Book Review – IT Governance

Book review of IT Governance by Peter Weill and Jeanne Ross (Harvard Business School Publishing, 2004)

IT Governance


“IT governance is the most important factor in generating business value from IT.”

“Good governance design allows enterprises to deliver superior results on their IT investments.”

“Effective IT governance is the single most important predictor of the value an organization generates from IT”

The quotes above should draw attention to the importance of well defined and well communicated IT governance. Although not exciting, IT governance helps generate greater value from IT. The authors define governance as “specifying the decision rights and accountability framework to encourage desirable behavior in using IT.” “Governance determines who makes the decisions. Management is the process of making and implementing the decisions.”

Much of the book is spent developing two questions. The first question focuses on the types of decisions that must be made to ensure effective management and use of IT. The authors answer this question by describing five key areas of IT governance that require decision making:

IT Principles—a related set of high level statements about how IT is used in the business.

IT Architecture—the organizing logic for data, applications, and infrastructure, captured in a set of policies, relationships, and technical choices to achieve desired business and technical standardization and integration.

IT infrastructure—determining shared and enabling services.

Business Application needs—specifying the business need for purchased or intentionally developed IT applications.

IT Investment and Prioritization—choosing which initiatives to fund and how much to spend.

The second question addressed in the book focuses on who makes these decisions. The authors address this question by describing six archetypes (decision-making styles) used by enterprises in IT decision making:

Business Monarchy—top managers

IT Monarchy—IT specialists

Feudal—each business unit making independent decisions

Federal—combination of the corporate center and the business units with or without IT people involved

IT Duopoly—IT group and one other group (for example, top management or business unit leaders)

Anarchy—isolated individual or small group decision making

Much research and analysis was made by the authors in connecting the decisions being made with the right decision makers. They conducted an extensive survey of over 250 companies across 23 counties. Based on the results, they concluded that the best performers conducted IT governance differently from the low performers and drew conclusions of what distinguished the two groups.


IT Governance was very useful to me personally as it is the most thorough work on the topic that I have read and provided a lot of good insight into how to make governance work. Project portfolio management (PPM) is tightly linked with IT governance, “Portfolio management without governance is an empty concept” (Datz). In order to make portfolio management processes successful a proper governance structure must be in place. Project governance is very much about the types of decisions being made and the people who participate in the decision making. The Project Management Institute’s Standard for Portfolio Management 2nd Edition briefly discussed governance but did not go into the same level of detail as this book. Another well respected PPM expert, James Pennypacker, developed a portfolio management maturity model which identifies governance as a key criteria. This book strongly supplements that maturity model.

This book enlarged my view of IT governance particularly with the five key areas of: IT Principles, IT Architecture, IT infrastructure, Business Application Needs, IT Investment and Prioritization. PPM is very focused on the last area of investment and prioritization, but the four preceding areas lead up to the point of making the investment decisions. It was very clear that a governance structure needs to be set up to account for all five areas.

This book also strengthened my view concerning the people involved with governance. I liked the quote stating, “IT governance is a senior management responsibility. If IT is not generating value, senior management should first examine its IT governance practices—who makes decisions and how the decision makers are accountable.” Governance cannot be delegated to someone else. The authors made it very clear that one of the critical success factors of IT governance is the involvement with senior/executive leadership. Without the adequate leadership, solid governance is likely to fail. In addition, “If business leaders do not assume responsibility for converting [IT capabilities] into value, the risk of failure is high. With high risk comes the likelihood of frustrated business leaders who often respond by replacing the IT leadership or abdicating further by outsourcing the whole ‘IT problem’”. Here the point was made that outsourcing IT may come out of a frustration by the business leaders with IT. Yet, the source of the frustration may very well lie in the poor governance structures established.

Another striking point that affects my current work is the need for improved communication with senior management. Governance communication cannot happen too much. The authors found that “the best predictor of IT governance performance is the percentage of managers in leadership positions who can accurately describe IT governance.” They found that most senior managers could not explain their own governance processes, which would explain why their IT governance doesn’t work properly. These points reinforce my need to continually educate senior management and communicate both the process and the results of our governance procedures so that we have greater project success.

The book was reasonably well written. Although the content was great, I felt that the case studies and diagrams were really lacking. I normally like case studies, but I do not feel that the cases used in this book added any value to me. Many of the diagrams could have also been explained better. As far as improvements, the topic of project portfolio management was barely discussed and is quite important in terms of executing strategic change within an organization. I overlooked it because of the book’s value to the topic of governance, but I definitely feel the authors should have spent more time on this topic. Otherwise, this is a great book for a topic that is overlooked but very necessary. I would definitely recommend it to anyone that is involved with portfolio management or any part of IT governance.

Read More