Stakeholders in IT Governance
On a recent speaking engagement for the Project Management Institute (PMI), where I delivered a presentation on Project Governance, the subject of Stakeholders was a central theme end-to-end. Afterwards, in the Q&A session that followed, Stakeholders moved from being a theme to what can aptly be described as a ‘hot’ topic – and that didn’t surprise me at all. In fact, I almost fully expected it. The reality is that when it comes to any form of Governance, be it Project Governance, Enterprise Governance or Information Technology (IT) Governance, no discussion would be complete without reference to Stakeholders. But ‘Why?” you may ask, “Who are these Stakeholders”, and what is their role and importance in the domain of Governance?
Well, perhaps we should start by establishing who these Stakeholders are. Whilst there is no prescription as to who can be Stakeholders, at a broad level they tend to typically include shareholders, investors, managers, employees, customers, suppliers and other business partners, local communities, organizations, the public and even Government entities. What makes them a Stakeholder, in the context of IT Governance, can best be explained by looking at the definition of a Stakeholder from ISACA (previously known as the Information Systems Audit and Control Association) –
“Anyone, who has a responsibility for, an expectation from, or some other interest in the Enterprise.” (ISACA)
When it comes to IT Governance, ISACA’s COBIT 5, the business framework for the governance and management of Enterprise IT not only defines the Stakeholder but incorporates Stakeholders as a vital and integral component throughout. COBIT 5 is based on five key principles, the first and arguably most important one, being Meeting Stakeholder Needs. This is testament to the essential role of Stakeholders in IT Governance and Management. What COBIT 5 tells us is that Enterprises exist to create value for their stakeholders by maintaining a balance between the realization of benefits, and the optimization of risk and use of resources. And of course, if Enterprises exist to create value for Stakeholders, then it is clear to see why value creation is therefore a primary Governance objective.
But let’s elaborate further on who these Stakeholders are. Organizations do not function purely within their own microcosms or vacuums, but rather operate in internal and external environments simultaneously, be they a standalone local dealer in a small town or a global Enterprise with offices around the world. At the highest level, it therefore makes sense, as COBIT 5 does, to categorize Stakeholders as either Internal or External. Internal Stakeholders are those people within the Enterprise, and include the Board, Chief executive officer (CEO), Chief financial officer (CFO), Chief information officer (CIO), Chief risk officer (CRO), Business executives, Business process owners, Business managers, Risk managers, Security managers, Service managers, Human resource (HR) managers, Internal audit, Privacy officers, IT users, IT managers – to name only a few. External Stakeholders on the other hand, as the name implies, are those with whom the organization interacts outside of the Enterprise, and include Business partners, Suppliers, Shareholders, Regulators, Government, External users, Customers, Standardization organizations, External auditors, Consultants, but by no means is this list exhaustive.
With a multitude of diverse Stakeholders internal and external to the Enterprise, the interpretation of ‘value’ will naturally vary, and each Stakeholder will have their own perspective on what creating value means for them. These varying, and often conflicting, perspectives makes Governance all the more challenging when the primary objective is one of value creation, We all know the saying “you can’t please everyone”, but when it comes to Governance, and in our context IT Governance, the needs of all Stakeholders must be considered when setting Enterprise Goals and IT Goals for the organization, and on a day-to-day basis when making business decisions regarding benefits, risks and resources. This makes the identification, consideration and management of Stakeholders so critical to the success of the Enterprise, and without Governance in place to facilitate negotiation and decision making amongst the value interests of different stakeholders, all the less likely.
With a strong focus on the Governance (and Management) of Enterprise IT, COBIT 5 is adept at marrying Governance and Stakeholder needs into an inclusive framework. As mentioned, the Meeting of Stakeholder Needs is the first of five core principles in COBIT 5, and an integral part of the COBIT 5 Goals Cascade which is essentially a structure for considering the Stakeholder Drivers which influence Stakeholder needs, translating the needs of all Stakeholders into specific, actionable enterprise goals, and then cascading these into the IT goals set for the Enterprise.
Within its Governance domain, of Evaluate Direct Monitor (EDM), such is the criticality of Stakeholders that COBIT 5 has a dedicated process for them – “Ensure Stakeholder Transparency”.
IT Governance does not function in isolation but is a subset of Enterprise or Corporate Governance in the organization, and although the Stakeholders may differ between these, the principle of Meeting Stakeholder Needs and the Governance Objective of creating value are common to both. If the needs of IT Governance Stakeholders are considered and satisfied, and value is being created for them by delivering realizable benefits whilst minimizing risk and optimizing the use of resources – then the IT Goals of the Enterprise are being met. And if the IT Goals are being met, then it follows that these are directly contributing to the achievement of Enterprise Goals, and in doing so satisfying the needs of the Enterprise Governance Stakeholders. From that, it’s crystal clear to see why and how valuable to and for the organization Stakeholders are, and how essential they are in the Governance of Enterprise IT. There is a saying that goes “Love them or loath them, stakeholders can make or break… if you don’t engage with them.” My advice, learn to love all your stakeholders, and when it comes to IT Governance in your organization, you would have made it a whole lot easier!