As part of its five-year strategic IT plan, North Carolina State University committed to improving the design and function of its IT governance, aligning its IT governance processes with the university mission and positioning governance for the impact of digital transformation.
North Carolina State University (NC State) is a public land grant university in the University of North Carolina System. NC State is a doctoral institution with very high research activity. Located in Raleigh, NC State has more than 34,000 students and over 9,000 faculty and staff members. The university has ten academic colleges reporting to the provost, along with six major units in the chancellor's cabinet: external affairs, partnerships and development, finance and administration, general counsel, information technology, research and innovation, and university advancement.
IT is organized in a federated model, with a central Office of Information Technology reporting to the CIO. In addition, we have independent IT units in our academic colleges and libraries, a separate distance education and learning technologies division, and IT units within various centers, institutes, departments, and administrative units.
NC State's university governance consists of the Board of Trustees; the Faculty Senate, Staff Senate, and Student Senate; and our University Council. The University Council consists of the chancellor's cabinet, deans, and student and staff representatives, and includes the vice chancellor for information technology and CIO. In addition, we have many university standing committees and administrative advisory committees covering a variety of areas.
The NC State IT Governance Redesign
In 2014, NC State developed a five-year IT strategic plan through a collaborative process involving stakeholders across the university. The stakeholder community expressed a desire for more effective IT governance. Consequently, one of our key strategic goals was to improve the design and utility of IT governance
When we began work on redesigning IT governance, our goal was to bring IT governance into alignment with the university's mission. Our existing governance process was complex and technology focused, with more than forty committees and subcommittees comprised largely of IT staff at various organizational levels. We reviewed our existing IT governance process to identify its strengths and weaknesses and found several problem areas. There was confusion about committee scope and decision-making authority, as well as deficiencies in communication among the various committees. Subcommittees were making tactical and operational decisions, and strategic issues were not consistently brought forward to governance. However, participants found value in having a forum for communicating with peers and an opportunity to share information about IT issues and initiatives.
Aligning with the Mission
Our updated design shifted from a committee structure based on major technology functions, such as infrastructure and operating systems, to a structure aligned with the university's academic and research mission. This new IT governance model is based on the essential functions of the university and IT. It includes a top-level governance body, the Strategic IT Committee (SITC), which was conceived of as a destination for high-level policy review and discussions about large IT initiatives. Additionally, there are four subcommittees charged with addressing key domains:
- Education
- Research, scholarship, and creativity
- Enterprise business and administration
- User experience
These committees are comprised primarily of stakeholders outside IT, including faculty and decision-makers from the university's academic and business units.
Anticipating Digital Transformation
By including stakeholders outside IT during the design process, we gained a broader perspective into the impact of digital transformation across the university. Interestingly, these stakeholders saw IT governance as having the potential not only to transform the relationship between IT and the rest of the university but also to help prepare the university as a whole for the rapid changes occurring in technology and higher education. They anticipated the potential impacts of digital transformation based on their experiences in their domains—whether teaching, research, or administration—and advocated for a role in helping the university prepare.
We realized that it is not enough to align IT governance with the university's mission. It is necessary to go beyond this and actively engage the university community in making recommendations based on an understanding of how IT and higher education trends intersect. IT needs guidance both on issues of immediate concern and on the strategic impact of forward-looking plans. Through IT governance, we can help align IT with the future of the institution.
Broadening the Scope
To achieve this aspirational vision, we charged our Strategic IT Committee not only to provide policy guidance and review large IT initiatives but also to actively bring forward and communicate strategic issues facing the university. This group has been asked to look at higher education and IT trends and facilitate discussions about emerging opportunities and risks.
We also broadened the scope of the domain committees from our original conceptions. As we considered the strategic role of IT and research, we observed that IT affects much more than scientific computation. Visualization, artificial intelligence, big data, and other technologies impact the scholarly work of faculty members in all disciplines. Enterprise applications go beyond the ERP applications that central IT provides to include important cloud services acquired by non-IT units as well as major campus services developed by distributed IT units. Instructional IT issues encompass more than the learning management system (LMS ) and multimedia in classrooms. Expanding the charges to reflect these realities allows us to build a more inclusive IT governance process that better aligns us with the university's work. By developing this wider engagement, IT is positioned to respond to emerging needs more effectively.
Separating Strategic and Operational Processes
An aspirational vision is not enough. We must make decisions about the role and goals of IT governance, as well as address the practical matters of committee processes and governance management and review. To achieve this, we assigned governance a strategic role and deliberately separated operational and tactical decision-making from the governance process.
Coincidentally, we have engaged in a project to strengthen our IT service management (ITSM) processes through improving service definition and clarifying service ownership. The timing was good for us to make changes. We took many of the original governance groups and assigned them to one of two roles:
- Service teams: technical staff members who are responsible for the operation of a service. They work under the direction of the service owner, who is accountable for service delivery.
- Advisory teams: functional stakeholders of a service who provide feedback and advice to the service owner regarding functional needs, service performance, and service direction.
On the whole, these changes have been favorably received.
Addressing IT Security Governance and Infrastructure
Originally, we had an information security governance subcommittee that functioned as a stand-alone body and was not well integrated into other committees' work. In our new model for information security governance, we developed an information security advisory group that reviews policy and makes recommendations to the chief information security officer (CISO).
This advisory group is not formally a part of IT governance. However, the CISO is an ex officio voting member of the Strategic IT Committee, and information security staff members are included in the four domain subcommittees either as ex officio members or ad hoc participants.
The other major area that does not fit into our IT governance model is infrastructure. Originally, the infrastructure subcommittee consisted of technical staff and IT managers from various groups that provide infrastructure services, such as operating systems, directory services, storage, and networking. The group acted primarily as a means for technical staff to communicate about infrastructure changes that might affect other technology implementations. Because it is valuable to have those staff members communicate with each other, we are viewing this group as a meta-group that exists independently of IT governance.
Realizing the Vision
We recognize that our aspirational vision cannot be fully realized in an initial implementation. IT governance must be iteratively improved. In an age of digital transformation, it must evolve to stay relevant. We have planned an annual review cycle to assess governance performance, review membership, and plan goals. We will seek a balance between stability and responsiveness to change as we help guide our institution into the future.
Lessons Learned
In the process of improving the design and capabilities of our IT governance, we learned some key lessons that may be useful to other institutions considering similar changes.
Include a Variety of Stakeholders
When designing IT governance, it is important to include non-IT stakeholders with a broad understanding of the university's major functions. In our case, these stakeholders included leaders from our internal audit, finance and administration, and general counsel units, as well as college research administration and tenured and non-tenure-track faculty.
Further, including IT units outside central IT helped us design the process in a way that both supports collaboration and is viewed as credible by the IT community. Finally, it is important to ensure that IT governance participants are at the right organizational level to make the decisions and recommendations on matters before them.
Tap Institutional Expertise
We found a faculty member in our Poole College of Management with expertise in risk management who offered a helpful perspective on our design team. It was particularly valuable that this faculty member had an understanding of how governance processes work.
We suggest that institutions look to their business schools, public administration programs, leadership programs, industrial and organizational psychology programs, and other areas to tap institutional expertise when designing IT governance.
Faculty involvement in implementation planning is important. Our team benefited from the inclusion of teaching faculty, a research associate dean, and an assistant vice provost.
Manage the Process
IT governance requires dedicated staff resources—such as a governance officer—to take on duties beyond clerical tasks. Keeping members engaged requires the curation of meaningful agendas. In our case, we proposed that every agenda item be a question for discussion or decision in order to engage governance participants more effectively.
Further, the governance officer must engage with the chairs and the larger university community to ensure that relevant issues make it to the agendas. Other key process issues include
- ensuring effective and consistent business processes to establish credibility, and
- offering regular training for chairs and participants to set expectations and ensure a common understanding of purpose.
Keep the Mechanics Simple
The credibility of IT governance depends on transparency and consistency. Agendas must be communicated consistently in advance, and decisions must be documented and communicated on a regular schedule. It is also important to minimize the complexity of the IT governance process, from the IT governance committee's structure to the methods for publishing minutes.
Getting faculty and decision makers to the table is critical, so clerical work must be shifted to staff members. It also must be clear to all stakeholders at the institution when and how they can bring IT ideas, projects, initiatives, and policies to IT governance. In our case, we created a simple one-page scorecard to help managers decide when an idea or decision should be reviewed by governance. The scorecard asks them about the possible impacts of the idea or project for users, business processes, security, financial resources, and IT strategy.
Change the Culture
Proposals must be brought forward before final decisions have been made by IT management, which can be a major cultural shift for IT. However, this approach yields benefits for IT, including building buy-in for proposals and ensuring their alignment with the needs of stakeholders and the strategic direction of the institution.
IT governance must become socialized and communicated across the institution, not just in the IT community. Non-IT units are able to easily purchase IT services from cloud providers without IT involvement, so it is important that they know where to take these needs and plans.
Finally, creating and publicizing these channels takes effort, and widespread buy-in for utilizing IT governance does not happen overnight. Good governance is iterative: the success of IT governance depends on continuous review and regular improvement.
Learn More
The NC State website offers a detailed description of our IT governance redesign, as well as more information on how we integrated information security throughout our new IT governance model.
This article is part of a set of enterprise IT resources exploring the role of digital transformation through the lens of governance and relationship management. Visit the Enterprise IT Program to find resources focused on digital transformation through the additional lenses of technology strategy, understanding and defining costs and funding, business process management, and analytics and business intelligence.
Debbie Carraway is Director of Information Technology in the College of Sciences at North Carolina State University.
Marc Hoit is Vice Chancellor for Information Technology and Chief Information Officer at North Carolina State University.
© 2019 Debbie Carraway and Marc Hoit. The text of this work is licensed under a Creative Commons BY-NC 4.0 International License.