Internet of things). 2, 14, 17, 19 Figure 1 outlines the differences among the three
categories of technology, partly based
on Weill and Broadbent, 25 Weill and
Ross, 26 and Andriole. 2, 3
In the 1970s and 1990s, infrastructure, in-house-developed applications,
and databases were often centralized
under the command of an enterprise
chief information officer (CIO). Part
of this command structure can be explained by the relative scarcity of hardware and software diversity at the time,
unlike today, when there are many more
hardware, software, communications,
and delivery options than the popular
“command and control” approach to
managing corporate assets.
Over time, centralization yielded
to decentralization and then federation. Enterprise CIOs countered with
“technology standardization,” believing
even if the lines of business had some
control, so long as they controlled the
technology standards around primary
devices—servers, desktops, and communications—they were still essentially
in charge, even if they did not select every one of the organization’s business
applications. The centralization/decen-tralization/federation game persisted
until the Web arrived in the early 1990s,
when control was influenced by technology “consumers” who no longer viewed
themselves only as end users.
During the mid-to-late 1990s, governance changed due largely to the “
irrational exuberance” of the dot-com
era and temporary determination that
technology was more strategic than
tactical. Following the dot-com crash
of 2000, governance returned to operational cost control, staying that way until 2003 when technology budgets began to increase again. In the mid-2000s,
governance changed again when it was
shared by enterprise CIOs and business-unit CIOs (assuming the structure
recognized business-unit CIOs) or just
“business-unit technology directors,”
as they are sometimes called. Companies continued on this path until the
financial world melted down again in
2008, and governance changed again,
when it was centralized in the hands
of a few—or even just one—senior
executive(s), the CFO, the COO, or, infrequently after 2008, the CEO.
As more and more business proc-
esses and models were converted or
sponsibilities among different stake-
holders in the enterprise, and defines
the procedures and mechanisms for
making and monitoring strategic IT
decisions.” Technology governance,
as in all aspects of corporate gov-
ernance, concerns decision rights
often organized in responsible/ac-
countable/consultative/informed, or
RACI, playbooks that describe who is
allowed to acquire, deploy, and sup-
port business technology. 12, 20
In centralized IT organizations,
decision rights involved in the acquisition, deployment, and support of
technology belong to a central group
reporting to a corporate executive,
increasingly the CFO. In decentralized organizations, decision rights
are shared across the enterprise and
business units; in federated organizations, rights are coordinated across
the corporate IT group, the business
units, and even specific corporate
functions. 1, 5–8, 11, 18, 21, 23, 25 The evolution
of research about technology governance is instructive here. Years ago,
researchers, including Brown and
Magill, 7 Rockart et al., 18 and Weill
and Broadbent, 25 discussed technology governance in the context of
organizational realities and the reality of choice, where hardware, software, and communications options
were limited. But as organizations
changed, especially with the federation of business units, and technology options increased, research on
governance offered alternative insights into how companies redefined
governance, as well as the role of
technology in all business processes
and models. 11, 20, 21, 23
Research on technology alignment
and governance is extensive. 3, 6, 13, 24, 28
We also know a lot about structures
and processes. 26 We know differences
across governance structures are often explained through the formalization of arrangements. Historically,
technology governance has been
more explicit and formalized around
operational technology (such as laptops, desktops, networks, storage,
and security) than strategic technology (such as business applications
and special-purpose hardware) or
especially around emerging technology (such as social media, location-based services, wearables, and the
The new
cloud-based,
technology-
delivery models
and proliferation
of “consumerized”
devices have
completely changed
the governance
equation.