By Erik Guldentops (*)
At a power lunch with several CIOs, one of them threw this issue on the table while looking at me knowing I have been a strong advocate of IT governance for years: “What do you do if the CEO tells you to get it done and f*** the governance? Well you probably go away and just do it, no?” I should have been faster on my feet to say then and there that there are four good reasons why that was not necessarily the best response. These reasons are:
Compliance. The probability is high that a compliance issue emerges in such a situation. However because of the small size and industry type of this company that may not have been a major problem.
Efficiency. It is true that it is the prerogative of executives to make the trade-off between cost and timely results when get-it-done is more important for the enterprise. But then that should be very clear to all involved at the time of the decision.
Risk. While compliance risks may be acceptable in this type of enterprise, there are other liabilities where governance plays an im-portant role in keeping them under control, liabilities related to products, employee safety or continuing survival of the enterprise. There are legal standards a judge would use for what is acceptable and what is reasonable, should a liability case emerge. Pointing out that the executive should consider what he will say to the judge when this occurs is a way to raise awareness.
Effectiveness. It is clear that governance, in the case described, was not recognised as also a mechanism to help achieve effectiveness.
How did it get to this?
The company is, on an international scale, an SME. Originally (and to some extent still) a family business. It is active in an industry where IT plays, comparatively, a less significant role than in similarly sized enterprises.
The CEO took the position that he was the sole authority on governance. In this enterprise the balance of executive and ownership power rests in one person who probably thought more as an owner than as an executive.
The CIO accepted he was the major effectiveness tool. It is true that leadership is a major governance mechanism even more in small organisations with short effective spans of control.
The CIO did have a problem with the situation which reminds me of a similar case a friend of mine told me where his advice was sought about strong differences of opinion at management level and where he suggested the person to seek another job. This illustrates one version of the CIO acronym: Career Is Over!
However there is another version of the acronym I am reminded of because of the emerging role of the CIO as an influencer and educator. The CIO has to educate executives not only on the intricacies of technology and how it creates value for the enterprise but also about the necessary governance mechanisms that help make that happen. Therefore CIO also stands for Communication Is Obligatory!
So, f*** the governance? Yes, but only if more than one of these conditions are true: you’re small, IT is not important and the CEO is the owner.
(*) Erik Guldentops, Researcher and Lecturer in Enterprise Governance of IT, former Executive Professor at University of Antwerp – Management School for many years after a career at SWIFT.