From Informal to Formal: The Path to IT Governance at Texas A&M University

Texas A&M University (TAMU) is a public land-grant institution in College Station, Texas, with approximately 69,000 students and more than $900 million in research expenditures. TAMU's organizational structure contains a mix of decentralized IT units embedded into colleges and divisions and two large IT organizations offering centralized services. The senior-most IT leader is the vice president (VP) for IT and CIO, who reports to the president. The IT leader presides over the Division of IT, which offers a mix of common goods and services (networking, email, security) and fee-for-service offerings.

Like many other universities, ours has a robust enterprise governance structure, with committees to directly address faculty concerns (Faculty Senate), student issues (Student Government), and university staff concerns (University Staff Council). Further, TAMU's University Enterprise Governance structure comprises various leadership committees, led by the president (President's Council), provosts (Academic Leadership Team), deans (Deans Council), budget review boards (Finance and Academic Executive Leaders), and facilities (Council for Built Environment). However, TAMU lacked a codified IT governance (ITG) structure and, like most large research universities, individual colleges and divisions had historically run their own IT organizations, which sometimes operated independently.

The Roots of Change

Perceiving a lack of alignment between IT decision-making and expenditures and the university's strategic direction, IT professionals across TAMU began discussing the idea of establishing a formalized ITG structure.

In the preceding years, the university had made significant improvements to consolidate IT services and improve collaboration and interdependence of IT organizations across the institution. However, even though this increased collaboration benefited the university, a formalized ITG structure was needed to ensure that IT was aligned with the university's mission. Further, TAMU's informal ITG structure included only a narrow band of stakeholders, and it did not include representatives of faculty, mission-critical units, or students.

Thus, the driving forces to create a new formalized ITG framework were to

• more broadly represent TAMU's diverse constituents and
• ensure that IT was discussed in relation to a comprehensive university's three main pillars: research, teaching, and service.

In addition, TAMU's rapid growth and a 24.6 percent increase (13,136 students) from 2011 to 2016 created an environment that further highlighted the disjointed nature of IT spending to decision-making. This growth underscored the need for

• formalized collaboration among IT professionals,
• alignment of IT resources and the university's mission,
• better deployment of IT services, and
• improved use of IT expenditures.

Many of these factors also highlighted the profound importance of faculty input into IT decisions. Finally, during this same time period, the TAMU System Office had begun encouraging improved collaboration around and use of IT expenditures.

The Framework Development Process

As a result of these converging factors, in fall 2016, the VP for IT and the VP for Academic Services commissioned a task force of faculty and staff to research and develop a formalized ITG framework. The resulting task force was purposefully small; it had only four members (two staff members and two faculty).

Initial Development

The two staff members were responsible for research and development efforts using internal sources, including previous ITG research from the Information Technology Advisory Committee (ITAC); elements of good practices found in the Deloitte-based Texas A&M System IT Governance and Collaboration Framework; and the TAMU System Internal Audit recommendations on ITG. Their external research sources included ITIL version 3, Control Objectives for Information Technology (COBIT) version 5, ISO 38500, the Governance of Enterprise IT (GEIT) framework, an ITG book by Peter Weill and Jeanne Ross, and the EDUCAUSE IT Governance, Risk, and Compliance Program.

For benchmarking, the staff members within the task force chose three Vision 2020 peer institutions: the University of Texas at Austin, the University of California, Berkeley, and the University of Washington. They conducted telephone conferences with each institution to examine their structure, lessons learned, and plans for improving their existing structure. They used this information to design the first ITG framework, which they submitted to the faculty members for review.

The faculty members within the task force closely analyzed the proposed framework and offered dozens of suggestions for improving faculty input. They also provided additional research sources and suggested corrections to produce a more scholarly document. The staff members then incorporated the additional research and suggestions for improvement into the framework.

Stakeholder Involvement

The task force presented the improved framework to the project sponsors, the VP for IT and the VP for Academic Services. In their presentation, they explicitly highlighted faculty suggestions to make the sponsors aware of the faculty's perspective and to provide further insight into the need for diversity among ITG representatives. The sponsors then directed additional framework changes, which staff members incorporated into the document.

Next, the task force formally invited key faculty, staff, and student leaders from across the campus to attend a three-hour workshop to review the framework in detail. During the event, leaders were given specific ITG committees to review and asked to discuss their respective mandates, members, input sources, decision-making purview, and meeting cadences. The staff then collected feedback from all participants and aggregated it into a single document to avoid duplication.

A lesson learned from this event was related to the use of an input and decision-making table to highlight the specific areas of individual committees. Several participants focused on this document, which outlined who should have decision rights over specific topics, some of which were potentially controversial. While participant feedback on the document was certainly desired, the focus on particular topics severely limited participants from reviewing the entire structure and thus limited their feedback. The task force realized that it would have been better to either present the input and decision-making table separately at the end of the event or present the information in a different format that encouraged a more holistic framework review.

In parallel with the workshop, the staff distributed a university-wide survey to all faculty, staff, and students asking for input on the new ITG framework. The survey received more than 200 responses, and each suggestion (tendered from an open-text response) was aggregated into a document. The suggestions from the workshop and survey were then coalesced, and duplicate suggestions were removed. The survey responses resulted in 47 unique suggestions for changes to the framework. The staff presented the recommendations to the sponsors in a private working session. Each decision associated with the recommendations was then documented for public review.

Final Approval and Launch

The sponsors delivered the resulting framework to TAMU's president; following a presidential review process, the new ITG framework was approved and announced to the university in June 2017. The task force published the document suggestions and corresponding sponsor decisions on a university website for three months, along with a communication to the university announcing the changes. This enabled transparency in the process of incorporating framework changes and showed the university that the sponsors truly valued their input, considered the suggestions, and offered a rational, consistent approach to all proposed suggestions.

The ITG Framework

The new ITG framework establishes ITG as

…the assurance that Information Technology aligns with the outcomes required by the University for successful fulfillment of its mission. It ensures that appropriate decision-making activities (prioritization and funding) are done in concert with the University's strategic priorities while taking into account input from a broad base of stakeholders.

The framework includes definitions for various governance bodies, including task forces, stakeholder steering groups, communities of practice, committees, and councils. These definitions recognize existing ITG bodies across the campus and highlight their role in the new ITG framework. This communicates to the university that the framework complements existing governance structures while also addressing formal gaps in the existing input and decision-making processes.

The ITG framework includes five base committees:

• Architecture & Infrastructure Committee (AIC),
• Enterprise Applications Committee (EAC),
• Information Risk, Policy, & Security Committee (IRPSC),
• Research & Innovative Technologies Committee (RITC), and
• Teaching and Transformational Learning Technologies Committee (TTLTC).

Each committee includes diverse representation while also respecting subject-matter experts in that domain. For example, the RITC is composed of research faculty; the TTLTC of teaching faculty; the EAC of staff administrators and IT leaders, and so on. Each base committee reports to the Strategic IT Committee (SITC), which sets the overall direction for the committees and comprises executive leaders such as deans, VPs, and faculty leaders. The highest governance body, the Executive IT Council, comprises the university president, provost, chief financial officer, VP for IT/CIO, and the VP for Academic Services.

Mission, Purpose, and Responsibilities

The ITG framework includes the following formal statements:

Mission Statement

Ensure holistic alignment of IT resources and services university-wide to support the mission of the university, while becoming more efficient and effective in the focus of attention and time on activities that achieve shared priorities in a decentralized organizational structure.

Purpose Statement

IT Governance at Texas A&M is the essential foundation for a shared IT vision that is agile and responsive. Allowing the entire university Information Technology community to unite on common goals that will serve the university, state, and the citizens of Texas.

Statement of Responsibilities

The responsibility of a shared IT vision belongs to all clients, decision makers, and stewards of IT services across Texas A&M University. It is this shared responsibility that is reflected in the ITG framework, to facilitate a common, thoughtful consideration of the overall needs of the university community. ITG stewards the shared responsibility of the overall governance of IT initiatives across the Academic, Administrative, Research, and Technical domains.

Framework Values

The framework has three key goals: Be open to multiple perspectives, recognize that TAMU's executive leaders drive IT's overall effectiveness, and respect the uniqueness of the university's organizational culture.

We embodied these goals in five values—transparency, accountability, collaboration, stewardship, and agility—that drive confidence in ITG.

Value 1. We value transparency by providing information about IT decisions to all stakeholders, offering clear information on the process for funding and decision-making and holding strategic dialogue with the appropriate stakeholders at various university levels.

Value 2. We value accountability by acknowledging that IT is accountable to the governing groups for IT decisions and will subsequently implement and execute decisions in a timely manner. Accountability is further exemplified by providing feedback, updates, and reports on ITG outcomes to all appropriate stakeholders.

Value 3. We value stewardship by assuring stakeholders that IT leadership is efficiently and responsibly using IT resources in the best interest of the university, its stakeholders, and members of the extended TAMU community.

Value 4. We value collaboration in dialogue and decision-making by ensuring that multiple perspectives inform IT decisions. We also emphasize teamwork, implementing projects across divisions to ensure greater impact and utilization.

Value 5. We value agility by continually improving the ITG framework, adapting and adjusting its services so that we can continue to succeed in the rapidly changing, ambiguous, and dynamic environment of higher education.

ITG Program Initiation

Establishing the ITG program was as complicated as developing the framework. During the benchmarking process, the task force realized it needed high-quality appointees to ensure that the committees produced good and useful work. To accomplish this, the VP for IT sought to appoint key leaders from across the campus, including the provost, VP for Academic Services, and leaders of various governance bodies such as the Faculty Senate, Staff Council, and Student Government.

Identifying candidates for appointments, soliciting their appointments, and waiting for them to accept required approximately six weeks. To establish the ITG program, it was important that the VP for IT directly requested the appointments to increase the likelihood of participation.

To advance the enculturation process, we planned a large-scale kickoff event for September 2017 that brought together all appointees to initiate the governance bodies. The event included guest speakers from external groups, a keynote by the VP for IT, and a presentation of the task force's research effort. The event was formal and professionally catered, and it was broadcast via television across TAMU and its branch campuses. The event's formality and obvious importance set the tone for ITG appointees and the work needed from them in the year ahead.

Within a month of the event, all ITG committees began to meet. The VP of IT attended each committee's kickoff meeting, where we onboarded appointees and explained the goal of and expectations for the committee. The committees then began strategic planning by conducting a current-state analysis of issues that were within their respective domains. Each committee used the nominal group technique to select and prioritize objectives for their first year of service; at that point, the committees were formally established.

Lessons Learned

Establishing ITG at TAMU offered numerous lessons learned that can help other institutions seeking to launch their own governance programs.

Developing Policy

The IRPSC was charged with reviewing and proposing IT standard administrative procedures, security controls, and rules. However, we had no process for facilitating this. Further, creating such a process would require integrating and changing existing processes managed by a policy development team embedded in a central IT organization; policy development processes embedded in an existing IT committee; and decision-making processes used by the CIO and chief information security officer (CISO).

However, without such efforts—and despite IRPSC's existence and authority—policy development would continue to occur outside the committee. We therefore had to launch a detailed process analysis, holding discussions with the impacted groups and with the CIO and CISO, and then design an integrated process. As a result, the IRPSC was delayed in exercising policy review for ten months following the launch of ITG.

Our advice is to design critical processes into the framework during framework development rather than waiting until the framework is launched. If you cannot do this, use the first three to six months of the ITG program to establish critical processes across the committees rather than conducting a strategic planning exercise.

Defining Key Terms

In the EAC, we did not define the term enterprise with respect to a service. Because it is a key term that implies the committee's authority over some services but not others, the committee spent several months and meetings debating what enterprise means.

The lesson learned here is to include a clear set of examples for each committee that help members understand the scope and purview of their charge. In this case, we should have included benchmarking enterprise and common-good services in the original benchmarking discussions with peer institutions.

Staffing Considerations

The larger the institution, the broader the ITG program's scope, and the higher the number of committees, the more complex it is to manage the ITG program. Initially, only part of one full-time employee's time was devoted to our program. Over time, it became clear that we needed at least one FTE to manage the program and integrate the topics and needs from across the committees through their chairpersons. The committees also require significant support in researching, analyzing, and developing reports for the committees, as well as in managing their task forces and subcommittees.

The lesson learned is to ensure that the ITG program has dedicated staffing and the underlying tools needed to manage the scheduling, voting, documents, collaboration activities, research, analysis, surveys, and the like.

Next Steps: Achieving Maturity

The most difficult components of organizational change associated with the ITG framework will require more time to implement. Documenting something in a framework is one thing; making it a reality through organizational practice and enculturation is an entirely different effort.

Strategic IT Budget

In the ITG program's second year, we will develop a new process and subcommittee to improve the cohesiveness of the IT budgeting process. Although this was referenced in the SITC charter, we have to create the actual process. The intended outcome is to reduce duplicative IT spending, increase collaboration between IT departments around services and projects central to TAMU's mission, and provide leaders at the Executive IT Council with the requisite data and research they need to support their budgetary decision-making process.

Enterprise Service Definition and Categorization of Services

As we noted in the lessons learned, the EAC will define enterprise services and categorize those services to clarify the scope of their charge. The resulting process will outline funding requests, changes to enterprise services, retirement of enterprise services, and acquisition of new enterprise services.

Organizational Behavior

In keeping with the ITG definition, a key program objective is to truly align IT to TAMU's mission. This will require reducing managerial opportunism in both decentralized and centralized IT to ensure greater collaboration across shared services and enterprise projects, as well as greater compliance with university and university system mandates.

Our goal is to improve ITG committee processes so that issues route through the program in an efficient way, enabling responsiveness to the rapid pace of demands on IT. TAMU community members must be able to see that ITG produces results through funding, decisions, policy, and organizational change if the program is to be effective in the long term.

A secondary goal is to have ITG members and stakeholders recognize the value produced by changing how IT is governed. This value includes effective funding models, clear decision-making activities, and transparent policy development; it also involves potential organizational change to ensure long-term program efficacy. Ultimately, enculturation of the ITG program into the institution's long-term strategic approach will help guide the program and allow it to mature and adapt to TAMU's changing needs.

---

Juan Garza is Assistant Vice President of Academic IT Services at Texas A&M University.

Joshua Kissee is Chief of Staff to the VP for IT and CIO at Texas A&M University.