Marc Dowd
Marc Dowd (Principal, European Client Advisory)

Think Talk Summary October 2022

We were delighted to host the IDC Digital Leadership Think Talk on 27th October.  Around 30 digital leaders from across Europe joined the call to share their challenges, successes and experiences of how governance is organised in their organisation and how that needs to change

Marc Dowd and Tracy Keeling from the IDC Executive Advisory team led the discussions.

Marc Dowd opened the call by asking whether current governance structures really are fit for purpose and whether the new environment with high instability and rapid change means one needs to make changes.    Examples were new facets such as API, IoT and data governance that are expanding becoming recognized as business issues, not just IT issues, that consequently need to be addressed under the governance structures and processes of any organisation.

The Digital Leadership Community members who were taking part discussed the question. One spoke about how it was more difficult to ensure you have factored in the risk across the organisation of missing an API which could lead to business losses if the correct governance hadn’t been applied and it led to data loss in the live environment.

Building an Agile Pervasive Governance Structure

The peer group meeting went on to discuss whether the CIO’s knew they had their delivery processes right or whether they needed to make changes to adapt to the new pervasive governance model.  One leader responded that they had pushed governance into individual responsibility across the organisation and away from the standard change board structure.  They went on to talk about how the business leaders asked for what they wanted without business cases, and it then became their responsibility to push the process through once the money had been granted after requesting it from the CIO.  This model was seen is more unusual as it was a marked change from the standard governance boards or periodic reviews for changes using the Agile methodology.

What Does It All Cost?

Another CIO Executive advisor, Tracy Keeling, spoke of where she had worked as a Delivery Director for a client that did not do adaptive governance.  One of the project managers costed a project to put one server into a data centre and that governance was 65% of the budget. The client had no mechanism to adapt from producing everything required in a standard transformation, to a cut down version for less complex and lower risk deliveries.  


A participant on the call spoke about whether that level of governance was actually valid.   He focused on the risk aspect and what the client was trying to achieve. An example was that the new server may have contained secured documents which could have incurred large financial penalties should the data be lost and, in this case, it would have justified the much increased cost to deliver.

The Starting Point and Monitoring

The conversation moved on to how you know what can be achieved with the governance model you have and what you would do differently if you could build this from scratch.   A leader talked about how you should build your governance around the industry regulation and legal requirements such as GDPR to prevent data loss and financial penalties which could result from not enough governance and something critical not receiving adequate scrutiny before go live.  This received widespread agreement from the call participants with an example given of how their company in the insurance industry did this.

The discussion moved to metrics to monitor the effectiveness of Governane vs. risk and areas that can be improved.  It was suggested that this may be around KPI’s such as “right first time” versus “rework” in a waterfall context versus “Agile sprint completion” or unexpected additions to the backlog. 

Governance for Partners

We spoke about the governance of partners in a vendor context.   The question was asked, how do you decide whether you are going to deal with a particular company.  How did you make the decision whether your processes and systems are good enough to want to contract with them and create that partnership. 

A CIO responded that they had put in a path to a governance framework for running an ecosystem partnership and keeping that level of governance.  They spoke about new levels of partner governance that is about the sustainability agenda. Also about how well they are doing against the expectation for large scale vendors such as those who sell hosting to be making an effort as in IT. They focused onmthe levels of energy consumption used to run IT systems an area which is increasingly important for most.

Right People, Right Guidance, Right Time

Marc posed the question, “Given the importance of IT in the future of your organisation are the right people involved in your Governance processes?”  This provoked an interesting discussion around the structure.  Some participants had traditional waterfall delivery with standard governance boards we all recognise, but Marc posed the question of whether IT should just be an orchestrator and an advisor to the people making those decisions elsewhere.

There was a discussion about the risks of allowing the business to be bombarded by sales calls and allow them to buy what they want without the expert advice of IT.   A CIO talked about the need to let people know that the IT expertise was there to guide them and the value from ensuring that they didn’t look at what had been purchased after the fact and wonder what the rationale was and how they were going to support it. 

There are different levels of consequence depending on the type of organisation. In some the wrong decision wouldn’t be a risk and had a smaller impact but in another could create a life and death situation because of the data loss should it go wrong.  All organisations will have varying levels of consequence if decisions are not taken as expected and governance should control that risk appropriately.

Another participant said they started with an internal audit and then look to see the risks for the rest of the company. They then placed the constraints in place to enable some freedom to be given to teams, but essential governance wrapped around the areas which could cause the most impact if it went wrong.  

An example given was around information security management and the associated reputational damage and potential fines. They then factored in the bottlenecks where governance might cause frustration and encourage Shadow IT. They used this approach to try to address governance and being a good corporate citizen to encourage compliance.

There were many other examples of good practice in a surprising variety of configurations of Governance.

The conversation closed with the two Advisors, Marc Dowd and Tracy Keeling thanking the participants for their contributions and the next call is planned for Thursday 24th November on process discovery tools.

The IDC CIO Advisory team would like to thank everyone who came to the call for their input. It is always inspiring to hear from those working with Governance challenges across the business. We hope this session was valuable and provided many takeaways for you.


Our next session will look in more detail at: Are Business Process Discovery Tools worth the cost and the effort?

Thursday 24th November 2022 17:00 CET

Every business initiative needs a solid business case. Back in the day when businesses grew by intuition rather than by design there was scope for experimentation and IT had to “catch up” and provide the systems to match the processes that were already in place.

In this session we will look at the rise of tools discover how your organisation actually works and can serve as a template for the changes that should be made to obtain the best business return.

In this session we expect to discuss:

  • The reality of using business process tools,
  • The impact of tools on business agility and successful ROI,
  • The challenges of implementing these tools and the changes they imply to the way the organisation functions.

We hope you will join us.

If you already receive invitations to our sessions, I hope to see you there. If you would like to join this community, please email us at

Spread the love