Executive meeting on reasons why Information Technology governance fails

6 Reasons Why Information Technology Governance Fails

Cantrica Team

|

In This Article
  1. Inappropriate Decision Rights
  2. Lack of Effective Financial Management
  3. Compliance Driven Mindset
  4. Wrong Governance Oversight Structure
  5. Poor Governance Data Quality
  6. No Penalty for Nonconformance
  7. Key Takeaways

Usually when information technology initiatives or operations fail the technology and cyber teams take the fall for it but in many cases information technology governance failure is more likely the root cause. 

Information technology governance cannot exist in isolation and is a process by which decisions are made around enterprise IT investments and projects. It is not a one-time implementation or achieved by a mandate; it requires commitment from leadership.

In this article we look at 6 reasons information technology governance fails which should be explored before pointing the finger solely at technology and cybersecurity operations.

Inappropriate Decision Rights

Authority that is not properly delegated or is unbalanced between IT and Business can lead to several issues. Unclear delegation of authority results in ambiguity in roles and responsibilities, which can lead to confusion and inefficiencies. It might not be clear who has the final say on decisions, leading to delays or conflicts between IT and business teams.

When IT-Business imbalance is present, one department holds significantly more power than the other which can result in the business side dictating IT solutions without understanding technical limitations, or IT making decisions that don’t align with business goals.

Lack of cross-functional collaboration usually results in poor communication and working relationships between IT and business which leads to misaligned priorities and projects that don’t meet the needs of the organization. This can manifest as resistance to change from one department for changes proposed by the other hindering innovation and progress.

Lack of Effective Financial Management

Unauthorized IT expenditures on technology that has not been formally approved or budgeted or inadequate budget oversight from a lack of clear procedures and controls for managing and tracking IT spending both are usually pinned on technology teams. These result in cost overruns, budget deficits, and inefficient use of resources that CFOs and Boards pay attention to.

Non-Compliance with procurement policies and failing to follow established procedures for purchasing IT goods and services usually results in unplanned vendor lock-in, higher costs, and legal disputes down the road to address.

When procurement policies are weak or not used, individual departments may feel empowered to operate “Shadow IT” deploying their own systems, devices, software, applications, and services without explicit IT department approval or in alignment with architecture standards or direction.

This may lead to security risks, data breaches, and compliance issues but more the sudden need for IT to take on managing and maintaining those systems, software and service providers they did not budget for or have the skills to do.

This creates both a distraction to management and resources and in the worst case, diversion of budgeted funds to now support what was someone’s pet project or “better, faster, cheaper way to do it” than IT could.

Compliance Driven Mindset

Technology governance is often misunderstood and misrepresented as a purely compliance-driven activity, a necessity to avoid regulatory repercussions. This limited perspective does not recognize the use of technology governance as a strategic enabler to drive innovation, growth, and competitive advantage.

Viewed solely through a compliance lens, technology governance becomes a check the box exercise, stifling creativity and hindering progress.

This view often leads to disengagement and lack of support from key stakeholders across organizations. With this midst, technology leaders may view governance as an additional layer of bureaucracy that slows them down and business leaders may not fully grasp its potential to support their overall strategic goals.

As a result, technology initiatives end up not aligned with the overall business strategy, leading to missed opportunities, inefficient use of resources, and suboptimal outcomes.

The most damaging being where a culture of risk aversion due to compliance mindset stifles risk taking for innovation, and new ideas are met with skepticism about the level of compliance work that will be needed to bring them to life. 

Wrong Governance Oversight Structure

Committees and working groups that lack a clear purpose and direction often struggle to achieve their goals. This can be due to a variety of factors, including infrequent meetings, a lack of clear mandates, or poorly defined roles and responsibilities.

Additionally, committees that are not properly constituted with a mix of technology, business, risk and compliance leadership generally lack the necessary expertise or diversity of perspectives to effectively address the issues at hand or make timely and effective decisions. 

Without clear objectives and a well-defined structure, committees and working groups become unproductive and inefficient, wasting valuable time and resources and not adding value to the delivery of IT for meeting organizational goals and objectives.

When initiatives fail or are not delivered on time, budget or fail to meet business case expectations, the board usually goes after the committee who then go after somewhere or someone in technology to blame for the failure of execution when the root cause may be failure of strategy.

This means key lessons are missed, opportunities to improve are lost and therefore likely to be repeated in the future.

Poor Governance Data Quality

Inadequate or untimely governance data, Key Risk Indicators (KRIs), and Key Performance Indicators (KPIs) will significantly hinder any organization’s ability to make well-informed and timely decisions about technology initiatives and operations.

This lack of insight can lead to missed opportunities, increased risks, and ineffective use of limited resources.

Insufficient governance data might include incomplete or inaccurate information about regulatory compliance, internal policies, or contractual obligations.

This can result in non-compliance, legal penalties, or reputational damage. Untimely data, on the other hand, might be outdated or not available when needed, leading to delays in decision-making and missed deadlines.

KRIs and KPIs play a crucial role in overseeing and monitoring technology initiatives and operations. KRIs help identify and track potential risks that could impact the success of a project or operation, while KPIs measure progress and performance against predetermined targets.

Without timely and accurate KRI and KPI data, organizations will find it difficult to identify and mitigate risks in a timely manner, or to track progress and make necessary course corrections.

No Penalty for Nonconformance

In the absence of effective monitoring, measurement and reporting, penalties for non-compliance to policies and mandates often become ineffective. This is due to the human tendency to circumvent rules when it is perceived to have no immediate consequences for going around them.

This behavior introduces significant risks, as the controls that management assumes are in place for technology initiatives and operations become bypassed or ignored.

In an environment where rapid delivery and cost reduction are prioritized, there is a natural inclination to minimize effort when it comes to controls. When there are no repercussions for non-compliance or circumvention, the organization’s risk culture can become misaligned with the risk appetite levels of management.

This misalignment usually results in a culture where risk is not adequately managed, potentially resulting in significant negative consequences for the organization.

Key Takeaways

When technology-enabled business initiatives fail, it’s not always the fault of technology operations. 

Lack of effective technology governance is often the root cause of IT initiative failures, not just technology operations weaknesses.

IT governance requires ongoing commitment from leadership and is not a one-time implementation.

These governance failures can create an environment where technology operations are set up to fail, regardless of their expertise or effort.

Therefore, examining IT governance structures and processes is crucial when initiatives don’t deliver expected outcomes.

If you just have experienced a technology initiative fail or suspect that one will soon, you should review:

  • If unclear delegation or imbalances between IT and business are leading to confusion, delays, conflicts, and misaligned solutions.
  • If unauthorized expenditures, inadequate budget oversight, and non-compliance with procurement policies are resulting in cost overruns, security risks, and inefficient resource use.
  • If technology governance is viewed mainly as a compliance exercise which stifles innovation, disengages stakeholders, and leads to misaligned initiatives.
  • If ineffective committees and working groups with unclear purposes and lack of expertise waste resources and fail to provide value.
  • If inadequate or untimely data, KRIs, and KPIs are hindering informed decision-making, leading to missed opportunities and increased risks.
  • If lack of monitoring and penalties for non-compliance makes policies ineffective, leading to bypassed controls and a misaligned risk culture.

Cantrica Technology Risk Management

Protect Your Assets.

Empower Your Innovation.

Helping to establish, maintain and sustain the policies, frameworks, practices and reporting required to ensure that gaps in governance and risk management programs for technology, cyber and data do not become obstacles that derail strategic objectives or fail regulatory obligations.

Contact us today to learn how we can help.