Governance addresses things needed to implement change. Typically, this process will start with a series of questions that determine outcomes, responsibilities, and process. The desired outcome is always first. Without knowing the desired outcomes, it is impossible to determine who is involved and what is needed to get there.
Three questions to help start the IT governance process are shown in the following diagram:
Organizational leadership and management must articulate desired outcomes, who is accountable and responsible for these outcomes, escalation criteria and triggers to progress, the process for progression, and what metrics and counter metrics to be used. The delivery of desired outcomes must be continually monitored and evaluated for direction toward desired outcomes, adoption levels, impact to metrics, and affects to counter metrics. Is the change providing the necessary transparency? Is it following expected timelines? Are stakeholders and decision makers adjusting accordingly? Scorecards are extremely helpful to compare, visualize, and guide as governance is monitored through change.
A second value to watch that may signal unexpected results or behaviors away from the actual change. For example, new storage is implemented with much faster throughput. The server is responding much quicker and taking more load. The metric being measured is disk i/o and data transferred statistics for the server. The countermeasures may include dramatic changes in load balancing metrics because one server is getting all the traffic now due to first responder algorithms being used. Higher utilization on network ports, high CPU or RAM utilization may also be the metrics to watch to see if the change is causing adverse behaviors in other places not directly affected by the change.
The next diagram shows an example of an IT governance scorecard with notational outcomes and metrics:
IT governance does not have a one size fits all approach. Change comes in all shapes and sizes with as many or more unique challenges to navigate. IT governance is unique because the same change with the same desired outcome requires different governance when the change is deployed into different operation and deployment models.
Complete scope and strategy are things to consider when building IT governance plans and processes. It is important to have a clear understanding of what business processes and which applications may be affected. This analysis must also consider cost, benefit, risk, and shortcomings that may lead to unexpected outcomes as operation models and deployment models are chosen. Different models will require different governance plans and processes. As mentioned previously, if there are changes to governance, there will also be changes in change management.