Forget the Governance! 


What to Do When the CEO Says ‘Get It Done!’

Download Article Article in Digital Form

I recently had the pleasure of attending a power lunch with several chief information officers (CIOs) when one of them looked at me, knowing I have been a strong advocate of IT governance for years, and threw this issue on the table: ‘What do you do if the chief executive officer (CEO) tells you to “get it done and forget the governance”? You probably go away and just do it, no?’

I should have been faster on my feet to say then and there that there are four good reasons why that is not necessarily the best response. The reasons are:

    Figure 1
  • Compliance. The probability is high that a compliance issue emerges in such a situation. However, because of the questioner’s company’s small size and industry type, that may not have been a major problem.
  • Efficiency. It is true that it is the prerogative of executives to make the trade-off between cost and timely results when ‘get it done’ is more important for the enterprise. But then, that should be very clear to all involved at the time of the decision.
  • Risk. While compliance risk may be acceptable in this type of enterprise, there are other liabilities that governance plays an important role in keeping under control—liabilities related to products, employee safety or continuing survival of the enterprise. There are legal standards a judge would use for what is acceptable and what is reasonable (see figure 1) should a liability case emerge. Pointing out that the executive should consider what he/she will say to the judge when this occurs is a way to raise awareness.
  • Effectiveness. It is clear that, in the case described, governance was not recognised as a mechanism to help achieve effectiveness.

How Did it Get to This?

The company in question is, on an international scale, a small to medium-sized enterprise (SME). Originally (and, to some extent, still) a family business, it produces and distributes food products, a field in which IT plays, comparatively, a less significant role than in other similarly sized enterprises.

The CEO took the position that he was the sole authority on governance. In this enterprise, the balance of executive and ownership power rests in one person, who probably thinks more as an owner than as an executive.

The CIO accepted that he was the major effectiveness tool. It is true that leadership is a major governance mechanism, even more so in small organizations with short, effective spans of control. The CIO did have a problem with the situation, which reminds me of a similar case a friend of mine related to me: His advice was sought by a CIO about strong differences of opinion at the management level within his company, and my friend suggested the CIO seek another job. This illustrates another version of the CIO acronym: Career Is Over!

However, there is one more version of the acronym that I am reminded of because of the emerging role of the CIO as an influencer and educator. The CIO has to educate executives not only on the intricacies of technology and how it creates value for the enterprise, but also about the necessary governance mechanisms that help make that happen. Therefore, CIO also stands for: Communication Is Obligatory!

So, forget the governance? Yes, but only if more than one of these conditions are true: The enterprise is small, IT is not important and the CEO is the owner.

A version of this article previously appeared in CIONET Belgium. It is reprinted by permission.

Erik Guldentops, researcher and lecturer in governance of enterprise IT, has been an executive professor at University of Antwerp Management School for many years following a career at SWIFT.

Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.

The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

© 2013 ISACA. All rights reserved.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.