In the early 1990s, the early days of research into IT governance, there was a certain preoccupation with the division of IT-related decision-making. One of the dominant research themes was the centralization/decentralization of decision-making power (or a combination of the two), and the conditions which led to particular arrangements.
At the start of the new millennium, prominent scholars in the field began to view IT governance as what they called a “holistic” concept. The idea was that in order to implement IT governance, a mixture of structures, processes and relational mechanisms was needed. According to contingency theory, the specific choice of practices would then be contingent upon the specific context of the organization. Much research has been undertaken since then to describe IT governance arrangements that work in a certain context, which ultimately resulted in the body of good practice for implementing IT governance that we now have at our disposal. However, there is little research explaining what underlying drivers of IT governance are needed and why.
Systemic Thinking
In science, there are two dominant paradigms (i.e. the assumptions and methods we use as a frame of reference when doing research), called “analysis” and “synthesis”. The former takes individual parts of an entity (let’s say, IT governance practices for instance) as the basic unit of analysis, while the latter focuses on the relations between the individual parts or elements. Synthesis is the basis of so-called “systemic thinking”, which promotes the relationships between elements and their emergent properties within a whole (i.e. a system). Despite using the term “holistic”, the focus in IT governance research remained mostly on the individual practices themselves, not on their emergent properties and underlying dynamics. Therefore, almost all the available research on IT governance can be said to have used “analysis” as its guiding paradigm. We might ask ourselves the following questions to determine whether there would be any merit in using “synthesis”, and therefore systemic thinking, in the area of IT governance:
- Should IT governance practices be isolated or interconnected?
- Should IT governance practices serve some common purpose?
- Should IT governance implementation be static or dynamic?
Considering the first question, we understand that individual IT governance practices will not work in isolation. For instance, IT governance structures within an organization should communicate with each other. If they don’t, IT governance implementation may be far less effective.
The second question follows on directly from the previous one. IT governance practices should indeed work together, and they should do so with a common purpose in mind. Practitioners and academics alike seem to agree on the fact that this common purpose is optimizing the value of the business from IT assets, while simultaneously mitigating its related risks.
Finally, the last question asks us if IT governance implementation should be set in stone, or if it should have the potential for flexibility. We can safely state that dynamic IT governance systems outperform static ones. For instance, if an organization has a major strategic IT project in the pipeline, the IT governance arrangements should change accordingly (e.g. by implementing an additional steering committee or monitoring committee or increasing the meeting frequencies of existing structures).
"We propose that it is time to consider systemic thinking in the area of IT governance, as it is highly applicable to its reality."
The answers to the previous questions seem to point in the direction of the applicability of “synthesis”, and therefore systemic thinking, to the governance of IT. Hence there might be merit in a so-called “paradigm shift” for IT governance research. Accordingly, we propose to view IT governance as a system, consisting of elements (i.e. the IT governance practices), and the relationships between them.
Digital Disruption
Systemic methodologies allow us to study systems, to model them, and to therefore use them as a communication vehicle. A systemic methodology that seems promising to apply to the governance of IT is the viable system approach, which focuses on active learning, adaptability, and control. This methodology is deemed useful for the understanding and governance of complex phenomena. Digital disruption is a major concern for many contemporary organizations, and provides challenges that, due to their digital nature, should ultimately be accounted for in the IT governance system. Failure to adapt to constantly-changing circumstances can be problematic for organizations, as was the case with Eastman Kodak. It is said that their collapse was primarily induced by their inability to keep up with technology change and digital disruption.
Viable System Model
The viable system model (VSM) is a visual representation of the viable system approach. It consists of five functions that are necessary and sufficient to ensure viability, i.e. the ability to keep going despite disturbances (e.g. digital disruption). These five functions are shown below, considered from an IT management and asset governance point of view:
- Implementation (System 1): IT assets (i.e. projects, operations, and services) and operational IT management
- Coordination (System 2): Coordination of IT assets
- Cohesion and Audit (System 3 and 3*): Tactical IT management and IT audit
- Intelligence (System 4): Strategic IT management
- Policy (System 5): direction and oversight of IT assets
These five functions, or subsystems, are connected through communication channels that give rise to emergent properties. For instance, the model contains a feedback loop between System 3 (“the now”) and System 4 (“the future”), which can be seen as strategic IT planning when applied to IT governance.
"One particular systemic methodology seems very promising: the viable system approach."
The approach and the model were developed by Stafford Beer, who referred to the underlying dynamics of the model as “management cybernetics”, i.e. the application of cybernetic principles to management. As cybernetics is the science of control, and IT governance is concerned with control over (current and future) IT assets, it does not seem unreasonable that cybernetics might be a suitable candidate as a kernel theory for IT governance. The viable system approach would, by definition, enable decision-makers to design a new IT governance system and diagnose an existing one, in light of a rigorous theoretical backbone. Moreover, we propose that the approach can be used to provide theoretical underpinnings (using (management) cybernetics as a kernel theory) for IT governance research, which enables theory building and the deduction of theory-based propositions for future research.
In summary, research over the past 25 years has recognized that IT governance is complex. Accordingly, researchers have adjusted their conceptualizations of IT governance over time. We propose that it is time to consider systemic thinking in the area of IT governance, as it is highly applicable to its reality. Indeed, this approach would enable practitioners and researchers to better understand the complex reality of governing IT assets. One particular systemic methodology seems very promising: the viable system approach. This methodology focuses on active learning, adaptability and control; it is therefore useful for the understanding and governance of complex phenomena, like the governance of (current and future) IT.
This research is just one of the activities within the IT Alignment and Governance (ITAG) research group, as set up by the University of Antwerp & Antwerp Management School, and chaired by Prof. Dr. Steven De Haes. The research is funded by FWO (Fund Scientific Research – Flemish Government). More information: steven.dehaes@uantwerpen.be