IT Governance in a Shared Services Environment

It has become nearly impossible to attend any gathering of IT managers without the topic of Shared Services being discussed. Although there are as many different definitions of Shared Services as there are people discussing it, the one thing that is certain is that it places pressure on traditional governance models.

It has become nearly impossible to attend any gathering of IT managers without the topic of Shared Services being discussed. Although there are as many different definitions of Shared Services as there are people discussing it, the one thing that is certain is that it places pressure on traditional governance models.

In this article we will discuss the problems and possible solutions for IT Governance in a Shared Services environment based upon three archetypal models. Why is governance so important in a Shared Services environment? Gartner has stated that: “Through 2010, 75 percent of internal IT organizations will misconstrue the true nature of Shared Services and fail to deliver measurable performance improvements."(1)

While poor IT Governance is certainly not the only cause for this dismal prediction from Gartner, I believe that it is a major contributor to the problem of undelivered performance improvements.

Exploring the concept of 'Shared Services'
For some, the term 'Shared Services' is just a code word for centralization, in which case, Shared Services is nothing more than the pendulum swinging backwards from the decentralized Business Unit (BU) IT organization to the monolithic central IT organization of the past.

However, this is not the case. Shared Services has been defined as:

• A collaborative strategy in which a subset of existing IT functions is concentrated into a new semi-autonomous support function designed to promote efficiency, value generation, cost savings, and improved IT service for the customers of the parent corporation, like a business competing in the open market. (2)
• The concentration of company resources performing like activities typically spread across the organization, in order to service multiple internal partners at lower cost and with higher service levels, with the common goal of delighting external customers and enhancing corporate value. (3)

In its purest sense, IT Shared Services is the selective consolidation of common IT functions previously spread across an enterprise to achieve critical mass and to service the enterprise with lower costs, higher service levels, and greater responsiveness - where IT, acting like a business, is an internal service provider, enabling better alignment of the business and IT. Under some circumstances, it may turn out that significant portions of an IT function from across a company will be centralized - but that decision should be determined by the facts, rather than being the default position.

It is also important to understand that the concept of Shared Services didn't begin within the past couple of years. In fact, IT has been a late-comer to this movement. The Shared Services concept began in the early 90's as corporate (and public sector) business functions began to realize that decentralization into business units had “balkanized” their resources, depriving them of the critical mass that would permit economies of scale and efficiencies of process.

As a result of this realization, many corporate support services such as finance, HR, real estate and workplace services, and supply chain management began to move towards the bundling of these services into a separate organization. The logic of this type of bundling is best stated as follows: Corporate support services are tactical in nature. They are necessary, and doing them well helps support the corporate strategy. However, in and of themselves they are not strategic. By collecting these non-strategic processes and activities in a common organization, under its own management, the management of all the individual business units can be freed up to manage their goals. (4)

Thus business leaders were far more willing to embrace the concept of IT Shared Services (ITSS) in recent years because they were already familiar with the model, due to prior experience with other corporate functions.

Finally, it is important to recognize that Shared Services represents a paradigm shift for the way the business deals with IT. In a typical corporate setting, the business - whether at the BU level or the enterprise level - sets the overall budget for IT and believes it has the right to say how things will get done. In a Shared Services model, the IT organization sells its services to the business - with SLAs and costs being the way that IT is directed by the business. In this model, how the IT organization goes about meeting the SLAs is not open to discussion with the business. (Typically this end-state doesn't happen overnight. As an IT organization transitions from the traditional model to Shared Services, there will be decreasing stages of business involvement as the Shared Services unit matures.)

Three Shared Services Archetypes
Usually Shared Services organizations fall into one of three archetypes:

1. A Shared Service business unit composed of all corporate functions (finance, HR, real estate & workplace services, supply chain and IT)
2. A Shared Service business unit composed of just IT
3. A corporate IT function operating as a Shared Services Unit

Clearly there are many more variations, but I have used these archetypes for ease of discussion. The typical organizational structures for each of these archetypes are set forth below:
 
          

As can be seen in Figure 1, the CIO is one of the functional heads of the business unit reporting to the President. Figure 2 shows that the CIO is also the head of the business unit reporting to the CEO. The CIO in Figure 3 is in the traditional corporate role reporting to the CEO (or in many cases, the CFO).

As a practical matter, it is much more difficult for an IT organization to act as a Shared Services utility in the corporate setting, simply because IT is not perceived by its customers to be different from its previous existence. This is particularly true when the corporate IT organization acts as both a Shared Services unit and as the central or corporate IT function. Similarly, there are different IT Governance considerations for each of the three archetypes. In the Composite BU, the IT Governance model has to integrate and be consistent with the overall governance model for the BU. In the ITSS BU, the CIO has somewhat more latitude in the governance model, needing only to be consistent with the overall corporate governance model. In the Corporate IT setting, the IT Governance model needs to integrate with the corporate governance model.

There is an important distinction to be made here between management and governance. Governance determines who makes decisions. Management is the process of making and implementing the decisions.

Thus the governance structure doesn't remove IT management from the responsibility of making and implementing decisions and being accountable for them. Rather the governance structure determines who should be making the decisions and empowers them to do so.

IT Governance Model
At the most basic level, an IT Shared Services organization sells tiered services to its business customers based upon service levels. Accordingly, its governance model must be designed to support managing to those service levels and costs.

The figure below sets forth a basic Shared Services governance model that has worked well for a number of organizations. This model is clearly generic and would have to be customized to meet the specific needs of a particular corporation, but it represents a good starting point for assuring that the primary governance functions are addressed.

When creating a governance structure it cannot be stressed too strongly that the governance bodies need to be formally chartered by the organization so that their roles and responsibilities are clear. This requires more than a few bullet points on a Powerpoint slide.

          

We begin with the Governance Committee which sets the strategic direction for the Shared Services organization. In the Composite BU model this is composed of the CIO, the CIO's peers in the BU and the President of the BU. In the ITSS BU and Corporate IT models, this group is composed of the CIO, the heads of the other BUs (or a subset if there are more than 8-10 business units) and the CEO.

This group's primary focus is to:

• Understand the business strategy of the BU and the corporate customers, interpret the business imperatives and translate them into IT priorities
• Approve the IT Strategy and oversee the Balanced Score Card
• Review the work effort from the Policy Board to assure alignment with the strategic direction

The Policy Board is generally composed of direct reports to members of the Governance Committee. It is not uncommon to have the CTO be the chairperson of this group and to have a 50/50 balance between business and IT people. Typically this group devotes more time to the specifics of the ITSS organization than does the Governance Committee and it will formulate the IT operating principles, policies and objectives. This Board is often in the position of creating the principles and policies based upon balancing value vs. risk. Moreover, the Board generally has a significant amount of interaction with the Functional Councils and the Customer Management Council.

The Policy Board generally operates the same regardless of the organizational model, except that it will usually have less latitude in the corporate IT setting. This is due to the need to more closely adhere to corporate management and governance policies and procedures.

The managing of IT demand falls primarily upon the Customer Management Council. This is a critical role and most ITSS initiatives thrive or fail depending upon the quality of this group. It is at the Functional Council level where major tasks such as Enterprise Architecture (EA), Portfolio Management (PfM) and Program Management are governed. While the governance itself will not vary according to the organizational models, the viewpoint will. For instance, in the case of the EA Council, their views might be:

(a) BU-specific business drivers, business principles, and architecture principles
(b) Corporate-specific business drivers, business principles, and architecture principles

In the Composite model, the EA Council will be looking primarily at (a). In the ITSS model, the EA Council will be looking at both (a) and (b). Lastly, in the Corporate model the EA Council will be looking primarily at (b).

When it comes to PfM, the biggest difference is between the Composite model and the other models. In this model, the PfM Council, in addition to managing the IT portfolio, must also coordinate its activities with the other PfM groups in the BU. For instance, if the HR group is planning a major initiative that has (as it usually will) a significant IT component, then the two PfM groups must be in synch. That is, you cannot permit a situation where the HR PfM group rates an initiative as the #2 priority and the IT PfM group scores its piece of this initiative at #15.

There is also another difference between the PfM groups in the BU setting vs. the corporate setting and that is the significance of risk. In the corporate setting, the IT budget tends to be set by the CFO and the PfM group manages to the budget. Whereas in the BU setting, the PfM Council has to constantly assess the risk in the portfolio and make sure that the Policy Board is aware of any changes in risk, based on the mix of projects and initiatives. This is due to the fact that the BU is operating like a business.

Finally, the management team of the Shared Services organization plays a key role in governance.

It is the group that will determine what services will be offered to the corporate customers and at what cost. Creating service definitions, building a services catalog and implementing activity-based costing are three key activities for the management team. The management team must have the discipline to govern itself and to act within the governance policies and procedures in its day-to-day activities.

Conclusion
The governance of an IT Shared Services organization needs to take into account the different operational models in which it functions as well as the paradigm shift from an in-house utility to an organization that needs to operate like a business. The Shared Services organization sells tiered services to its business customers based upon service levels. Accordingly, the prime directive of the governance approach must be to support managing to those service levels and costs.

(1) Gartner Group, 2005
(2) Bryan Bergeron, “Essentials of Shared Services”, John Wiley & Sons, Inc., p. 3
(3) Shulman, Dunleavy, Harmer and Lusk, “Shared Services”, John Wiley & Sons, Inc., p. 9
(4) Shulman et al, ibid, p. 4

by James Bransfield, the Principal Enterprise Architect in Hewlett-Packard's Adaptive Enterprise Strategy & Architecture Practice. He has over 25 years of IT experience and has led numerous Enterprise Architecture/IT Strategy and Governance engagements for G2000 companies during the past 10 years. Prior to joining HP, he led the Enterprise Architecture and IT Strategy practice at META Group.