 2 (see“Enterprise IT Governance,
Part 2 — Implementing the Framework”) will focus on implementing the configured IT governance
framework to operate IT governance as a recognized enterprise capability (integrated and
recognized as part of your corporate governance).

Analysis
Determine Your Enterprise IT Governance Capability
IT governance is a subset of corporate governance and is ultimately the responsibility of the board,
which will balance both conformance and performance in their objective setting and decision
making for the enterprise. The board will emphasize oversight and conformance, whereas the
executive team will be more focused on performance and business value.

Good governance will drive connected and evidence-based decision making across conformance
and performance aspects to advance the goals of business and society. Enterprise governance of IT

Gartner, Inc. | G00374554 Page 3 of 8

 is a reflection of that, and addresses the use of information technology in the enterprise within the
enterprise guardrails to achieve business outcomes in a sustainable manner, as shown in Figure 2.

Figure 2. IT Governance Is a Subset of Corporate Governance

Source: Gartner (October 2018)

IT governance aims to continuously align enterprise goals and outcomes with I&T. This, however,
has become increasingly complex, due the nature and speed of business, raising the attention of
the board and executive management on the risks associated with badly governed I&T and its
potential to accelerate aligned delivery of business outcomes. Enterprises, therefore, are rethinking
their IT governance approach to validate whether investments in I&T are generating business value,
and IT performance meets realistic business expectations.

Page 4 of 8 Gartner, Inc. | G00374554

 This requires an IT governance capability that addresses the IT governance needs — especially the
focus areas — of the enterprise in a connected and value-based manner. This entails addressing the
IT value chain end-to-end — IT demand management strategy, business value and IT performance
management, risk management, and execution management in your design. The leadership,
enterprise maturity and culture aspects that influence decision making also must be considered.

Table 1 provides an overview of commonly found IT governance focus areas and their underlying
processes. CIOs should consider these when determining the scope of governance.

Table 1. IT Governance Framework Domains

Focus Area Process Focus Area Topics Focus Area Description

Strategy Direct Business Strategy Business and I&T strategy direct investments to execute
I&T Strategy/Planning strategy and deliver business outcomes.
IT Strategy Key Provide direction to IT function, IT plan and business-unit-
Performance Indicators led IT (IT/I&T) on priority setting.
(KPIs)

Investments Evaluate Investments Investments in IT/I&T are evaluated against business

Business KPIs outcomes. They could be directed by strategy or critical
business requirements.

Value Create Business Value of I&T Assurance on IT’s contribution to strategic business
Business Outcomes performance indicators.
Portfolio Management IT portfolio investments and rationalization against
strategic requirements and business outcomes.

Risk/Control Protect Compliance Adherence to enterprise guardrails determined by

Management Control management controls
IT Risk Risk appetite for IT Risk, balancing enterprise run versus
innovation needs.

Performance Monitor Business Performance Evaluates and monitors strategy execution, investment
IT Performance returns, business-IT performance, and the achievement of
Execution business and IT outcomes.

Resourcing Match Capacity Management of Direct capacity of limited business and IT resources
Critical Resources toward realizing business outcomes.

Source: Adapted from ISACA

Leadership, enterprise maturity (with regard to use of I&T and IT function), governance mechanisms
and culture heavily influence the adaptation and effectiveness of the IT governance capability in the
enterprise. These four critical enablers are often overlooked or underestimated when implementing
IT governance. CIOs need to address these enablers as part of change management to sustain the
implementation of IT governance in the enterprise (see Table 2).

Gartner, Inc. | G00374554 Page 5 of 8

 Table 2. IT Governance Enablers

Enablers Enabler Enabler Enabler Description

Focus Topics

Leadership Lead Empowerment Empower enterprise leaders to make decisions on I&T/IT

Decision Rights close to where value is created.
Distribution

Enterprise Grow I&T Capabilities The maturity of the enterprise toward leveraging I&T/IT as a
Maturity Enterprise Use of I&T strategic enabler for achieving business outcomes and
IT Function delivering value.

Culture Influence Beliefs Recognize and use culture and beliefs to frame your IT
Values governance in the enterprise.
Symbols

IT Governance Support Principles Organizational arrangements that support decision making

Mechanisms Structures in the enterprise.
Culture

Source: Gartner (October 2018)

CIOs or business project teams tasked with implementing IT governance need answers to the
following questions to determine the scope of IT governance, the impact of its implementation and
how it will be evaluated to determine its performance:

1. Why do we need IT governance, and what do we solve?

2. What is our current IT governance understanding (baseline)?
3. What is our IT governance ambition (balance control versus performance)?
4. Who are the critical stakeholders for IT governance in the enterprise?
5. How do we close the gap between IT governance ambition and the baseline?
6. What IT governance tactics and mechanisms will we apply?
7. How do we change the organization and its operating model to embed IT governance?
8. How do we evaluate and sustain IT governance for success?

The answers to these questions are provided by critical stakeholders that are accountable, affected
and responsible for decisions on IT and I&T in the enterprise: board members, executives,
enterprise leaders, HR and legal/risk. CIOs might be overwhelmed by the responses they receive,
but must keep the following in mind:

Page 6 of 8 Gartner, Inc. | G00374554

 CIOs must use a minimalist approach to design the enterprise
IT governance capability by providing just enough governance
to satisfy the needs of stakeholders.

Gartner Recommended Reading

Some documents may not be available as part of your current Gartner subscription.

“Enterprise IT Governance, Part 2 — Implementing the Framework”

“A Minimalist Approach to Organizing Governance Groups”

“How to Start a Transformational Change Initiative”

“Four Must-Have Practices for Successful Organizational Change”

“Designing and Implementing the I&T Operating Model: Components and Interdependencies”

“Governance and Culture Are the Fabric of Your I&T Operating Model”

“Integrate ‘Shadow IT’ and Business-Led IT Into the I&T Operating Model to Enable Enterprise
Agility”

“CIO Leadership Actions in Enterprise Digital Governance”

“Establishing Governance Fundamentals for the Digital Era”

“Succeed With Digital Business Through Adaptive Governance”

“ITScore for the Enterprise”

Gartner, Inc. | G00374554 Page 7 of 8

 GARTNER HEADQUARTERS

Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
USA
+1 203 964 0096

Regional Headquarters
AUSTRALIA
BRAZIL
JAPAN
UNITED KINGDOM

For a complete list of worldwide locations,

visit http://www.gartner.com/technology/about.jsp

© 2018 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This
publication may not be reproduced or distributed in any form without Gartner's prior written permission. It consists of the opinions of
Gartner's research organization, which should not be construed as statements of fact. While the information contained in this publication
has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of
such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice
and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner Usage Policy.
Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research
organization without input or influence from any third party. For further information, see "Guiding Principles on Independence and
Objectivity."

Page 8 of 8 Gartner, Inc. | G00374554