IT governance is a meandering and complicated topic that is often twisted around to means different things to different people, despite a widely accepted definition provided by the IT Governance Institute.

However, in simple terms what the board really wants is an IT department that supports the delivery of the business strategy, creates business value and reduces business risk. 

In practice, this requirement is frequently imposed on IT departments by administrators, who lack the detailed understanding of how IT delivers its services, and the value IT can bring. 

The result is a plethora of metrics and complex scorecards, which translate to meaningless, petty bureaucracy to those who actually work in IT. What is worse is that in reality this adds little, if any, value to board room decision making. 

Perhaps it's time for a pragmatic re-think about your IT governance and how IT is measured, in order to provide strategy driven performance measurement as an enabler that empowers your people to deliver what the board actually wants, rather than just ensuring you get a 'tick' in the compliance box.

Performance measurement is often seen as an overhead or inconvenience, which does little to help staff in their daily work. This maybe because data is sometimes collected because it can be, rather than because it's actually helping to make decisions or drive the business forwards. 

However, performance measurement should be an integral part of IT governance, in order to help the IT department show that it is delivering against the priorities set by the business to create value and reduce risk.

This data can also identify successes, which is clearly important if you strive to manage your staff well. And finally the data will determine when things are not going well and should focus attention on any corrective actions that are needed.

The key question is 'What to measure'? Typically too many aspects are measured and monitored, which annoys and subsequently alienates people. Alternatively the metrics can focus too much on 'lag' measures (what has happened) rather than 'lead' measures (what may happen).

The real question people should be asking is what are the goals of the IT department and how do these support the strategy of the business?

The answer lies in the use of an IT strategy map, a tool that demonstrates one of the key criteria mentioned at the start, namely how IT is 'supporting the delivery of business strategy'.

This is a natural extension of the balanced scorecard concept developed by Kaplan and Norton in the late 1990s and strategy mapping subsequently published in 2004.

Its strength lies in not only its simplicity, but also the concise articulation of how measures demonstrate delivery of IT goals, which in turn demonstrate the delivery of IT strategy to support the overall business strategy.

The ability to demonstrate the linkage between strategy, goals and measures and how different goals support each other is fundamental to ensuring that IT delivers to the business.

Once the IT strategy map has been defined it is important to select appropriate measures so that they are seen to be useful. The questions you need to be asking yourself are:

  • Am I using the right number of measures and are they linked to the strategy?
  • Do I have the correct mix of 'lag' and 'lead' measures to ensure the right balance?
  • How do I know that the measures selected are practical to collect without altering what it is I'm trying to measure?
  • How do I ensure that the measures used reflect the behaviours that I want to see?

Performance measurement is not an easy area to master for any organisation or department within an organisation.

This is made even more complicated for the IT department, due to the ever changing demands from the business and the pace of change.

However, the use of strategy driven performance measurement enables IT to clearly demonstrate that it is delivering what the business wants or for the business to articulate what it wants better.

Either way strategy driven performance measurement will provide you with the right information to take decisions upon, in order to ensure that IT delivers to the business through better IT Governance.

Iain Parker CEng, CITP, MBCS, Computing September 2005.