Governance for IT is a pesky problem on which many business and technology leaders spend countless hours and dollars, seeking to improve, streamline, and just plain fix. With the insurance industry spending more than $40 billion annually on IT, any misalignment is costly.
There have been breakthroughs across the industry, with pockets of success. However, as I continue to talk to carriers and vendors, and based on my own experience as a CIO, these pockets are muted by the overwhelming reports of a widening gap between business and IT. The gap is compounded by ineffective IT governance processes, a lack of clear roles and responsibility, and an inability to achieve the right balance of accountability.
Ineffective governance creates a myriad of problems for insurers: misaligned investments, missed milestones, blown budgets, and the delivery of nonstrategic functionality in IT applications that are not related to business plans. It also creates dysfunction within the organization that produces frustration, paralysis, and spinning. Many have been there, and some are experiencing it.
Beyond the quantifiable losses to companies in terms of investment and return on dollars spent, the losses companies face in missed opportunities are substantial. Without clear governance and true alignment between the business and IT, evidence of increasing friction between business and IT is apparent. Lack of governance is leaving business leaders across the industry in a difficult position where their IT departments are moving further away from the strategic vision of the organization, impeding delivery of critical functions to support the business plans that move the company forward.
Easy and Difficult
I have been observing and actually experienced this pattern throughout my career.
I remember thinking early on the connection between business and IT was so essential and yet at the root of many company problems. When examining the fundamentals of IT governance, the solutions to align IT with business plan are simple. Clear IT governance is easy to conceptualize—but can be difficult to implement.
The goal of governance is to assure the investment achieves IT general business value and mitigates the risks associated with IT projects. This can be accomplished by a formal organizational structure of people, process, and technology with well-defined roles and responsibilities. In the late 1980s, I created a simple diagram that illustrated clear, defining roles and responsibility for business and IT and indicated where the roles overlapped. It was a catalyst to begin conversations with the business and create the framework of the surrounding foundational processes to support these roles. And this simple model worked.
IT governance starts with clarity of strategy, linkage to the business plans/process, and tight alignment to the right IT investments. All of these strategies are run through a defined governance model. The governance model sets the right priority, applies the right cost-benefit analysis/ROI filter, and aligns the business and IT resources to initiatives and prioritized projects. See figure 1.
Once a project is deemed a priority, under clear IT governance, it is managed through solid project management, an enterprise system development life cycle (SDLC), and with an IT organization structure in alignment. Most important, business leaders need active and full participation with keen accountability standards in decision-making and managing risks. Through that, insurers can adapt and adjust their governance strategies and processes. The business provides the framework for linking strategy and business needs to the IT investment, and IT delivers the technology framework and infrastructure that offer alternatives to support the business needs.
Easier Said Than Done?
In examining governance models, the same trends in their application are apparent, and they reveal not only what the problems are but also why they exist.
There is a lack of a best practice framework available for governance in insurance. Just recently, when I typed "IT governance" into Google, there were 16 million hits. So, it is obvious there is a lot of discussion surrounding the topic. However, what is lacking is a clear and uniform approach to best practices. Literally millions of bits of information are available, but anyone seeking a common, simple forum or approach would be hard pressed to find it.
In consulting for the past 10 years, I have seen the gambit of IT governance. On one side, no governance process at all: no formal SDLC, no clear roles and responsibility, and no project management, let alone any linkage from business plans to IT project decision-making. Further, the business did not fully participate in defining requirements to testing. On the flip side, I have witnessed such complicated governance processes that they are confining and strangling any decision-making or traction. The paperwork is paralyzing, the decision-making is stalled, and the fluid nature of the process is frozen.
There also is another dimension of IT governance in insurance I find fascinating and quite revealing. Over the past 30-plus years, the IT governance process has evolved to support the selection of core systems, such as policy admin, billing, claims, and data warehouses solutions. The business community has had experience in the support and implementation of these types of solutions for many years. It is clear about what it believes it needs, knows how to define requirements, can follow a traditional SDLC, and can carry through with the traditional governance processes. However, the complexity, maturity, and advancements in technology are real and changing.
Today, there are the concepts of SOA, workflow, business process managers with configuration, rules and rating engines, predictive analytics, business intelligence tools plus the whole explosion of the Web, portals, and Web tools. For effective use of these tools and technologies, full participation of the business in understanding and defining what will be deployed and how is essential. Yet today, we hear so often the business bemoaning technology complexity and depending on IT to figure it all out.
IT Is Still Driving
After years of analyzing this challenge, I submit the real reason we still have a gap is: It is easy for business to step back and let IT own, drive, and lead. If we look at the skills and experience needed for IT governance, they tend to lean toward the profile of an IT executive—analytical ability and project management experience, business and technology savvy. These essential skills naturally align to the governance process and are part of the critical path for the governance process to work. It is the IT executive’s full-time job to execute and deliver IT initiatives—the output of the governance process.
But unlike IT, business leaders have their own full-time jobs and tend to be operationally focused. So often their goals and performance bonuses do not include IT success, and they are too busy to deal with and even intimidated by the essence of new technologies. Therefore, they fall into the trap of turning over governance to IT. And when projects fail, or when there are problems, the finger-pointing game and the spinning naturally happen. This is likely where the gap originates. When business leaves the management of IT projects to IT alone or looks to IT to "do it all," governance becomes disconnected and the company suffers. If we go back to the simple fundamentals, both business and IT have clear roles and responsibilities. It’s a shared responsibility and process.
What to Do?
While I was a CIO, I found myself implementing these simple fundamentals with the business—creating a balanced governance process with clear roles and responsibilities and formalizing the priority setting, SDLC, and project management capability. But over time, with the goal to execute and deliver quickly, I found I wanted to circumvent the process I was creating. I just wanted to drive the process to make things happen.
It started out just fine. After aligning strategy to plans, I was clear on the business and IT road map and the technology solutions necessary to achieve the business strategies and plans. I had aligned IT to support the business on the people, process, and technology side. The business had aligned to IT in creating new roles, as well.
But the reality was the business had a learning curve. This is not a criticism of its ability or desire to participate—it’s merely the time it takes to understand and assume new roles and responsibilities and follow a new process. Believe it or not, IT governance for the business is not natural. And I mindfully had to go back to the fundamental principles and allow the business to take ownership and accountability of its part in the process.
For all of us to make IT governance a success in any organization, it truly is a partnership that always will be an evolving process, requiring patience and perseverance. Keep it simple, and equally important, keep its fundamental principles front and center.
Deborah Smallwood is a former CIO and currently founder of SMA Inc. Her practice delivers thought leadership research and provides consulting services to insurance companies and global vendors. Her primary focus is to create linkage from business strategies to the appropriate technology decisions guided by the right governance with the goals of competitive advantage, value creation, and financial success. Serving various senior leadership roles at Liberty Mutual, ICW Group, KPMG, and TowerGroup, she developed her skills and experiences in business and IT strategies, application road maps, business process optimization, governance, and the delivery of application solutions and software.
"CIO Chronicles" focuses on issues of concern to midmarket insurers. Its content is the responsibility of the author. Views and opinions are those of the author and do not necessarily represent those of Tech Decisions.