1. Preparing for the governance backlash Presented by: Dr Raymond Young [email_address]
2.
3.
4.
5.
6.
7.
8. The value of Project Governance Current Performance (68% under) Reduce cost 36.6m 47.6m 86m-124m Improve customer service Increase revenue OK Some No Fail ROI 30% OK Some Fail ROI 135% Better Performance (43% under)
9. What is governance? The real role of the board is to ask the right questions More strategic value has been destroyed in the past five years as a result of strategic mismanagement and poor execution… than was lost in all of the recent compliance scandals combined Booz Allen 2004 In 2003: Fraud cost companies over $300 billion but performance failures cost companies over $3 trillion CEO of Bain & Co To ensure management is focussed on above average returns taking account of risk (Hilmer) #1 Performance #2 Conformance ValIT Accounting Sarbox, ASX COBIT
10. Governance Evaluate Direct & Monitor The right questions HB280, AS8016 Investment: benefits or terminate? Strategy/capability: how much change is required? Investment & Strategy: Benefits / alignment? Responsibility: Project Sponsor? Performance & Behaviour: measures and motivation? 67%->40% 40% 5-23% 33-67% 0-13% ITIL, COBIT Projects PMBOK, PRINCE2, etc Conformance & Behaviour: culture for issues to be raised? ??% Business processes ICT Operations Support Changed Business Processes Changed ICT Operations Initiate
I was warned by Keith (today’s last speaker) that Bill would blow my mind with all his graphs. What impressed me the most was … My job is not so much to impress, but to provide a sober word. I was asked to provide a brief history of governance to explain how we got to the situation we’re in today and suggest how we could respond. Before I start, a brief word about e8 Consulting because you’ve probably not heard of us until today. We’re a sister company of The Frame Group which has been a strong supporter of ISACA over the years. e8 provides business advice at the board level and I lead the project governance practice.
You may have noticed some of these words on the flyer to today’s summit. They’re the same words from a corporate governance conference to be held in Toronto later this year. The key point is that we’re all working frantically to make sure we survive this crisis, but it won’t be long before some very tough questions will be asked, and it won’t be just the financial sector that that gets unwelcome attention. We’ve all spent a huge amount on governance over this past decade. Why didn’t it stop the crisis or minimise the fallout?
Let’s have a look at how corporate governance developed. Our modern ideas of corporate governance followed the spectacular period of economic growth and the equally spectacular corporate collapses in the 1980’s. This was the period Gordon Gecko proclaimed “Greed is Good” and Junk Bonds and easy finance lead to a string of massive corporate takeovers. The symbol on the page is supposed to represent a pendulum. Rothwells (1986), Elders (1986), Bond (1987), Tricontinental (1989), Pyramid Building Society (1990), Quintex (1990) State Bank of VIC (1991), State Bank of SA (1992), AWA (1992)
Management of large-scale expenditures is a fiduciary duty requiring careful oversight. However a Deloitte survey of boardroom directors revealed oversight of IT projects was either “blind” (29% with inadequate information) or non-existent (16%) [i] . They warned in 2007 that the results were “tantamount to negligence” and the AICD have long reported statistics suggesting the problem is more widespread [ii ] (Figure 1). My own research suggests that as many as two out of three projects fail to deliver the expected benefits [iii ] . Increased scrutiny could reveal the real failure rate. However what might be worse in the current financial environment is to have two out of three strategic initiatives fail to increase revenue, enhance customer service or reduce cost and threaten survival. [i] What the Board Needs to Know About IT: Phase II Findings (Deloitte, 2007), http://www.deloitte.com/dtt/article/0,1002,sid=36692&cid=151800,00.html [ii] D. Lovalla and D. Kahneman, “Delusions of success: how optimism undermines executive's decisions, Harvard Business Review,” Harvard Business Review July (2003): 58 [iii] R. Young, “What is the ROI for IT Project Governance? Establishing a benchmark.,” in 2006 IT Governance International Conference (Auckland, New Zealand, 2006)
Management of large-scale expenditures is a fiduciary duty requiring careful oversight. However a Deloitte survey of boardroom directors revealed oversight of IT projects was either “blind” (29% with inadequate information) or non-existent (16%) [i] . They warned in 2007 that the results were “tantamount to negligence” and the AICD have long reported statistics suggesting the problem is more widespread [ii ] (Figure 1). My own research suggests that as many as two out of three projects fail to deliver the expected benefits [iii ] . Increased scrutiny could reveal the real failure rate. However what might be worse in the current financial environment is to have two out of three strategic initiatives fail to increase revenue, enhance customer service or reduce cost and threaten survival. [i] What the Board Needs to Know About IT: Phase II Findings (Deloitte, 2007), http://www.deloitte.com/dtt/article/0,1002,sid=36692&cid=151800,00.html [ii] D. Lovalla and D. Kahneman, “Delusions of success: how optimism undermines executive's decisions, Harvard Business Review,” Harvard Business Review July (2003): 58 [iii] R. Young, “What is the ROI for IT Project Governance? Establishing a benchmark.,” in 2006 IT Governance International Conference (Auckland, New Zealand, 2006)
NO ONE wants to hear anymore about the latest set of new rules that directors have to comply with. Gilding the Lily – Sydney University Accounting Professors are questioning Accounting Standards .. Yeah but what else… $1B was spent on Sarbanes-Oxley compliance in 2006(?)
To survive, thrive and also to minimise the governance backlash, the first step must be to get the right information needed to govern effectively. The board bears the responsibility to set clear guidelines and expectations about the kinds of information they want to see filter up. What benefits are being targeted? [how is this consistent with our strategic priorities?] Do we have the organisational capacity to realise these benefits and what other risks are involved? How will we measure success? Do we have the right person driving the change? Are there any warning signs that the project is going off track? Are the benefits being realised? These questions seem simple but none of the directors I have spoken to had an effective process to terminate failing projects. Benefits are usually quantified (66%), but they are often overstated (27%) [i] , change is not always considered (40%) [ii] , individuals are not held accountable (5-23%) and few organisations track benefits through to realisation (10%) [iii] . Organisations do not focus on the true determinants of success. [i] Chad Lin, Graham Pervan, and Donald McDermid, “IS/IT investment evaluation and benefits realization issues in Australia,” Journal of Research and Practice in Information Technology 37, no. 3 (2005): 235-251 [ii] KPMG, “Global IT Project Management Survey: How committed are you?,” 2005, http://www.kpmg.com.au/Portals/0/irmprm-global-it-pm-survey2005.pdf [iii] John Thorp, “Unlocking Value - Delivering on the Promise of Information Technology,” in Delivering Value , 2008, http://www.isaca.org.au/modules.php?op=modload&name=News&file=article&sid=28