Chapter 4 - Recommendations for an Enhanced Enterprise Information Technology Governance Structure
Enterprise IT governance in a state government context is best seen as an evolving process, responding to new technological capabilities, organizational practices, and dynamic political environments. Designing an effective structure for state enterprise IT governance is not a matter of taking an established framework and applying it out of the box, but rather requires careful examination of the specific issues and characteristics of a given context. As discussed in the previous chapter, the states interviewed as part of the environmental scan all stated that “there was no silver bullet” and “no one established framework worked in their individual context.” Many used pre-existing frameworks as a starting point to start the change process, but few found an exact fit.
Currently New York has a federated authority arrangement to support decisions about IT investments and the development of IT policies and standards. In our current practices review of 18 states, we found a federated authority arrangement to be the most commonly used. Specifically, 15 of the states chose a federated arrangement where authority and power over IT decision-making and IT management was shared across a number of entities, including the central IT office and state agencies. In many states reviewed, however, a number of additional bodies were in place and had additional authorities not currently active in New York State.
In New York’s current federated authority arrangement CIO/OFT has some control over agency IT plans through the Annual Technology Plan (ATP) and Plan to Procure (PTP) processes, while agencies retain control of their overall IT budgets and operations. While our structure involves additional new responsibilities for oversight and alignment, we do not recommend eliminating the current ATP and PTP processes.
The recommendations contained in this report lay out a structure (see Figure 3) that builds on the foundations established in Technology Law §101-107 (see Table 3). Previous legislation, the subsequent Executive Order #117, and the CIO/OFT Plan 2010: Strategic Roadmap together created structures that appear to be moving New York toward new enterprise IT governance capability. The recommendations extend this earlier work by creating new clarity about the relationships among these entities. The recommendations also introduce a new level of transparency and checks and balances in the system. This transparency and oversight is realized to a great degree through overlapping membership in the governance framework. The degree to which the potential benefits of this structure will be realized depends not only on the quality of the recommendations themselves, but also on how they are carried out and sustained over time.
While the make-up of the governance structure was informed by experiences of other states and research on IT governance, the primary drivers behind the design were the value propositions and information gathered through interviews and workshops with New York State stakeholders. The recommendations will collectively create the governance capability the state needs to realize these value propositions by outlining new structures related to three primary areas of decision making: 1) IT investments, 2) ensuring alignment of IT investments with the overall strategic plan of the state, and 3) setting policies and standards.
Enhanced Enterprise IT Governance for New York State
Executive Enterprise Governance Board
Information Technology Investment Board
Office of the State Chief Information Officer
Chief Information Officer Council
Four entities form the foundation of the recommendations for enhanced IT governance for New York State: the Executive Enterprise Governance Board (EEGB), the Information Technology Investment Board (ITIB), the Office of the Chief Information Officer and the Office for Technology (CIO/OFT), and the Chief Information Officer Council (CIO Council) (see Figure 3). These entities are intertwined on several levels and therefore a certain degree of overlap of membership and information exchange is required to ensure transparency and to provide for checks and balances within the system. These four entities have specific roles and responsibilities with respect to the three decision making areas and their oversight responsibilities (see Figure 2.) A detailed description of each entity is provided below, along with a statement of their primary responsibility. Following a summary of the relationship between the governance framework and the original five value propositions, we present recommendations that, if implemented, will collectively create new value for the state through more coordinated and transparent IT investment decision making at the enterprise level and throughout state government.
Figure 2 – Enterprise Governance Relationships
Figure 3 - An Enhanced Enterprise IT Governance Structure
The Information Technology Investment Board (ITIB) – The primary role of this body is decision making about IT investments. Its main job is to review and approve the state agency annual IT investment requests and supporting analysis submitted by CIO/OFT, with special attention to the implementation of enterprise-level investment and initiatives. In this role, the ITIB receives and responds to the investment analysis from CIO/OFT. Twice each year, CIO/OFT develops this analysis using the ATPs and PTPs from the agencies and any CIO/OFT initiatives, all based on state priorities and in consultation with the CIO Council. CIO/OFT prepares a summary analysis of the agency-level plans and procurement requests and a more detailed analysis of enterprise-level investment initiatives. The analysis should identify the rationale and expected benefits of the enterprise-level initiatives along with opportunities for combining initiatives, employing standards, or other enterprise-level coordinating actions. CIO/OFT submits the overall IT investment portfolio, analysis, and recommendations to the ITIB for review and approval.
The primary responsibility of the ITIB is to review and make final decisions about state agency IT investment requests and analysis submitted to the ITIB by CIO/OFT, with special attention to the identification and deployment of enterprise-level investment and initiatives. In this role, the ITIB receives and responds to the investment analysis from the CIO/OFT and assumes oversight responsibility for enterprise initiatives.
Executive Enterprise Governance Board (EEGB) – The primary role of this body is to provide oversight for alignment of IT investments with state plans and priorities. Following the CIO/OFT and ITIB reviews described above, the resulting portfolio is presented biannually to the EEGB for review in relation to overall state strategic plans. This biannual review is also an opportunity for mid-course correction of current IT investment projects in response to possible changes in state goals and strategies. Once these review steps are completed, the investment requests and initiatives can move into the normal planning and procurement processes.
The primary responsibility of the EEGB is to conduct semi-annual reviews of the IT investment portfolio in terms of alignment with the overall state strategic plan.
Office of the Chief Information Officer and the Office for Technology (CIO/OFT) – Leading the development of statewide policies and standards is the responsibility of the CIO/OFT. IT policy and standards are the more technical aspects of IT governance. As such, they involve more direct participation of the CIO community with CIO/OFT and other decision bodies. Policy and standards deliberations are envisioned as the responsibility of CIO/OFT, working with the advice and participation of the CIO Council and other possible stakeholders. The results of these policy and standards deliberations can then be reflected in the decisions on investment and alignment.
As envisioned, the structure purposely employs several levels of checks and balances of the investment decision making authority of CIO/OFT and the ITIB. This model ensures input from the CIO community and information sharing regarding proposed projects by combining CIO/OFT’s primary responsibility for the review and subsequent analysis of the ATP and PTP processes with a consultative relationship with the CIO Council Leadership Committee. Similarly, by requiring a biannual presentation of the IT investment portfolio to the EEGB, the model ensures that IT investment decisions made by the ITIB continue to conform to the overall state strategic plan.
The CIO Council and the CIO Council Leadership Committee – The Council and Leadership Committee share responsibility for ensuring agency CIO input is incorporated into the governance process. More than a professional organization, the Council is envisioned as a research arm of the CIO/OFT. This function provides the open communication and context required for ensuring the agencies have the opportunity to address issues of mutual concern. The authority of this body is not in conflict with the current statutory authority of the State CIO or the agencies. It is an advisory body acting as a resource for the CIO/OFT regarding enterprise IT policies and standards.
The main responsibility of the CIO Council is to provide a mechanism for the New York State agency CIO community to advise and inform CIO/OFT on matters of information technology policy, management, and operations.
The proposed enhanced enterprise IT governance structure was recognized by stakeholders as delivering value to the state in the following ways:
Reduce redundancy and establish prioritization mechanism. In a federated IT governance structure, authority over decision-making is distributed between CIO/OFT and individual agencies. This structure allows for the coordination of priorities with the overall state’s interest being addressed. The recommended governance framework provides the oversight and coordination for enterprise initiatives, allowing agencies to maintain autonomy within their own business functions.
Reduce political directions and swings. While there is no way to completely isolate IT decision making from the impact of changes in the political sphere, a federated approach does allow for some continuity of government in the event a change to the central IT office does occur.
Establish standards. Within this structure, standards can be set at the agency, domain, and enterprise levels since all interests are represented.
Foster sharing of services and information through agency collaboration. The CIO Council traditionally provided the forum for agency networking, collaboration and knowledge sharing. In the new model, the CIO Council continues to provide this forum; however, the ITIB allows for an even greater opportunity of agency collaboration and enterprise initiatives through the review of the investment plans and the cross organizational composition of the board.
Align IT with business of the state. The shared authority approach will create new capability to ensure alignment with the business of the state by enabling a review of the IT investment strategies and the strategic plan on a regular basis to ensure alignment.
| Next >