Reduce costs, increase transparency and improve service quality -- these goals are on the minds of CIOs across the country. Consolidation, centralization and integration are recognized strategies for achieving these goals, but as CIOs are learning, these strategies require coordinated action across organizations' boundaries. Making IT decisions in this way, through coordinated action, often requires new IT governance capability.
The National Association of State Chief Information Officers characterizes state IT governance as "all about ensuring that state government is effectively using information technology in all lines of business and leveraging capabilities across state government appropriately, to not only avoid unnecessary or redundant investments, but to enhance appropriate cross-boundary interoperability. The term 'appropriate' is used because, in many cases, state government has existing statutory constraints and bounding that can often limit, as well as empower, proper governance."
In general, a governance structure answers the following questions: What decisions must be made? Who should make these decisions? How will decisions be made? How do you monitor results to ensure that you are achieving your goals?
While these questions seem relatively straightforward, determining what's appropriate -- in terms of ensuring effective use of technology across the board, within a given context of state government -- has proven to be a formidable challenge for most states. Advice is abundant, but like in the world of fashion design, finding the right fit takes time and often requires a custom approach.
As priorities shift toward goals that require new capability for coordination, New York state, like others, has begun looking for a better fit for state IT governance. These efforts have started to produce insights about the right approach for New York State legislator RoAnn M. Destito , who chairs New York's Standing Committee on Governmental Operations, characterizes the learning in terms of leadership roles and stakeholders: "In New York, we have learned how critical both executive and legislative leadership are to this process," she said. "In partnership with these leaders, and by maintaining an ongoing dialogue with all stakeholders, we expect to create a long-term and ongoing commitment which has tremendous potential to transform how the state does business."
With that backing from a key elected official, a project is under way in New York, conducted by the Center for Technology in Government (CTG), to answer a question: What state IT governance design makes sense for New York?
The project involves background research on IT governance and interviews with state CIOs. Within New York, the CTG is holding an extensive set of workshops and meetings with state agency CIOs and key stakeholders. The project is generating new understanding about why creating state IT governance is so hard. Here are a few lessons learned about creating capability for new levels of coordinated action through state IT governance structures.
Designing and Implementing Effective State IT Governance Is Hard
In public managers' efforts to design appropriate IT governance, many of them have drawn on well known governance frameworks and the experiences of other public- and private-sector organizations. Through this process, many states have discovered that private-sector IT governance practices and frameworks don't directly apply to the context of state government. These frameworks, according to a number of CIOs, emphasize functions, such as what structures should be in place. What they don't do is indicate how to make them functional or offer a how-to guide for building an effective IT governance structure.
Michigan CIO Ken Theis said that although his department used Control Objectives for Information and related Technology (COBIT) and the Information Technology Infrastructure Library (ITIL) as starting points, "[the frameworks] are typically very big and complex. We started out with more basic models, and we are growing and maturing into those methodologies. You know, some of this is, 'You've got to walk before you can run.'"
While shared experiences provide valuable lessons and insights, research is showing a one-size-fits-all approach isn't the way to go. "[States] are finding that simply adopting the structure in place in another state is problematic," said Donna Canestraro, program manager of the CTG and project manager of the New York study. "Conditions that make IT governance functional in one state are often not replicable. Differences, such as the size of government, institutional structures and political priorities, impact what form of enterprise IT governance is feasible. In other words, while states can benefit from a focus on broad ideas and models when starting to think about their state IT governance, it is the process of customization, the attention to context that determines success."
Context Should Drive Customization
The literature on IT governance focuses on three common types of authority arrangements: decentralized, centralized and hybrid/federated. However, given the movement to greater statewide coordination, only the latter two types were encountered during our review. Both of these models presented some weaknesses and strengths.
What became apparent was that both these models -- centralized and hybrid/federated -- can successfully achieve a state's goals of reduced costs and better quality services. What matters is not so much the model itself, but rather how well the particular model fits into a state's environment and how the weaknesses of the model are mitigated.
Photo: California CIO Teri Takai
For example, California CIO Teri Takai came to her current job after a five-year tenure with Michigan, which has a centralized IT governance model. She said she wouldn't consider a similar arrangement for California. "There are some significant differences, and the model that we could use in the size of an organization that Michigan has is not necessarily applicable here," Takai said. Moreover, Michigan has a much more homogenous structure from the standpoint of the way state government is run than what we have here in California today. What's important is that you have the same objectives for the way you want IT governance to work, but that you take into account the existing business and cultural considerations of your own state. So the objectives will be identical, the approach we will be using will be different."
Change Is a Constant
Although a casual observer might think government operations seem frozen in time, nothing could be further from the truth when it comes to state IT governance. States continuously build upon their existing processes, spurred by the state's changing environment or changing needs. Duncan Friend, director of enterprise technology initiatives for the Kansas Division of Information Systems and Communications, characterized the ever-evolving nature of IT governance: "Anyone who has been at this for awhile, you kind of catch your second wind about six to eight years into it, what's working and what's not, and refocus on where you need to make changes."
Partially because of the dynamic nature of state IT governance, there was strong consensus that the impact of political swings must be minimized to provide IT personnel with the necessary space to improve upon existing structures. "Good technology governance should be able to successfully span administrations," said New York state CIO Melodie Mayberry-Stewart. "Many major-scale technology projects extend over multiple years and possibly multiple administrations. Therefore, institutionalizing agile governance models provides a framework to maximize long-term benefits and minimize risks created by disruptions in changing leadership. An effective governance model should transcend changes of leadership. Effective governance, which is situational, enables IT organizations to reach greater heights of performance and creates more value for the state enterprise."
Photo: Melodie Mayberry-Stewart, CIO, New York state
Basic Management Practices Matter
Like any large IT project or business process redesign, good management is crucial to the successful restructuring of state IT governance. Management practices most frequently mentioned were: strong support from the governor, establishing trust with stakeholders, choosing the correct implementation strategy to ensure buy-in from customers, and motivating staff through the transition. "If IT governance restructuring is not something the governor is interested in, if this is not something he wants to put his name on, then it is doomed to failure," said Takai.
Similarly building trust with stakeholders, whether it's the legislature or the individual agencies, is key. Establishing trust requires long-term investment and comes down to showing that you care and can do the job, and paying attention to a customer's individual needs. Some states, like Indiana, accomplished this by drafting service agreements with each agency. The agreements reflected the unique needs of each agency and provided them with monthly performance metrics to show the agencies how well or how poorly they were fulfilling their needs.
Choosing the right implementation strategy is closely connected to establishing trust with stakeholders. All in all, states used two strategies to implement new IT governance -- coercive strategy and collaborative strategy. Both strategies can be successful. However, the degree of success depended on the structure being implemented and the authority given to the implementer under the IT governance structure. Thus, states implementing a centralized IT governance structure used coercive strategy rather successfully. On the other hand, states whose central IT offices were given only limited authority over IT projects and agencies' budgets were more successful if they chose a collaborative style of governance.
"You have to spend the time and go out and make it as collaborative as you can," Takai said. "Obviously there is a bottom line, because you know and they know what the governor wants to be done. But at the same token, you cannot just force it down their throat and say this is the way it is going to be. So forming stakeholder groups, making sure they participate in the consolidation is important, but also letting them know that this is about how we get it done, not about if we get it done."
Subsequent phases of the New York State Enterprise IT Governance project will focus on prototyping an IT governance structure designed to achieve the value identified as important by key stakeholders. This will include an assessment of the state's capability to make changes necessary to implement and sustain this structure over time. The project will conclude with a set of recommendations about next-generation enterprise IT governance for New York state, as well as a lessons-learned document.