The required shifts in IT governance for a digital-first world

The increasing adoption of technology and speed of digitalization requires a significant change in IT governance to protect and generate value for digital-first organizations.

Moreover, the realization of digital transformation priorities, which have changed due to the COVID-19 pandemic, is hindered by restrictive IT governance guidelines. The same applies to the tools and methods used to realize those new priorities and goals.

IT governance should catch up with this evolving reality since existing models don’t work for today’s digital business reality anymore. In a nutshell, that’s the opinion of Mendix and several research firms.

Mendix, part of Siemens and a world leader in low-code and no-code application development, may have a platform to enable intensive collaboration between IT and business teams and accelerate application development, but the company’s message is right on of course.

“IT Governance, as it’s currently constituted in the IT world, isn’t working. This doesn’t mean that IT Governance is dead and should be relegated to the dustbin of ideas. It does mean, however, that how we think about IT governance and how we apply it needs to change dramatically, especially in light of the exponential changes we face every day in IT.” (Jon Scolamiero)

IT governance models not aligned with digital business needs

Gartner research shows that 70 percent of cross-functional leaders feel their organizations’ governance models are not aligned with the requirements of digital business teams.

“IT governance, once a tool to promote and foster business value and innovation, now ironically prevents anyone from getting stuff done”, Jon Scolamiero writes in a blog on better IT governance

Reports from, among others, Harvard Business Review (2013), and IGI Global (2018) additionally stated that widely applied governance protocols fail, kill innovation, and underperform when measured against business KPIs and mission-critical goals.

The concept of IT governance emerged in the early 1990s. Initially, there were three main goals for IT governance: 1) ensuring that technology generates business value, 2) overseeing management performance, and 3) mitigating the risks associated with using technology.

Meanwhile, standard governance models have become more comprehensive and emphasize risk mitigation at the expense of the other goals.

“Often teams that follow the old policies and procedures face barriers. While well-intentioned, these governance models widely cause procedural obstacles, delays, and a lack of available resources,” says Jon Scolamiero, Manager of Architecture & Governance, and since January 2021 Go to Market Lead – Data Hub, at Mendix.

To explore the challenges surrounding current IT governance models, Scolamiero wrote a five-part blog series, the first one entitled “IT Governance: Why it Needs to Change.”

For Scolamiero, IT governance, as it is currently applied, is not working. “We need to dramatically change the way we shape and use these models, especially given the exponential rate of technological change we face every day.”, he says.

IT governance in times of low-code platforms and citizen developers

Fueled by the pandemic, there has been a radical shift in technology priorities over the past 18 months.

As mentioned, the goals and tools have changed, and governance has to catch up. Restrictive IT governance guidelines established before the emergence of the digital economy impede value creation and productivity.

In addition, they threaten the sustainability of companies seeking competitive advantage in an economy characterized by accelerated digitization, a shortage of development talent, and new automation and low-code platforms that facilitate citizen developers who may or may not have adequate IT oversight.

The drive for rapid digitization has led to widespread adoption of automation platforms worldwide, including low-code platforms for application development. Analysts at Forrester expect 75 percent of all business apps to be built with low-code by the end of 2021. As Forrester’s Jeffrey Hammond wrote end 2020: “During the pandemic, many organizations embraced low-code platforms to build and deploy new apps fast. These experiences will drive most development shops to adopt low-code tools and more.”

A transformed IT governance model – based on the original goals of IT governance and the core principles of collaboration, communication, abstraction, and automation – is the foundation for high-performance digital solutions that act as a flywheel to enhance business value and market position.

Moving from mandatory to integrated governance

IT governance is a framework that a company applies to solve specific business problems with information technology.

IT governance frameworks should help you foster business value generation…they should help you mitigate risks, not only take regulations into account (Mendix)

While such frameworks should embody the values and goals of an entire organization, in practice, they are usually top-down according to hierarchical reporting lines, mandates imposed, Mendix says.

This may have been useful when IT professionals were the only ones developing digital solutions. However, as Gartner pointed out in “Balancing Autonomy With Control: New Governance Models for Digital Businesses,” more people are now creating applications that are not part of IT than are.

Gartner concludes that 41 percent of those who develop technical solutions are citizen developers who build new applications for their teams, departments, and other end users. Only 10 percent of those developing technical applications work in an IT department.

What low-code development platforms should enable per Mendix

Truly ready-to-use all-in-one platforms for low-code software development must be explicitly designed to support this transformation in business operations and processes and bring the focus back to delivering value.

They can do this by integrating governance functions so that the work of domain experts, developers, and BizDevOps is not impeded in planning, building, testing, implementing, and maintaining digital solutions while still being transparent and manageable.

Refining IT governance systems can be invaluable to organizations throughout today’s ever-changing, highly disruptive business environments (ISACA)

Integrated platform-tools give administrators real-time control over the entire landscape without sacrificing productivity. These tools include system-wide alerts, observation, monitoring dashboards, permissions settings, and configuration by role or function.

More advanced options such as AI-assisted software development, automated testing, customizable workflows/pipelines, and automated quality and performance monitoring of portfolios also contribute to this. This creates automated governance catch-alls suitable for any initiative.

This “shift-links” approach ensures that people, processes, portfolios, and platforms are moving in the same direction, automatically creating IT standards for quality assurance and performance management for citizen developers.

“The process of portfolio rationalization is streamlined when a platform embeds expected value and compliance during application development,” Scolamiero says. “For example, the business manager does not need to worry if an application follows OWASP standards for web security or GDPR regulations, because those questions were automatically and rigorously vetted as part of its build-out. Even better is having the portfolio-wide business value, solution quality, and business capabilities surfaced. In this way, embedding modern governance models grant technology producers the permission to operate.”

These governance models also eliminate the risks of shadow IT. They generate data to evaluate and prioritize projects, resources, and budgets. Organizations have a framework that allows them to scale and accelerate ROI and time-to-market for secure digital solutions. In addition, they support a whole new level of collaboration across existing silos, focused on business outcomes.

Security and compliance remain essential for any digital operation

Security measures, often confused as synonymous with governance, remain essential components of any digital operation. Vertical industries, such as healthcare, banks, insurers, and other financial institutions, have industry-specific compliance requirements.

Companies must comply with local data privacy requirements in the jurisdictions where they operate. And as more consumer services are digitized, organizations in the private and public sectors are becoming increasingly vulnerable to cyberhacking.

By integrating automatic third-party validation, security settings, and data privacy requirements for both software developers and BizDevOps managers, these new governance models bridge the differing priorities of risk mitigation and rapid adoption of innovative technology.

All-in-one low-code platforms can simplify this through vulnerability assessment, penetration testing, and log checks that make deployment pipelines flexible and seamless.

“I firmly believe, and our customer’s experiences show, that this new approach to governance enables everyone working under its principles to be happier and more productive,” Scolamiero concludes, “because so much red tape has been removed from their lives. They are empowered to achieve results and measure outcomes in nearly real time, which just feels good.

For a detailed blueprint on how to change governance models for the enterprise, you can download the Mendix eBook, “Your New Governance Framework.”

Top image: purchased under license shutterstock, all other illustrations and pictures belong to their respective mentioned owners and serve illustration purposes only.